« previous next »
Pages: 1 [2] 3

Author Topic: sound issues  (Read 1584 times)

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #20 on: August 31, 2007, 11:10:12 PM »
nah i just completely dont have sound at all, thats how i know my laptop speakers arent gone... cause if they were the issue id have sound out of my external speakers or my headphones, but i just dont have anything at all so i suppose its a missing file or setting somewhere that got changed when any of my programs updated.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #21 on: September 01, 2007, 01:02:06 AM »
Quote
have you tried downloading the latest Sound drivers from IBM Supportpage
Zimzim gives some good advice, now that we have your exact model of computer
Have you gone to IBM and done the following?\

Uninstall your sound drivers then reinstalled?

Download your latest sound drivers
Uninstall yours from add/remove >> Soundmax
Reboot then install the ones from IBM site
Sorry, I would direct link you but I'm having problems accessing the site right now  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #22 on: September 02, 2007, 10:20:49 AM »
I can access the site again
This should be the link to your driver
http://www-307.ibm.com/pc/support/site.wss...ocid=MIGR-58599
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #23 on: September 03, 2007, 09:04:39 PM »
my sound problem is allset... but i have been wanting to ask you a question, id like to know if its possible to overclock my graphics card in order to get more out of it, either that or more speed out of my hard driver, any help would be appreciated
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #24 on: September 04, 2007, 11:44:12 AM »
Most laptops run at 5400rpm, I think the Thinkpad T43 runs at 7200RPM
So that is good
Laptops aren't great gaming boxes, if that's what your after, except for maybe Alienware

There are overclocking utilities for video cards, I would check with OC forums
Here's one, but I would be very careful, heat factor and all
http://www.techpowerup.com/atitool/
Use at your own risk!!
More info
http://atitool.techpowerup.com/wiki

Of course, if you can add more RAM to the computer would be good
« Last Edit: September 04, 2007, 11:53:00 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #25 on: September 04, 2007, 12:19:37 PM »
only issue is that i have in integrated Intel graphics card, also i didnt think it was possible to add more RAM to a thinkpad.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #26 on: September 04, 2007, 12:37:15 PM »
Quote
only issue is that i have in integrated Intel graphics card
Well there you go, you know more about your system then I, I thought it came with either ATI or Nvidia graphics

Quote
also i didnt think it was possible to add more RAM to a thinkpad
It really depends, when you ordered it, did you max it out?
How much RAM do you have now?
You can find your max here, you'll have to choose the series that applies
http://www.memoryx.net/thinkpadt43.html
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #27 on: September 06, 2007, 01:02:20 PM »
my computer has been acting up though... can you take a look please?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:39 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)

--
End of file - 5593 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #28 on: September 06, 2007, 07:08:03 PM »
Things were looking good earlier, but you picked up an infection

Can you do the following
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back combofix log along with a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #29 on: September 06, 2007, 09:22:11 PM »
ComboFix 07-08-30.3 - "Colin Thorner" 2007-09-06 22:10:14.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.124 [GMT -4:00]
 * Created a new restore point


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\byxxyay.dll
C:\WINDOWS\system32\nsz3A1.dll
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\ssqpo.dll


(((((((((((((((((((((((((   Files Created from 2007-08-07 to 2007-09-07  )))))))))))))))))))))))))))))))


