1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Odd chirping sound

Discussion in 'Malware and Virus Removal Archive' started by frayedknotarts, 2010/04/05.

  1. 2010/04/05
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    456
    Likes Received:
    4
    [Resolved] Odd chirping sound

    Odd chirping sound (2 @ second) accompanied by activity light on hard drive.

    Not so much a "chirp ", it is a very low-volume sort of "chip" sound repeated twice a second. Coming from computer somewhere inside and started just after I almost got caught by one of those **** "your computer needs immediate anti-virus downloads" troll splash screens.

    Most confusing.


    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Administrator at 21:38:20.07 on Mon 04/05/2010
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2528 [GMT -4:00]

    AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda USB Vaccine\USBVaccine.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\PDF Complete\pdfsty.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Autorun Eater\oldmcdonald.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\PrintKey2000\Printkey2000.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
    C:\Program Files\Autorun Eater\billy.exe
    svchost.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe "
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe "
    mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe "
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\what's~1.lnk - c:\program files\what's my computer doing\WhatsMyComputerDoing.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\VetRedir.dll
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267072623140
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267838780767
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\ql8q5tfq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2006-9-21 120320]
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2006-9-13 3840]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-26 134344]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-26 25160]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 66632]
    R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-12-26 26352]
    R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-12-26 21104]
    R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-12-26 739696]
    R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-12-26 21488]
    R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-12-26 161008]
    R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-12-26 144696]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-1-26 723632]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-12-26 10384]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-12-26 540184]
    R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-12-26 255216]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-12-26 133520]
    S3 cpuz128;cpuz128;\??\c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz_x32.sys [?]

    =============== Created Last 30 ================

    2010-04-06 01:13:19 0 d-----w- C:\c4d0a49394341883ce072a7d29
    2010-03-19 07:01:11 0 d-----w- c:\windows\SQL9_KB954606_ENU
    2010-03-17 07:01:23 0 d-----w- c:\windows\SQL9_KB960089_ENU
    2010-03-11 23:37:21 0 d-----w- c:\program files\Windows Installer Clean Up
    2010-03-11 02:37:56 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-10 05:22:19 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-03-10 05:22:19 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-03-09 14:04:52 0 d-----w- c:\windows\SQL9_KB970895_ENU
    2010-03-09 12:35:38 0 d-----w- c:\program files\Microsoft
    2010-03-09 12:35:24 0 d-----w- c:\program files\Windows Live SkyDrive
    2010-03-09 12:33:50 0 d-----w- c:\program files\common files\Windows Live
    2010-03-09 01:06:06 0 d-----w- c:\program files\MSECache

    ==================== Find3M ====================

    2010-04-06 01:30:28 12660 ----a-w- c:\windows\system32\tablet.dat
    2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
    2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-03-06 01:53:12 140288 ----a-w- c:\windows\~GLC0001.TMP
    2010-03-06 01:48:41 140288 ----a-w- c:\windows\~GLC0000.TMP
    2010-02-25 16:04:52 490504 ----a-w- C:\WhatsMyComputerDoing_E.exe
    2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
    2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
    2010-02-08 21:05:10 171552 ----a-w- c:\windows\system32\guard32.dll
    2010-02-08 21:05:09 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2010-01-28 04:44:11 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-01-19 03:02:04 87084 ----a-w- c:\windows\fonts\TTOXY.TTF
    2010-01-19 03:01:53 84520 ----a-w- c:\windows\fonts\TTPIERRE.TTF
    2010-01-18 22:54:44 102040 ----a-w- c:\windows\fonts\ropemf.ttf
    2010-01-18 22:45:38 51716 ----a-w- c:\windows\system32\pdf995mon.dll
    2010-01-18 22:45:38 249856 ----a-w- c:\windows\system32\pdfmona.dll

    ============= FINISH: 21:38:54.81 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/26/2009 3:07:28 PM
    System Uptime: 4/5/2010 9:29:18 PM (0 hours ago)

