Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wave volume mutes itself every 2-3 mins


  • This topic is locked This topic is locked
2 replies to this topic

#1 mangyang

mangyang

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 20 July 2010 - 11:47 PM

Hi, I've been having problems with my sound and i found that my wave volume in the master volume controls have been muting on its own every few minutes and i would have to readjust it back to max. Also, i get these internet explorer popups coming up every so often and sometimes even random sounds (some sort of music or some commercial) playing even when the popups aren't there. On top of that, i hear these clicks while i'm on firefox (like those ones you hear when you're clicking a link on internet explorer). Also, my windows are being deselected on their own. I would be browsing on firefox and then it would turn grey and I'd have to click on it again to start using it again. This happens very frequently (2-3 minutes). I've been having this problem for about five to six days now and i'm not sure what to do. I've read around and some other people have the exact same problem that i have.

I use windows xp and i use firefox as my browser. I found the same problem with one of the user here on the forum and I ran Combofix and it seems that the random sound is gone but my wave volume still mutes itself, the pop ups are still there and I can still hear the clicking sounds before the volume goes mute.
I ran symantec Antivirus but nothing... Please help me....

I'm attaching my combofix report...

ComboFix 10-07-20.01 - Mangyang Jamir 07/20/10 23:43:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1465 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\g2mdlhlpx.exe
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
c:\windows\xpsp1hfm.log

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 03:36 . 2010-07-21 03:36 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-21 02:46 . 2010-07-21 02:46 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-21 02:46 . 2010-07-21 02:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-07-21 02:12 . 2010-07-21 02:12 -------- d-----w- C:\spoolerlogs
2010-07-20 22:22 . 2010-07-20 22:22 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\fewkblpxw
2010-07-20 19:02 . 2010-07-20 19:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-07-20 17:51 . 2010-07-21 03:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-19 21:22 . 2010-07-19 21:22 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\jfnsbkfnn
2010-07-19 16:46 . 2010-07-19 16:46 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\uftmtkrou
2010-07-16 22:49 . 2010-07-21 03:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 22:47 . 2010-07-16 22:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-07-14 18:10 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-30 01:23 . 2010-06-30 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2010-06-30 01:23 . 2010-06-30 01:23 -------- d-----w- c:\program files\AT&T Global Network Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 03:55 . 2009-11-08 14:34 -------- d-----w- c:\program files\c4ebreg
2010-07-21 03:54 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat
2010-07-21 02:50 . 2006-01-24 00:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-20 18:59 . 2006-03-27 21:50 -------- d-----w- c:\program files\WST
2010-07-17 00:40 . 2010-05-08 14:05 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-17 00:40 . 2010-03-28 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-17 00:26 . 2010-07-17 00:26 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-17 00:26 . 2010-07-17 00:26 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-17 00:26 . 2010-03-28 01:55 -------- d-----w- c:\program files\DivX
2010-07-17 00:25 . 2010-07-17 00:25 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-17 00:25 . 2010-07-17 00:25 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-17 00:24 . 2010-03-28 02:04 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-17 00:23 . 2010-03-28 02:04 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-06-30 01:24 . 2009-08-17 16:04 -------- d-----w- c:\program files\AT&T Network Client
2010-06-30 01:23 . 2007-09-05 21:03 -------- d-----w- c:\program files\AT&T Network Client Install
2010-06-14 14:31 . 2005-04-04 17:42 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 05:02 . 2010-03-29 00:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-06-10 02:19 . 2010-06-10 02:19 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-10 02:19 . 2010-06-10 02:19 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-10 02:18 . 2010-06-10 02:18 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-10 02:18 . 2010-06-10 02:18 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-10 02:18 . 2010-06-10 02:18 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-08 15:30 . 2010-06-11 15:25 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\FFExternalAlert.dll
2010-06-08 15:30 . 2010-06-11 15:25 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\RadioWMPCore.dll
2010-06-06 19:28 . 2010-06-06 19:28 -------- d-----w- c:\program files\Google
2010-05-08 14:03 . 2010-05-08 14:03 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-08 14:03 . 2010-05-08 14:03 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-08 14:03 . 2010-05-08 14:03 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-06 10:41 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 05:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40 . 2009-11-14 02:00 133616 ------w- c:\windows\system32\pxafs.dll
2010-04-27 18:40 . 2007-10-10 15:31 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-27 18:40 . 2007-10-10 15:31 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-04-27 18:40 . 2005-04-06 17:05 45648 ----a-w- c:\windows\system32\drivers\PxHelp20.sys
2009-06-04 11:17 . 2010-01-20 15:20 3145728 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-06-04 11:17 . 2010-01-20 15:20 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-06-04 11:17 . 2010-01-20 15:20 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-06-04 11:17 . 2010-01-20 15:20 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2009-03-10 17:28 . 2010-01-20 15:20 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2009-03-10 17:28 . 2010-01-20 15:20 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\progra~1\AT&TNE~2\NetSP.exe" [2009-10-07 87392]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-06 135664]
"SODCPreLoad"="c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe" [2009-07-10 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pmonmh"="c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"stgclean"="c:\sdwork\w32main2.exe" [2010-07-20 309248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 125168]
"Tpam.exe"="c:\program files\ibm\personal communications\tpam.exe" [2009-03-11 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-17 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-17 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-17 925696]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-08-17 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-08-17 208896]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"TpShocks"="TpShocks.exe" [2008-06-06 181536]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-17 60704]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"MyHelpService"="c:\program files\IBM\My Help\workspace\service\delayStart.exe" [2009-03-13 94208]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-07-20 241904]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-02-25 482584]
"ISAMTray"="c:\program files\c4ebreg\isamtray.exe" [2010-02-25 285976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-2-10 604776]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2009-03-11 23:54 49152 ----a-w- c:\windows\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [05/14/08 12:21 PM 19496]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [03/11/09 7:55 PM 40960]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [10/07/09 12:36 PM 263520]
R2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [02/02/10 7:39 AM 240816]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [03/11/09 7:55 PM 70656]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [08/17/09 11:57 AM 94208]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [09/27/06 4:33 PM 116464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [06/08/10 12:49 PM 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [10/29/09 10:18 AM 6400]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [02/02/10 7:38 AM 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [02/02/10 7:38 AM 79944]
S2 artstartsvc;IBM Mobility Client Start Utility;c:\program files\IBM\Mobility Client\artstartsvc.exe [11/04/09 7:01 PM 11264]
S3 csrcmds;csrcmds;c:\program files\IBM\personal communications\csrcmds.exe [03/11/09 7:30 PM 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [03/11/09 7:55 PM 36864]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [02/02/10 7:39 AM 22600]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [02/02/10 7:39 AM 25160]
S3 wcndis;Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys [11/04/09 7:01 PM 8704]
.
Contents of the 'Scheduled Tasks' folder