2007-09-06 22:07   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-04 20:57   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\InterVideo
2007-09-03 21:00   172,032   --a------   C:\WINDOWS\system32\igfxres.dll
2007-09-03 20:56   <DIR>   d--------   C:\Program Files\PowerStrip
2007-09-03 20:52   55,592   --a------   C:\WINDOWS\system32\adssite-remove.exe
2007-09-03 20:52   39,881   --a------   C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-03 20:32   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Ventrilo
2007-09-03 20:08   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-09-03 19:54   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-03 19:49   <DIR>   dr-h-----   C:\MSOCache
2007-09-03 19:46   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2007-09-03 19:34   <DIR>   d--------   C:\Program Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\Program Files\Common Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Real
2007-09-03 19:32   <DIR>   d--------   C:\Program Files\VideoLAN
2007-09-03 19:30   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-03 19:30   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-09-03 19:15   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-09-03 19:14   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\Incomplete
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\LimeWire
2007-09-03 18:52   <DIR>   d--------   C:\Program Files\EndItAll
2007-09-03 18:42   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\WinRAR
2007-09-03 18:37   <DIR>   d--------   C:\Program Files\mIRC
2007-09-03 18:37   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\mIRC
2007-09-03 18:31   <DIR>   d--------   C:\Program Files\LimeWire
2007-09-03 18:30   <DIR>   d--------   C:\Program Files\PokerStars
2007-09-03 17:43   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Apple Computer
2007-09-03 17:42   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iTunes
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iPod
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-03 17:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-03 17:39   <DIR>   d--------   C:\Program Files\QuickTime
2007-09-03 17:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 17:38   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 17:35   23,040   ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-03 17:35   16,896   ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-03 17:35   128,896   ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-03 17:33   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-09-03 17:28   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 17:17   1,156   --a------   C:\WINDOWS\mozver.dat
2007-09-03 17:10   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\acccore
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-03 17:08   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2007-09-03 17:04   <DIR>   d--------   C:\Program Files\Viewpoint
2007-09-03 17:04   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\AIM6
2007-09-03 17:02   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-09-03 17:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-03 16:59   335   --a------   C:\WINDOWS\nsreg.dat
2007-09-03 16:50   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Symantec
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Sonic
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\IBM
2007-09-03 16:37   <DIR>      C:\RRUbackups
2007-09-03 16:24   <DIR>   d--hs----   C:\Recycled
2007-09-03 16:23   4,442   --a------   C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-09-03 16:23   16,384   --a------   C:\WINDOWS\PWMBTHLP.EXE
2007-09-03 16:19   77,824   --a------   C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-09-03 16:19   28,672   --a------   C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-09-03 16:19   139,264   --a------   C:\WINDOWS\system32\JavaAccessBridge.dll
2007-09-03 16:18   86,016   --a------   C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-09-03 16:18   77,824   --a------   C:\WINDOWS\system32\QCONSVC.EXE
2007-09-03 16:18   65,536   --a------   C:\WINDOWS\system32\ProgressTrace.dll
2007-09-03 16:18   577,536   --a------   C:\WINDOWS\system32\tvt_gina.dll
2007-09-03 16:18   282,624   --a------   C:\WINDOWS\system32\tvt_gina_api.dll
2007-09-03 16:18   262,144   --a------   C:\WINDOWS\system32\QConGina.dll
2007-09-03 16:18   2,432   --a------   C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2007-09-03 16:18   12,288   --a------   C:\WINDOWS\system32\drivers\qcndisif.sys
2007-09-03 16:18   11,520   --a------   C:\WINDOWS\system32\drivers\ANC.sys
2007-09-03 16:18   <DIR>   d--------   C:\Program Files\PC-Doctor for Windows
2007-09-03 16:16   32,256   --a------   C:\WINDOWS\system32\drivers\psasrv.exe
2007-09-03 16:16   13,184   --a------   C:\WINDOWS\system32\drivers\psadd.sys
2007-09-03 16:16   <DIR>   d--------   C:\IBMSHARE
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-03 16:12   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2007-09-03 16:12   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2007-09-03 16:12   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2007-09-03 16:12   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2007-09-03 16:12   <DIR>   d--------   C:\Program Files\InterVideo
2007-09-03 16:12   <DIR>   d--------   C:\icons
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\IBM DLA
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\Common Files\Sonic
2007-09-03 16:11   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ibm
2007-09-03 16:11   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-09-03 16:10   <DIR>   d--------   C:\WINDOWS\system32\thinkpad_features
2007-09-03 16:10   <DIR>   d--------   C:\Program Files\Sonic
2007-09-03 16:10   <DIR>   d--------   C:\Program Files\IBM RecordNow!


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-03 16:39   47   --a------   C:\WINDOWS\system32\drivers\IBM_1871_C1U.MRK
2007-09-03 15:59   0   -rah-----   C:\WINDOWS\system32\drivers\IBM_1871_C1U_TP.MRK
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 22:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
2007-07-14 21:37   27992   --a------   C:\WINDOWS\system32\drivers\pstrip.sys
2007-06-26 22:10   317440   --a------   C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 11:13   851968   ---------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35   665600   ---------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08   1104896   ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:37   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:37   282112   ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-15 04:12   96256   ---------   C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:12   616960   ---------   C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:12   55808   ---------   C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:12   532480   ---------   C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:12   474112   ---------   C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:12   449024   ---------   C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:12   39424   ---------   C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:12   357888   ---------   C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:12   3064320   ---------   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:12   251904   ---------   C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:12   205824   ---------   C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:12   16384   ---------   C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:12   151040   ---------   C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:12   1498112   ---------   C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:12   146432   ---------   C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:12   1054208   ---------   C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:12   1022976   ---------   C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 06:32   18432   ---------   C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 06:23   1033216   --a------   C:\WINDOWS\explorer.exe
2007-06-13 06:23   1033216   ---------   C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-11 23:51   10834944   --a------   C:\WINDOWS\system32\dllcache\wmp.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-08-21 07:50   61440   --a------   C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-03 17:23]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-08-21 07:50]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 05:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-09-03 14:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 06:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpo
"Notification Packages"= scecli pwdmon