    Motherboard: Hewlett-Packard | | 0A64h
    Processor: AMD Athlon(tm) Dual Core Processor 4450B | XU1 PROCESSOR | 1789/1000mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 199.965 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 117 GiB total, 90.42 GiB free.
    F: is FIXED (FAT32) - 19 GiB total, 18.565 GiB free.
    G: is FIXED (NTFS) - 39 GiB total, 16.909 GiB free.
    H: is FIXED (FAT32) - 29 GiB total, 9.853 GiB free.
    I: is FIXED (FAT32) - 29 GiB total, 28.635 GiB free.
    J: is Removable
    K: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP46: 3/8/2010 3:52:27 PM - System Checkpoint
    RP47: 3/8/2010 8:06:26 PM - Installed Microsoft Office Word Viewer 2003
    RP48: 3/9/2010 7:32:23 AM - Software Distribution Service 3.0
    RP49: 3/9/2010 9:04:23 AM - Software Distribution Service 3.0
    RP50: 3/10/2010 9:21:42 AM - System Checkpoint
    RP51: 3/11/2010 3:00:33 AM - Software Distribution Service 3.0
    RP52: 3/11/2010 6:05:49 PM - Software Distribution Service 3.0
    RP53: 3/11/2010 6:17:32 PM - Software Distribution Service 3.0
    RP54: 3/11/2010 6:34:06 PM - Installed Windows Installer Clean Up
    RP55: 3/11/2010 6:36:56 PM - Removed Windows Installer Clean Up
    RP56: 3/11/2010 6:37:21 PM - Installed Windows Installer Clean Up
    RP57: 3/11/2010 8:47:37 PM - Software Distribution Service 3.0
    RP58: 3/12/2010 3:00:31 AM - Software Distribution Service 3.0
    RP59: 3/13/2010 3:00:31 AM - Software Distribution Service 3.0
    RP60: 3/14/2010 4:00:27 AM - Software Distribution Service 3.0
    RP61: 3/15/2010 3:00:38 AM - Software Distribution Service 3.0
    RP62: 3/16/2010 3:00:35 AM - Software Distribution Service 3.0
    RP63: 3/17/2010 3:00:28 AM - Software Distribution Service 3.0
    RP64: 3/18/2010 3:00:29 AM - Software Distribution Service 3.0
    RP65: 3/19/2010 3:00:27 AM - Software Distribution Service 3.0
    RP66: 3/20/2010 3:00:23 AM - Software Distribution Service 3.0
    RP67: 3/21/2010 3:00:22 AM - Software Distribution Service 3.0
    RP68: 3/22/2010 3:00:25 AM - Software Distribution Service 3.0
    RP69: 3/23/2010 3:00:28 AM - Software Distribution Service 3.0
    RP70: 3/24/2010 3:00:24 AM - Software Distribution Service 3.0
    RP71: 3/25/2010 3:00:23 AM - Software Distribution Service 3.0
    RP72: 3/26/2010 3:00:24 AM - Software Distribution Service 3.0
    RP73: 3/27/2010 3:00:24 AM - Software Distribution Service 3.0
    RP74: 3/28/2010 3:00:24 AM - Software Distribution Service 3.0
    RP75: 3/29/2010 3:00:22 AM - Software Distribution Service 3.0
    RP76: 3/30/2010 3:00:26 AM - Software Distribution Service 3.0
    RP77: 3/31/2010 3:00:24 AM - Software Distribution Service 3.0
    RP78: 4/1/2010 3:00:43 AM - Software Distribution Service 3.0
    RP79: 4/2/2010 3:00:37 AM - Software Distribution Service 3.0
    RP80: 4/3/2010 3:00:40 AM - Software Distribution Service 3.0
    RP81: 4/4/2010 3:00:42 AM - Software Distribution Service 3.0
    RP82: 4/5/2010 3:00:33 AM - Software Distribution Service 3.0
    RP83: 4/5/2010 9:13:14 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    Absolute Accessories
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 Plugin
    Adobe Illustrator 10
    Adobe Photoshop 7.0
    Adobe SVG Viewer 3.0
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    ATI Problem Report Wizard
    Auslogics Disk Defrag
    Autorun Eater v2.4
    Broadcom Management Programs
    Broadcom TPM Driver Installer
    CA Anti-Virus
    CDDRV_Installer
    ClarisWorks 4.0
    COMODO Internet Security
    Dual-Core Optimizer
    erLT
    ESET Online Scanner v3
    Four Winds
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952117-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    hp deskjet 3500 series
    HP Help and Support
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 18
    KhalInstallWrapper
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Disc 2
    Microsoft Office 2000 SR-1 Professional
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    NfoDiz 6.0 Setup
    NoteWorthy Composer
    NoteWorthy Player
    OpenOffice.org 3.1
    Panda USB Vaccine 1.0.1.4
    PDF Complete
    Pdf995
    PdfEdit995
    PrintKey2000
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator 7 Basic Edition
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    Signature995
    SolSuite
    SUPERAntiSpyware Free Edition
    Tweak UI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Wacom Tablet Driver
    WebFldrs XP
    What's my computer doing 1.xx
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    Windows XP Service Pack 3
    WinPatrol 2009
    Yahoo! SiteBuilder