2010-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1691351279-3156717615-922921402-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-06 21:17]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1691351279-3156717615-922921402-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-06 21:17]

2010-07-21 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-17 11:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://w3.ibm.com/
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/download/standardsoftware/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} - hxxp://uspmunyryeadcp1:8080/qcbin/Spider90.ocx
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2399412&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2399412&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{3ee8d0be-f450-4ef2-97b9-ac2222d14db3}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\IBM\Java50\jre\bin\NPJPI150.dll
FF - plugin: c:\program files\IBM\Java50\jre\bin\npwebscl.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Desktop Macros - c:\program files\Desktop Macros\MacroS.exe
HKLM-Run-PSQLLauncher - c:\program files\Thinkvantage Fingerprint Software\launcher.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-ACNotify - ACNotify.dll
Notify-atmgrtok - atmgrtok.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 23:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,4b,3b,6f,64,12,f1,46,8c,fc,de,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,4b,3b,6f,64,12,f1,46,8c,fc,de,\

[HKEY_USERS\S-1-5-21-1691351279-3156717615-922921402-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,c7,42,e4,24,74,87,47,84,3c,96,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a4,c7,42,e4,24,74,87,47,84,3c,96,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ibm\personal communications\atmgrtok.dll
c:\program files\ibm\personal communications\MILLUTIL.DLL
c:\windows\system32\pcsinst.dll

- - - - - - - > 'explorer.exe'(1916)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\ibm\personal communications\PCS_AGNT.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\TechSmith\Snagit 9\TSCHelp.exe
c:\program files\TechSmith\Snagit 9\SnagPriv.exe
c:\program files\TechSmith\Snagit 9\snagiteditor.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\IBM\My Help\MyHelp.exe
c:\program files\IBM\My Help\jre\bin\myhelpw.exe
.
**************************************************************************
.
Completion time: 2010-07-21 00:05:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 04:05

Pre-Run: 62,478,499,840 bytes free
Post-Run: 62,496,456,704 bytes free

- - End Of File - - 4153E9A17A73A0FA7B5CDB5199289299

Attached Files


Edited by PropagandaPanda, 27 July 2010 - 06:21 PM.


BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 PM

Posted 27 July 2010 - 06:22 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.

It sounds like you have a rootkit in there somewhere. Let's see what we can find.

Download and Run DDS
Please download DDS by sUBs from any of the links below:
DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
With Regards,
The Panda

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 PM

Posted 08 August 2010 - 10:00 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users