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"=
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe
"UC_SMB"=
"TpShocks"=TpShocks.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
"TP4EX"=tp4ex.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS


Contents of the \'Scheduled Tasks\' folder
2007-09-06 19:57:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-07 02:18:45 C:\WINDOWS\Tasks\PMTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-06 22:18:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-06 22:20:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-06 22:20

   --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:48 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\Rundll32.exe
C:\program files\powerstrip\pstrip.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonadz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'LOCAL SERVICE\')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'NETWORK SERVICE\')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'SYSTEM\')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User \'Default user\')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra \'Tools\' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)

--
End of file - 6386 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #30 on: September 06, 2007, 09:31:09 PM »
We have more to do, but before we carry forward, can I see one more log

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #31 on: September 06, 2007, 10:25:57 PM »
Access IBM
Adobe Reader 8.1.0
Adssite Browser Optimizer
AIM 6
Apple Mobile Device Support
Apple Software Update
AVG 7.5
Combined Community Codec Pack 2007-07-22
Condition Zero
Condition Zero Deleted Scenes
Counter-Strike
Day of Defeat
End It All
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM SATA Power Management Driver
IBM Themes
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Power Manager
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM Update Connector
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD
iTunes
Java(tm) 6 Update 2
LimeWire PRO 4.12.11
mCore
mDriver
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
mMHouse
Mozilla Firefox (2.0.0.6)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
PC-Doctor for Windows
PokerStars
PowerStrip 3 (remove only)
QuickTime
RealPlayer
Rightonadz Browser Optimizer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Sonic Update Manager
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
vitalsource KEY 3
Wallpapers
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #32 on: September 06, 2007, 10:41:35 PM »
Can you do the following
Close down your browser

Then access your add/remove programs and remove
Adssite Browser Optimizer
Rightonadz Browser Optimizer

I also suggest that you uninstall
Viewpoint Media Player

Reboot your computer

Back in Windows, can you run Combofix again and post a fresh log
Also post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #33 on: September 17, 2007, 03:38:35 PM »
sorry its taken me so long but ive had a lot of stuff to take care of in my life... heres the log though

ComboFix 07-09-17.2 - "Colin Thorner" 2007-09-17 16:33:10.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.78 [GMT -4:00]
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-08-17 to 2007-09-17  )))))))))))))))))))))))))))))))
.