    ==== Event Viewer Messages From Past Week ========

    3/30/2010 9:57:27 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
    3/30/2010 3:03:06 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for SQL Server 2005 Service Pack 2 (KB954606).

    (I have enough of those failures to start a small store!)

    3/30/2010 3:02:25 AM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).

    ==== End Of File ===========================
     
    frayedknotarts,
    #1
  2. 2010/04/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/04/06
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    456
    Likes Received:
    4
    First post prior restart

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3961

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    4/6/2010 9:02:01 PM
    mbam-log-2010-04-06 (21-02-01).txt

    Scan type: Quick scan
    Objects scanned: 110051
    Time elapsed: 4 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)
     
    frayedknotarts,
    #3
  5. 2010/04/07
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    456
    Likes Received:
    4
    OK Ran GMER but the computer locked up on me overnite so will try again tonite early and post.

    The "chirping" and activity have stopped and I can't explain either it's arrival or departure.
     
    frayedknotarts,
    #4
  6. 2010/04/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Hmmm...let's run one more check...

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #5
  7. 2010/04/07
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    456
    Likes Received:
    4
    ComboFix 10-04-06.05 - Administrator 04/07/2010 22:58:28.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2517 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\AUTORUN.INF . . . . failed to delete
    H:\AUTORUN.INF . . . . failed to delete
    I:\AUTORUN.INF . . . . failed to delete
    L:\AUTORUN.INF . . . . failed to delete
    M:\AUTORUN.INF . . . . failed to delete
    N:\AUTORUN.INF . . . . failed to delete
    P:\AUTORUN.INF . . . . failed to delete

    .[FONT= "Verdana"]WHUFFO DAT DERE BE'S LIKE DAT???[/FONT]


    ((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
    .

    2010-04-06 11:56 . 2010-04-06 11:56 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-06 01:13 . 2010-04-06 01:13 -------- d-----w- C:\c4d0a49394341883ce072a7d29
    2010-03-19 07:01 . 2010-03-19 07:01 -------- d-----w- c:\windows\SQL9_KB954606_ENU
    2010-03-17 07:01 . 2010-03-17 07:01 -------- d-----w- c:\windows\SQL9_KB960089_ENU
    2010-03-11 23:37 . 2010-03-11 23:37 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2010-03-11 23:37 . 2010-03-11 23:37 -------- d-----w- c:\program files\Windows Installer Clean Up
    2010-03-11 08:03 . 2010-03-11 08:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2010-03-11 02:37 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-10 05:22 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-03-09 14:04 . 2010-03-09 14:04 -------- d-----w- c:\windows\SQL9_KB970895_ENU
    2010-03-09 12:41 . 2010-03-09 12:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
    2010-03-09 12:35 . 2010-03-11 14:39 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-03-09 12:35 . 2010-03-09 12:35 -------- d-----w- c:\program files\Microsoft
    2010-03-09 12:35 . 2010-03-09 12:35 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-03-09 12:33 . 2010-03-09 12:33 -------- d-----w- c:\program files\Common Files\Windows Live

