fakeeoghan

November 10, 2005

The message still appears and I cannot find that soundtaskmgr in the task manager's list of processes. Here's the new HJT Log.

Logfile of HijackThis v1.99.1

Scan saved at 17:43:46, on 10/11/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss[Caution: ExecutableFile]

C:\WINNT\system32\winlogon[Caution: ExecutableFile]

C:\WINNT\system32\services[Caution: ExecutableFile]

C:\WINNT\system32\lsass[Caution: ExecutableFile]

C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

C:\WINNT\system32\svchost[Caution: ExecutableFile]

C:\WINNT\System32\svchost[Caution: ExecutableFile]

C:\WINNT\system32\spoolsv[Caution: ExecutableFile]

C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]

C:\WINNT\Explorer[Caution: ExecutableFile]

C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

C:\WINNT\system32\MSTask[Caution: ExecutableFile]

C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]

C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]

C:\WINNT\system32\svchost[Caution: ExecutableFile]

C:\WINNT\system32\tp4serv[Caution: ExecutableFile]

C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]

C:\WINNT\LTSMMSG[Caution: ExecutableFile]

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

C:\WINNT\AGRSMMSG[Caution: ExecutableFile]

C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

C:\WINNT\system32\internat[Caution: ExecutableFile]

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

C:\2003\AUSTIN\Eoghan\runescape stuff\runescape[Caution: ExecutableFile]

C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]

O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]

O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]

O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK

O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min

O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT

O4 - HKLM\..\Run: [sountskmanager] sountaskmgr

O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]

O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]

O4 - HKLM\..\Run: [ssAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr

O4 - HKCU\..\Run: [internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile]

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]"

O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile]

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile]

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b27571.cab

O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4126470871

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b27571.cab

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile]

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile]

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing)

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile]

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing)

O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing)

O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile]

O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile]

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing)

November 8, 2005

Ok I'm thinking about buy this computer. I don't need anything ridiculous but I'd like to be able to play all currently released games as well as have multiple programs running at the same time. This is one that my cousin found for me. It costs 820euro. It's from a german site but you should understand everything. Is it worth the money?

ÃÆÃÂ¢ÃÂ¢Ã¢âÂ¬Ã¢â¬ÅÃâÃÂª AMD GameSolution X3200 - ASUS SLI - AMD Athlon64 3200+ - 1 GB DDR RAM - 200GB - DVD-Writer - ATI X800GT

AMD Athlon 64 3200+ Venice Kern S.939 - 1GB DDR RAM PC400 Markenspeicher - 200 GB Maxtor 8MB Cache 7200rpm - DVD-BRENNER LG4167b DualLayer 16X +/- - ATI Radeon X800GT 256MB DVI TV-out - ASUS A8N-SLI Deluxe / NVIDIA nForce 4 SLI Chipset / HT 1000 Support / Dual Ch. / SATA II 4xSATA RAID 5 / 6xUSB2.0 / Dual GigaBit Network / 6 Kanal Audio / 2x IDE / AI N.O.S / PEG Link / Dual PCI-ex16 - Goldadler Multimedia Tower - 400W POWER NT

November 8, 2005

I'm sorry, what O4 line? and what about this soundtaskmgr thing? Do I forget that? Got to sleep noe but I'll check back tomorrow

November 8, 2005

I don't have a C:\WINDOWS\System32 but I do have C:\WINNT\System32. I checked that folder and there's no soundtaskmgr. Where else should I look or do I have to run a search on my whole computer?

November 8, 2005

And here's the HJT log for after the ewido scan:

Logfile of HijackThis v1.99.1

Scan saved at 16:49:23, on 08/11/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss[Caution: ExecutableFile]

C:\WINNT\system32\winlogon[Caution: ExecutableFile]

C:\WINNT\system32\services[Caution: ExecutableFile]

C:\WINNT\system32\lsass[Caution: ExecutableFile]

C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

C:\WINNT\system32\svchost[Caution: ExecutableFile]

C:\WINNT\System32\svchost[Caution: ExecutableFile]

C:\WINNT\system32\spoolsv[Caution: ExecutableFile]

C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]

C:\WINNT\Explorer[Caution: ExecutableFile]

C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

C:\WINNT\system32\MSTask[Caution: ExecutableFile]

C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]

C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]

C:\WINNT\system32\svchost[Caution: ExecutableFile]

C:\WINNT\system32\tp4serv[Caution: ExecutableFile]

C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]

C:\WINNT\LTSMMSG[Caution: ExecutableFile]

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

C:\WINNT\AGRSMMSG[Caution: ExecutableFile]

C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

C:\WINNT\system32\internat[Caution: ExecutableFile]

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]

C:\WINNT\system32\NOTEPAD[Caution: ExecutableFile]