2007-09-16 01:21   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-09-12 06:46   62,464   --a------   C:\WINDOWS\system32\gzmrotate.dll
2007-09-11 01:07   <DIR>   d--------   C:\Program Files\iPod
2007-09-08 08:52   <DIR>   d--------   C:\Program Files\Common Files\Nullsoft
2007-09-08 08:51   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\AIM
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-06 22:07   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-04 20:57   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\InterVideo
2007-09-03 21:00   172,032   --a------   C:\WINDOWS\system32\igfxres.dll
2007-09-03 20:56   <DIR>   d--------   C:\Program Files\PowerStrip
2007-09-03 20:52   55,592   --a------   C:\WINDOWS\system32\adssite-remove.exe
2007-09-03 20:52   40,315   --a------   C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-03 20:32   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Ventrilo
2007-09-03 20:08   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-09-03 19:54   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-03 19:49   <DIR>   dr-h-----   C:\MSOCache
2007-09-03 19:46   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2007-09-03 19:34   <DIR>   d--------   C:\Program Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\Program Files\Common Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Real
2007-09-03 19:32   <DIR>   d--------   C:\Program Files\VideoLAN
2007-09-03 19:30   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-03 19:30   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-09-03 19:15   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-09-03 19:14   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\Incomplete
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\LimeWire
2007-09-03 18:52   <DIR>   d--------   C:\Program Files\EndItAll
2007-09-03 18:42   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\WinRAR
2007-09-03 18:37   <DIR>   d--------   C:\Program Files\mIRC
2007-09-03 18:37   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\mIRC
2007-09-03 18:31   <DIR>   d--------   C:\Program Files\LimeWire
2007-09-03 18:30   <DIR>   d--------   C:\Program Files\PokerStars
2007-09-03 17:43   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Apple Computer
2007-09-03 17:42   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iTunes
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-03 17:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-03 17:39   <DIR>   d--------   C:\Program Files\QuickTime
2007-09-03 17:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 17:38   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 17:35   23,040   ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-03 17:35   16,896   ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-03 17:35   128,896   ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-03 17:33   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-09-03 17:28   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 17:17   1,156   --a------   C:\WINDOWS\mozver.dat
2007-09-03 17:10   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\acccore
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-03 17:08   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2007-09-03 17:04   <DIR>   d--------   C:\Program Files\Viewpoint
2007-09-03 17:04   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\AIM6
2007-09-03 17:02   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-09-03 17:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-03 16:59   335   --a------   C:\WINDOWS\nsreg.dat
2007-09-03 16:50   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Symantec
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Sonic
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\IBM
2007-09-03 16:37   <DIR>      C:\RRUbackups
2007-09-03 16:24   <DIR>   d--hs----   C:\Recycled
2007-09-03 16:23   4,442   --a------   C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-09-03 16:23   16,384   --a------   C:\WINDOWS\PWMBTHLP.EXE
2007-09-03 16:19   77,824   --a------   C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-09-03 16:19   28,672   --a------   C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-09-03 16:19   139,264   --a------   C:\WINDOWS\system32\JavaAccessBridge.dll
2007-09-03 16:18   86,016   --a------   C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-09-03 16:18   77,824   --a------   C:\WINDOWS\system32\QCONSVC.EXE
2007-09-03 16:18   65,536   --a------   C:\WINDOWS\system32\ProgressTrace.dll
2007-09-03 16:18   577,536   --a------   C:\WINDOWS\system32\tvt_gina.dll
2007-09-03 16:18   282,624   --a------   C:\WINDOWS\system32\tvt_gina_api.dll
2007-09-03 16:18   262,144   --a------   C:\WINDOWS\system32\QConGina.dll
2007-09-03 16:18   2,432   --a------   C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2007-09-03 16:18   12,288   --a------   C:\WINDOWS\system32\drivers\qcndisif.sys
2007-09-03 16:18   11,520   --a------   C:\WINDOWS\system32\drivers\ANC.sys
2007-09-03 16:18   <DIR>   d--------   C:\Program Files\PC-Doctor for Windows
2007-09-03 16:16   32,256   --a------   C:\WINDOWS\system32\drivers\psasrv.exe
2007-09-03 16:16   13,184   --a------   C:\WINDOWS\system32\drivers\psadd.sys
2007-09-03 16:16   <DIR>   d--------   C:\IBMSHARE
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-03 16:12   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2007-09-03 16:12   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2007-09-03 16:12   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2007-09-03 16:12   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2007-09-03 16:12   <DIR>   d--------   C:\Program Files\InterVideo
2007-09-03 16:12   <DIR>   d--------   C:\icons
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\IBM DLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-03 16:39   47   --a------   C:\WINDOWS\system32\drivers\IBM_1871_C1U.MRK
2007-09-03 15:59   0   -rah-----   C:\WINDOWS\system32\drivers\IBM_1871_C1U_TP.MRK
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 22:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 22:10   317440   --a------   C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 11:13   851968   ---------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35   665600   ---------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08   1104896   ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:37   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:37   282112   ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-06_221959.00   )))))))))))))))))))))))))))))))))))))))))
.
----a-r            27,136 2007-09-11 04:59:18  C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
----a-r           102,400 2007-09-11 05:07:39  C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w           131,072 2003-02-21 01:43:50  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w            98,304 2006-04-14 02:18:24  C:\WINDOWS\system32\atonecli.dll
----a-w           196,608 2006-04-14 02:18:24  C:\WINDOWS\system32\atonres.dll
----a-w        17,474,680 2007-09-06 02:50:42  C:\WINDOWS\system32\MRT.exe
----a-w           106,496 2003-02-21 02:09:14  C:\WINDOWS\system32\mscories.dll
----a-w           131,072 2006-04-14 02:18:24  C:\WINDOWS\system32\WbxMSAI.dll
----a-w            49,152 2006-04-30 03:34:04  C:\WINDOWS\system32\WbxRMenu.dll
-c--a-w            30,336 2007-09-06 17:28:16  C:\WINDOWS\system32\DRVSTORE\usbaapl_A65621D65F5B7507DD7B22331826547BDD2D206B\usbaapl.sys
.
----a-w            86,528 2005-09-23 11:28:52  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w        16,789,464 2007-08-03 04:34:12  C:\WINDOWS\system32\MRT.exe
----a-w            74,240 2005-09-23 11:28:52  C:\WINDOWS\system32\mscories.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-09-12 06:46   62464   --a------   C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:44]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 05:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 09:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-12 06:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-09-03 14:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 06:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpo
"Notification Packages"= scecli pwdmon