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-08 03:05 . 2009-12-30 01:51 12660 ----a-w- c:\windows\system32\tablet.dat
    2010-04-08 02:52 . 2010-01-25 20:17 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-06 11:57 . 2010-01-26 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-06 11:46 . 2010-01-07 01:18 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-04-06 01:17 . 2010-01-25 20:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-06 01:14 . 2009-12-26 22:48 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-03-30 04:46 . 2010-01-26 00:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-30 04:45 . 2010-01-26 00:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-11 23:37 . 2010-03-09 01:06 -------- d-----w- c:\program files\MSECache
    2010-03-11 12:38 . 2004-08-04 07:56 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2004-08-04 07:56 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 12:33 . 2009-12-26 22:47 87440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-06 02:09 . 2010-03-06 01:52 -------- d-----w- c:\program files\NoteWorthy Composer
    2010-03-06 01:53 . 2010-03-06 01:51 140288 ----a-w- c:\windows\~GLC0001.TMP
    2010-03-06 01:48 . 2010-03-06 01:48 140288 ----a-w- c:\windows\~GLC0000.TMP
    2010-02-25 16:42 . 2010-02-25 16:42 -------- d-----w- c:\program files\What's my computer doing
    2010-02-25 16:04 . 2010-02-25 16:05 490504 ----a-w- C:\WhatsMyComputerDoing_E.exe
    2010-02-22 02:58 . 2010-02-22 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
    2010-02-22 02:57 . 2010-02-22 02:57 -------- d-----w- c:\program files\Autorun Eater
    2010-02-16 04:04 . 2010-02-09 00:12 -------- d-----w- c:\program files\PrintKey2000
    2010-02-13 11:49 . 2010-02-13 11:30 -------- d-----w- c:\program files\Overland
    2010-02-13 11:31 . 2010-02-13 11:27 -------- d-----w- c:\program files\HP
    2010-02-09 08:00 . 2010-02-09 08:00 -------- d-----w- c:\program files\MSXML 4.0
    2010-02-09 00:20 . 2010-02-08 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Roxio
    2010-02-08 21:05 . 2010-01-26 04:09 171552 ----a-w- c:\windows\system32\guard32.dll
    2010-02-08 21:05 . 2010-01-26 04:09 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2010-02-08 14:39 . 2010-02-08 14:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-02-08 14:36 . 2010-02-08 14:36 -------- d-----w- c:\program files\Roxio
    2010-01-28 18:50 . 2010-01-18 22:45 129 ----a-w- c:\windows\wpd99.drv
    2010-01-28 17:13 . 2010-01-26 04:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
    2010-01-28 17:13 . 2010-01-26 04:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2010-01-28 04:44 . 2010-01-28 04:44 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aebf811-n\decora-sse.dll
    2010-01-28 04:44 . 2010-01-28 04:44 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38d12305-n\msvcp71.dll
    2010-01-28 04:44 . 2010-01-28 04:44 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38d12305-n\jmc.dll
    2010-01-28 04:44 . 2010-01-28 04:44 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38d12305-n\msvcr71.dll
    2010-01-28 04:44 . 2010-01-28 04:44 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aebf811-n\decora-d3d.dll
    2010-01-28 04:44 . 2010-01-07 01:15 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-01-25 20:17 . 2010-01-25 20:17 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-01-18 22:45 . 2010-01-18 22:45 51716 ----a-w- c:\windows\system32\pdf995mon.dll
    2010-01-18 22:45 . 2010-01-18 22:45 249856 ----a-w- c:\windows\system32\pdfmona.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-06 2010864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-05-24 344064]
    "amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
    "RTHDCPL "= "RTHDCPL.EXE" [2006-08-01 16049664]
    "PDF Complete "= "c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
    "SetRefresh "= "c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "cctray "= "c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-12-26 181488]
    "CAVRID "= "c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-26 230640]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
    "Autorun Eater "= "c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-26 813584]
    Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-2-8 869376]
    TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-12-29 77824]
    What's my computer doing.lnk - c:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2010-2-25 271144]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Absolute Accessories.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Absolute Accessories.lnk
    backup=c:\windows\pss\Absolute Accessories.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
    backup=c:\windows\pss\Printkey2000.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2005-02-04 13:14 1695744 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe "=