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"=
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe
"UC_SMB"=
"TpShocks"=TpShocks.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
"TP4EX"=tp4ex.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-09-13 17:27:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-17 19:50:24 C:\WINDOWS\Tasks\PMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-17 16:36:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-17 16:37:10
C:\ComboFix-quarantined-files.txt ... 2007-09-17 16:37
C:\ComboFix2.txt ... 2007-09-06 22:20
.
   --- E O F ---
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #34 on: September 18, 2007, 11:06:20 PM »
It's too much of a delay between responses
I need you to do the following
Delete your version of Combofix.exe and it's folder
C:\Combofix

Do this again
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from combofix along with a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #35 on: September 19, 2007, 07:49:19 AM »
combofix log...

ComboFix 07-09-18.4 - "Colin Thorner" 2007-09-19  8:42:29.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.109 [GMT -4:00]
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-08-19 to 2007-09-19  )))))))))))))))))))))))))))))))
.

2007-09-16 01:21   664   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-09-12 06:46   62,464   --a------   C:\WINDOWS\system32\gzmrotate.dll
2007-09-11 01:07   <DIR>   d--------   C:\Program Files\iPod
2007-09-08 08:52   <DIR>   d--------   C:\Program Files\Common Files\Nullsoft
2007-09-08 08:51   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\AIM
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-06 23:01   25,856   --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-06 22:07   51,200   --a------   C:\WINDOWS\nircmd.exe
2007-09-04 20:57   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\InterVideo
2007-09-03 21:00   172,032   --a------   C:\WINDOWS\system32\igfxres.dll
2007-09-03 20:56   <DIR>   d--------   C:\Program Files\PowerStrip
2007-09-03 20:52   55,592   --a------   C:\WINDOWS\system32\adssite-remove.exe
2007-09-03 20:52   40,315   --a------   C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-03 20:32   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Ventrilo
2007-09-03 20:08   17,920   --a------   C:\WINDOWS\system32\mdimon.dll
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft.NET
2007-09-03 19:56   <DIR>   d--------   C:\Program Files\Microsoft ActiveSync
2007-09-03 19:54   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2007-09-03 19:49   <DIR>   dr-h-----   C:\MSOCache
2007-09-03 19:46   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2007-09-03 19:40   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2007-09-03 19:34   <DIR>   d--------   C:\Program Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\Program Files\Common Files\Real
2007-09-03 19:33   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Real
2007-09-03 19:32   <DIR>   d--------   C:\Program Files\VideoLAN
2007-09-03 19:30   118,784   --a------   C:\WINDOWS\system32\MSSTDFMT.DLL
2007-09-03 19:30   <DIR>   d--------   C:\Program Files\SpywareBlaster
2007-09-03 19:15   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2007-09-03 19:14   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-09-03 19:08   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\Incomplete
2007-09-03 18:54   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\LimeWire
2007-09-03 18:52   <DIR>   d--------   C:\Program Files\EndItAll
2007-09-03 18:42   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\WinRAR
2007-09-03 18:37   <DIR>   d--------   C:\Program Files\mIRC
2007-09-03 18:37   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\mIRC
2007-09-03 18:31   <DIR>   d--------   C:\Program Files\LimeWire
2007-09-03 18:30   <DIR>   d--------   C:\Program Files\PokerStars
2007-09-03 17:43   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Apple Computer
2007-09-03 17:42   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\iTunes
2007-09-03 17:42   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-09-03 17:41   <DIR>   d--------   C:\Program Files\Common Files\Apple
2007-09-03 17:39   <DIR>   d--------   C:\Program Files\QuickTime
2007-09-03 17:39   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-03 17:38   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-03 17:35   23,040   ---------   C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-03 17:35   16,896   ---------   C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-03 17:35   128,896   ---------   C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-03 17:33   <DIR>   d--------   C:\Program Files\MSXML 4.0
2007-09-03 17:28   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-03 17:17   1,156   --a------   C:\WINDOWS\mozver.dat
2007-09-03 17:10   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\acccore
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-09-03 17:09   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-03 17:08   <DIR>   d--------   C:\Program Files\Combined Community Codec Pack
2007-09-03 17:04   <DIR>   d--------   C:\Program Files\Viewpoint
2007-09-03 17:04   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\Common Files\AOL
2007-09-03 17:03   <DIR>   d--------   C:\Program Files\AIM6
2007-09-03 17:02   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-09-03 17:02   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-09-03 16:59   335   --a------   C:\WINDOWS\nsreg.dat
2007-09-03 16:50   26,496   --a------   C:\WINDOWS\system32\dllcache\usbstor.sys
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Symantec
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\Sonic
2007-09-03 16:38   <DIR>   d--------   C:\DOCUME~1\COLINT~1\APPLIC~1\IBM
2007-09-03 16:37   <DIR>      C:\RRUbackups
2007-09-03 16:24   <DIR>   d--hs----   C:\Recycled
2007-09-03 16:23   4,442   --a------   C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2007-09-03 16:23   16,384   --a------   C:\WINDOWS\PWMBTHLP.EXE
2007-09-03 16:19   77,824   --a------   C:\WINDOWS\system32\WindowsAccessBridge.dll
2007-09-03 16:19   28,672   --a------   C:\WINDOWS\system32\JAWTAccessBridge.dll
2007-09-03 16:19   139,264   --a------   C:\WINDOWS\system32\JavaAccessBridge.dll
2007-09-03 16:18   86,016   --a------   C:\WINDOWS\system32\PcdrKernelModeServices.dll
2007-09-03 16:18   77,824   --a------   C:\WINDOWS\system32\QCONSVC.EXE
2007-09-03 16:18   65,536   --a------   C:\WINDOWS\system32\ProgressTrace.dll
2007-09-03 16:18   577,536   --a------   C:\WINDOWS\system32\tvt_gina.dll
2007-09-03 16:18   282,624   --a------   C:\WINDOWS\system32\tvt_gina_api.dll
2007-09-03 16:18   262,144   --a------   C:\WINDOWS\system32\QConGina.dll
2007-09-03 16:18   2,432   --a------   C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2007-09-03 16:18   12,288   --a------   C:\WINDOWS\system32\drivers\qcndisif.sys
2007-09-03 16:18   11,520   --a------   C:\WINDOWS\system32\drivers\ANC.sys
2007-09-03 16:18   <DIR>   d--------   C:\Program Files\PC-Doctor for Windows
2007-09-03 16:16   32,256   --a------   C:\WINDOWS\system32\drivers\psasrv.exe
2007-09-03 16:16   13,184   --a------   C:\WINDOWS\system32\drivers\psadd.sys
2007-09-03 16:16   <DIR>   d--------   C:\IBMSHARE
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-03 16:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-09-03 16:12   204,800   --a------   C:\WINDOWS\system32\IVIresizeW7.dll
2007-09-03 16:12   200,704   --a------   C:\WINDOWS\system32\IVIresizeA6.dll
2007-09-03 16:12   20,480   --a------   C:\WINDOWS\system32\IVIresize.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeP6.dll
2007-09-03 16:12   192,512   --a------   C:\WINDOWS\system32\IVIresizeM6.dll
2007-09-03 16:12   188,416   --a------   C:\WINDOWS\system32\IVIresizePX.dll
2007-09-03 16:12   <DIR>   d--------   C:\Program Files\InterVideo
2007-09-03 16:12   <DIR>   d--------   C:\icons
2007-09-03 16:11   <DIR>   d--------   C:\Program Files\IBM DLA