    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [9/21/2006 12:30 PM 120320]
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [9/13/2006 2:06 PM 3840]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/26/2010 12:09 AM 134344]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/26/2010 12:09 AM 25160]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/26/2009 6:06 PM 10384]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12/26/2009 6:50 PM 540184]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
    S3 cpuz128;cpuz128;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-08 c:\windows\Tasks\PandaUSBVaccine.job
    - c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2010-01-07 21:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\VetRedir.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ql8q5tfq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 23:06
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
    "ImagePath "= "c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(1052)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\windows\system32\tabhook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Panda USB Vaccine\USBVaccine.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\Tablet.exe
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Autorun Eater\billy.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-04-07 23:13:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-08 03:12
    ComboFix2.txt 2010-01-25 18:39

    Pre-Run: 214,699,057,152 bytes free
    Post-Run: 214,887,587,840 bytes free

    - - End Of File - - 11C2518301851FD777C10AA3BAD843CB




    H I J A C K


    ComboFix 10-04-06.05 - Administrator 04/07/2010 22:58:28.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2517 [GMT -4:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    F:\AUTORUN.INF . . . . failed to delete
    H:\AUTORUN.INF . . . . failed to delete
    I:\AUTORUN.INF . . . . failed to delete
    L:\AUTORUN.INF . . . . failed to delete
    M:\AUTORUN.INF . . . . failed to delete
    N:\AUTORUN.INF . . . . failed to delete
    P:\AUTORUN.INF . . . . failed to delete

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
    .

    2010-04-06 11:56 . 2010-04-06 11:56 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-06 01:13 . 2010-04-06 01:13 -------- d-----w- C:\c4d0a49394341883ce072a7d29
    2010-03-19 07:01 . 2010-03-19 07:01 -------- d-----w- c:\windows\SQL9_KB954606_ENU
    2010-03-17 07:01 . 2010-03-17 07:01 -------- d-----w- c:\windows\SQL9_KB960089_ENU
    2010-03-11 23:37 . 2010-03-11 23:37 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
    2010-03-11 23:37 . 2010-03-11 23:37 -------- d-----w- c:\program files\Windows Installer Clean Up
    2010-03-11 08:03 . 2010-03-11 08:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
    2010-03-11 02:37 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-03-10 05:22 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-03-09 14:04 . 2010-03-09 14:04 -------- d-----w- c:\windows\SQL9_KB970895_ENU
    2010-03-09 12:41 . 2010-03-09 12:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
    2010-03-09 12:35 . 2010-03-11 14:39 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-03-09 12:35 . 2010-03-09 12:35 -------- d-----w- c:\program files\Microsoft
    2010-03-09 12:35 . 2010-03-09 12:35 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-03-09 12:33 . 2010-03-09 12:33 -------- d-----w- c:\program files\Common Files\Windows Live

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-08 03:05 . 2009-12-30 01:51 12660 ----a-w- c:\windows\system32\tablet.dat
    2010-04-08 02:52 . 2010-01-25 20:17 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-04-06 11:57 . 2010-01-26 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-06 11:46 . 2010-01-07 01:18 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-04-06 01:17 . 2010-01-25 20:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-04-06 01:14 . 2009-12-26 22:48 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-03-30 04:46 . 2010-01-26 00:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-30 04:45 . 2010-01-26 00:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-11 23:37 . 2010-03-09 01:06 -------- d-----w- c:\program files\MSECache
    2010-03-11 12:38 . 2004-08-04 07:56 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2004-08-04 07:56 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 12:33 . 2009-12-26 22:47 87440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-06 02:09 . 2010-03-06 01:52 -------- d-----w- c:\program files\NoteWorthy Composer
    2010-03-06 01:53 . 2010-03-06 01:51 140288 ----a-w- c:\windows\~GLC0001.TMP
    2010-03-06 01:48 . 2010-03-06 01:48 140288 ----a-w- c:\windows\~GLC0000.TMP
    2010-02-25 16:42 . 2010-02-25 16:42 -------- d-----w- c:\program files\What's my computer doing
    2010-02-25 16:04 . 2010-02-25 16:05 490504 ----a-w- C:\WhatsMyComputerDoing_E.exe
    2010-02-22 02:58 . 2010-02-22 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Autorun Eater
    2010-02-22 02:57 . 2010-02-22 02:57 -------- d-----w- c:\program files\Autorun Eater
    2010-02-16 04:04 . 2010-02-09 00:12 -------- d-----w- c:\program files\PrintKey2000
    2010-02-13 11:49 . 2010-02-13 11:30 -------- d-----w- c:\program files\Overland
    2010-02-13 11:31 . 2010-02-13 11:27 -------- d-----w- c:\program files\HP
    2010-02-09 08:00 . 2010-02-09 08:00 -------- d-----w- c:\program files\MSXML 4.0
    2010-02-09 00:20 . 2010-02-08 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Roxio
    2010-02-08 21:05 . 2010-01-26 04:09 171552 ----a-w- c:\windows\system32\guard32.dll
    2010-02-08 21:05 . 2010-01-26 04:09 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2010-02-08 14:39 . 2010-02-08 14:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-02-08 14:36 . 2010-02-08 14:36 -------- d-----w- c:\program files\Roxio
    2010-01-28 18:50 . 2010-01-18 22:45 129 ----a-w- c:\windows\wpd99.drv
    2010-01-28 17:13 . 2010-01-26 04:09 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
    2010-01-28 17:13 . 2010-01-26 04:09 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2010-01-28 04:44 . 2010-01-28 04:44 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aebf811-n\decora-sse.dll
    2010-01-28 04:44 . 2010-01-28 04:44 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38d12305-n\msvcp71.dll
    2010-01-28 04:44 . 2010-01-28 04:44 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38d12305-n\jmc.dll
    2010-01-28 04:44 . 2010-01-28 04:44 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-38d12305-n\msvcr71.dll
    2010-01-28 04:44 . 2010-01-28 04:44 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aebf811-n\decora-d3d.dll
    2010-01-28 04:44 . 2010-01-07 01:15 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-01-25 20:17 . 2010-01-25 20:17 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-01-18 22:45 . 2010-01-18 22:45 51716 ----a-w- c:\windows\system32\pdf995mon.dll
    2010-01-18 22:45 . 2010-01-18 22:45 249856 ----a-w- c:\windows\system32\pdfmona.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-06 2010864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-05-24 344064]
    "amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-03-14 77824]
    "RTHDCPL "= "RTHDCPL.EXE" [2006-08-01 16049664]
    "PDF Complete "= "c:\program files\PDF Complete\pdfsty.exe" [2007-08-07 331288]
    "SetRefresh "= "c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
    "cctray "= "c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-12-26 181488]
    "CAVRID "= "c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-26 230640]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2009-06-17 55824]
    "WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
    "Autorun Eater "= "c:\program files\Autorun Eater\oldmcdonald.exe" [2009-05-27 549400]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-26 813584]
    Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-2-8 869376]
    TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2009-12-29 77824]
    What's my computer doing.lnk - c:\program files\What's my computer doing\WhatsMyComputerDoing.exe [2010-2-25 271144]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Absolute Accessories.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Absolute Accessories.lnk
    backup=c:\windows\pss\Absolute Accessories.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
    backup=c:\windows\pss\Printkey2000.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2005-02-04 13:14 1695744 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\WINDOWS\\system32\\mmc.exe "=

    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [9/21/2006 12:30 PM 120320]
    R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [9/13/2006 2:06 PM 3840]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/26/2010 12:09 AM 134344]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/26/2010 12:09 AM 25160]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/26/2009 6:06 PM 10384]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12/26/2009 6:50 PM 540184]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
    S3 cpuz128;cpuz128;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-08 c:\windows\Tasks\PandaUSBVaccine.job
    - c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2010-01-07 21:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\windows\system32\VetRedir.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ql8q5tfq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-07 23:06
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pdfcDispatcher]
    "ImagePath "= "c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll

    - - - - - - - > 'explorer.exe'(1052)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\windows\system32\tabhook.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Panda USB Vaccine\USBVaccine.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\Tablet.exe
    c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Autorun Eater\billy.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-04-07 23:13:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-08 03:12
    ComboFix2.txt 2010-01-25 18:39

    Pre-Run: 214,699,057,152 bytes free
    Post-Run: 214,887,587,840 bytes free

    - - End Of File - - 11C2518301851FD777C10AA3BAD843CB
     
    frayedknotarts,
    #6
  8. 2010/04/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.