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-03 16:39   47   --a------   C:\WINDOWS\system32\drivers\IBM_1871_C1U.MRK
2007-09-03 15:59   0   -rah-----   C:\WINDOWS\system32\drivers\IBM_1871_C1U_TP.MRK
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 22:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19   549720   --a------   C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19   53080   --a------   C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 22:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19   325976   --a------   C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19   203096   --a------   C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:19   1712984   --a------   C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-30 22:18   33624   --a------   C:\WINDOWS\system32\dllcache\wups.dll
2007-06-26 22:10   317440   --a------   C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 11:13   851968   ---------   C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 10:35   665600   ---------   C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 02:08   1104896   --a------   C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:08   1104896   ---------   C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 09:37   282112   --a------   C:\WINDOWS\system32\gdi32.dll
2007-06-19 09:37   282112   ---------   C:\WINDOWS\system32\dllcache\gdi32.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-06_221959.00   )))))))))))))))))))))))))))))))))))))))))
.
----a-r            27,136 2007-09-11 04:59:18  C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
----a-r           102,400 2007-09-11 05:07:39  C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w           131,072 2003-02-21 01:43:50  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w            98,304 2006-04-14 02:18:24  C:\WINDOWS\system32\atonecli.dll
----a-w           196,608 2006-04-14 02:18:24  C:\WINDOWS\system32\atonres.dll
----a-w        17,474,680 2007-09-06 02:50:42  C:\WINDOWS\system32\MRT.exe
----a-w           106,496 2003-02-21 02:09:14  C:\WINDOWS\system32\mscories.dll
----a-w           131,072 2006-04-14 02:18:24  C:\WINDOWS\system32\WbxMSAI.dll
----a-w            49,152 2006-04-30 03:34:04  C:\WINDOWS\system32\WbxRMenu.dll
-c--a-w            30,336 2007-09-06 17:28:16  C:\WINDOWS\system32\DRVSTORE\usbaapl_A65621D65F5B7507DD7B22331826547BDD2D206B\usbaapl.sys
.
----a-w            86,528 2005-09-23 11:28:52  C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w        16,789,464 2007-08-03 04:34:12  C:\WINDOWS\system32\MRT.exe
----a-w            74,240 2005-09-23 11:28:52  C:\WINDOWS\system32\mscories.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
2007-09-12 06:46   62464   --a------   C:\WINDOWS\system32\gzmrotate.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:44]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 09:47]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 09:47]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 09:46]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 05:35]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 09:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"hid_start"="C:\WINDOWS\system32\gzmrotate.dll" [2007-09-12 06:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-09-03 14:59]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-03-18 06:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2004-08-12 23:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"Aim6"=
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe
"UC_SMB"=
"TpShocks"=TpShocks.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
"TP4EX"=tp4ex.exe
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\pstrip.sys
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-09-13 17:27:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-19 10:55:45 C:\WINDOWS\Tasks\PMTask.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 08:45:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-19  8:48:09
C:\ComboFix-quarantined-files.txt ... 2007-09-19 08:48
.
   --- E O F ---
Logged

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #36 on: September 19, 2007, 07:50:20 AM »
hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:49 AM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Steam\Steam.exe
c:\program files\steam\steamapps\moviegod14\day of defeat\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\ComboFix\NirCmd.cfexe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonadz.biz browser optimizer - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)

--
End of file - 6763 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #37 on: September 19, 2007, 08:09:46 AM »
Were you able to do the following or did you skip it?

Quote
access your add/remove programs and remove
Adssite Browser Optimizer
Rightonadz Browser Optimizer

I also suggest that you uninstall
Viewpoint Media Player
« Last Edit: September 19, 2007, 08:17:12 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Juggernaut

  • Full Member
  • ***
  • Posts: 110
  • Karma: +0/-0
    • View Profile
sound issues
« Reply #38 on: September 19, 2007, 06:09:12 PM »
already took care of that stuff, what's next?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
sound issues
« Reply #39 on: September 19, 2007, 09:18:17 PM »
Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote
File::
C:\WINDOWS\system32\gzmrotate.dll
C:\WINDOWS\system32\adssite-remove.exe
C:\WINDOWS\system32\gzmrot-uninst.exe

Folder::
C:\Program Files\Viewpoint
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hid_start"=-

DirLook::
C:\RRUbackups
Save this as txtfile
CFScript


Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..
I will need to see this log again later

Also do the following please
Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color]
(F-Secure Blacklight)

Double click to run fsbl.exe
    * Accept the user agreement.
    * Click Scan.
    * After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".

Post back ALL the following

1. Post a fresh hijackthis log
2. Post the fresh log from Combofix>>C:\Combofix.txt
3. Post the log from fsbl.exe
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2] 3
« previous next »