    I don't see any security issues here.
    Your problem, if still exist is not malware related.
     
    broni,
    #7
  9. 2010/04/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I received a PM this morning from one of our members and I thought, it was worth to post it here:

     
    broni,
    #8
  10. 2010/04/08
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    456
    Likes Received:
    4
    Nope, no cell phone, but thanks for playing!

    It sounded almost like the HD was "seeking ", the sound was so muted, but about five minutes after I first posted it stopped and hasn't recurred since.... totally stumped. Already went thru the hardware aspect, checking connectors and cable ribbons but no clues. Decided to still try the "malware checks" "J.I.C. ", so closed thread.

    Thanks again, Broni!
     
    frayedknotarts,
    #9
  11. 2010/04/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Sure thing :)
     
    broni,
    #10
  12. 2011/07/16
    frayedknotarts Lifetime Subscription

    frayedknotarts Well-Known Member Thread Starter

    Joined:
    2006/08/12
    Messages:
    456
    Likes Received:
    4
    OK: It’s only taken a little over a year to figure this out, but for those who were interested (and who are still not in the Asylum), I finally got it.

    It involves neither an insane cricket, a timer on a W.M.D., my Pacemaker nor a cell phone. (Nice try, Mate!)

    Years ago, IOMEGA (my LEAST favourite hardware maker) came up with the ZIP drive in competition to the BERNOULLI "Toaster" storage solution. The ZIP was a great idea and might be considered the Great Uncle of the thumbdrive, but (as I often do.... hey, look! Pigeons!!!) I digress.

    The ZIP drive engendered the "Click Of Death" .

    The Click of Death occured when the reader forks on the ZIP drive (especialy the portable drives) could no longer "˜index’ to the boot information on the internal disk in the ZIP... all it would do is click...eternally. Eject, reinsert...*click*click*cli...: repeat.

    IOMEGA, meanwhile, continued to ignore any possibility that their wonderful item could have a defect.

    I still have 50-odd disks and a couple of ZIP drives. Any *click* one *click* inter *click* ested *click* ? *click - click*

    Forward, I say, into the future we go, to another IOMEGA disaster: the "eGo" flash drive. I have two of them, one a .36TB and the other a .5TB drive.

    I was quite enamoured of these (I had quite forgot about IOMEGA) and began to use them rather religiously to transport data, store things and the like.... they worked quite well.

    At first.

    It had occurred to me that the included USB cable was a bit odd as it had two connectors on the south end... this was explained (in the literature) as a "˜precaution’ in case your computer was delivering less than the required mili-amperage to the drive.

    Months go by, the drives are now always plugged in and are trusted data transfer companions: then the "˜chirping’ started.

    OF COURSE it’s from the bloody IOMEGA drives. Both have only one connector "connectedâ€.

    As detailed in the posts above, I went totally batty trying to find the "˜chirp’. My hearing not being too good, I only perceived the location as "the computer area" (drives sitting on top the case), so we went round and round on it, until I happened to take the drive to see if I could rescue some data from a laptop in another office.

    Now the "˜chirp’ was eminently hearable AND I had a young pair of ears to locate it.

    Plugged in the second power tap... no chirp!

    Solved! I (I blush to say) forgot this thread.

    A few weeks later the chirping started again. Both power taps were in, the drives were sitting on a support away from the computer, and as time progressed, they became - at first - intermittently recognizable by the computer - then not seen at all and unusable. (I had long pulled all data to a couple of HITACHI "Simpletough" .5TB flash-drives which have yet to put a foot wrong.)

    SO, the bloody problem is the IOMEGA drive and (IMHO) IOMEGA's complete inability to either successfully test a new product or to admit when the thing is a door-stop.

    eGo is a perfect name for this piece of (censored).... "˜cos "˜e go out the door.

    That’s the last IOMEGA P.O.S. that comes into MY house/shop/office!


    At any rate.... that’s my story and I’m stickin’ to it.
     
    Last edited: 2011/07/16
    frayedknotarts,
    #11
  13. 2011/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Must admit, this is really bizarre story.
    Thanks for posting :)
     
    broni,
    #12

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...