Topic: Unknown problem: afinding.exe, nobicyst.exe, perfs.exe, routing.exe, wserving.exe
View Single Post
  #3  
Old August 7th, 2008, 06:55 PM
skiniemini skiniemini is offline
Senior Member
  
Join Date: Aug 2008
O/S: Windows 7 32-bit
Posts: 163
Main.txt:

Deckard's System Scanner v20071014.68
Run by mason on 2008-08-07 10:09:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.



-- HijackThis (run as mason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:17 AM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\afinding.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\McAfee\MBK\MBackMonitor.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\system32\Nobicyt.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\WINDOWS\system32\routing.exe
F:\Program Files\SiteAdvisor\6261\SAService.exe
F:\WINDOWS\System32\PAStiSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\wserving.exe
F:\WINDOWS\Explorer.EXE
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\Program Files\SiteAdvisor\6261\SiteAdv.exe
F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Windows Live\Messenger\usnsvc.exe
F:\WINDOWS\system32\wuauclt.exe
f:\PROGRA~1\mcafee\msc\mcuimgr.exe
F:\Documents and Settings\Mason\My Documents\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\mason.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mason
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 220.225.209.91:3128
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - f:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] F:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] F:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] F:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AllToTray] F:\PROGRA~1\ALLTOT~1\ALLTOT~1.EXE
O4 - HKCU\..\Run: [Mini-XP] F:\Documents and Settings\Mason\Local Settings\Temporary Internet Files\Content.IE5\4CG9BU6E\Mini-XP.exe
O4 - HKCU\..\Run: [Vidalia] "F:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "F:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WinMinimizer] E:\WMinimizer\WindowMinimizer.exe
O4 - Startup: Shortcut to BNUBot.lnk = Bot\BNUBot.exe
O4 - Startup: Shortcut to l2uthless Ops.lnk = l2uthless_Ops\l2uthless Ops.exe
O4 - Global Startup: Shortcut to pg2.lnk = C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: VIA RAID TOOL.lnk = F:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OUTLOO~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://landryserver/connectcomputer/nshelp.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\Software\..\Telephony: DomainName = landrynetwork.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = landrynetwork.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = landrynetwork.local
O23 - Service: AFinding Service (AFinding) - Unknown owner - F:\WINDOWS\system32\afinding.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - F:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - F:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Microsoft Network Message Service (msmsnkd) - Unknown owner - F:\WINDOWS\system32\msmsn.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero 8\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - F:\WINDOWS\system32\Nobicyt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - F:\WINDOWS\system32\routing.exe
O23 - Service: SiteAdvisor Service - Unknown owner - F:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: STI Simulator - Unknown owner - F:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - F:\WINDOWS\system32\wserving.exe

--
End of file - 10916 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pcouffin (VSO Software pcouffin) - f:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 NetHook_ControlCenter (ArtOfPing ControlCenter) - f:\program files\pingfu iris\controlcenter.sys (file missing)
S3 NetHook_Interceptor (ArtOfPing TDI Interceptor) - f:\program files\pingfu iris\interceptor.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AFinding (AFinding Service) - f:\windows\system32\afinding.exe
R2 Bonjour Service - "f:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero 8\nero\nero8\nero backitup\nbservice.exe
R2 NOBICYT (NOBICYT Service) - f:\windows\system32\nobicyt.exe
R2 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 Routing (Routing Service) - f:\windows\system32\routing.exe
R2 WServing (WServing Service) - f:\windows\system32\wserving.exe

S2 msmsnkd (Microsoft Network Message Service) - f:\windows\system32\msmsn.exe (file missing)
S4 perfmons - f:\windows\system32\perfs.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_E0001458&REV_10\3&13C 0B0C5&0&98
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 11:18:04 284 --a------ F:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-08-01 01:00:00 352 --a------ F:\WINDOWS\Tasks\McQcTask.job
2008-07-15 01:00:00 350 --a------ F:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-06 13:54:20 0 d-------- F:\Program Files\Trend Micro
2008-08-06 10:45:01 0 d-------- F:\Documents and Settings\Mason\.housecall6.6 <HOUSEC~1.6>
2008-08-05 10:42:41 0 d-------- F:\Program Files\U5Me Operator
2008-08-05 08:50:17 0 d-------- F:\WINDOWS\pss
2008-08-03 09:11:46 0 d-------- F:\Program Files\LG Electronics
2008-08-01 16:38:05 61440 --a------ F:\WINDOWS\system32\msudf.exe
2008-08-01 13:43:53 0 d-------- F:\Documents and Settings\LocalService\Application Data\Macromedia
2008-08-01 13:43:52 0 d-------- F:\Documents and Settings\LocalService\Application Data\Adobe
2008-08-01 12:16:49 0 d-------- F:\Program Files\TallStick
2008-07-31 16:36:23 0 d-------- F:\Documents and Settings\All Users\Application Data\InstalledPackages
2008-07-31 16:36:16 0 d-------- F:\Documents and Settings\All Users\Application Data\SyncClient
2008-07-31 16:35:53 0 d-------- F:\Program Files\Wireless Sync
2008-07-27 15:47:44 0 d-------- F:\Documents and Settings\Mason\Application Data\ArtOfPing
2008-07-26 01:26:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Mozilla
2008-07-26 01:20:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\ArtOfPing
2008-07-26 01:19:28 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Macromedia
2008-07-26 01:19:03 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Adobe
2008-07-26 01:04:20 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\McAfee
2008-07-26 01:03:58 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Nero
2008-07-26 01:03:54 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\SiteAdvisor
2008-07-26 01:03:19 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Application Data\Identities
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Templates <TEMPLA~1>
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Start Menu <STARTM~1>
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\SendTo
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Recent
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\PrintHood <PRINTH~1>
2008-07-26 01:03:02 2359296 --ah----- F:\Documents and Settings\Mason.LANDRY2\ntuser.dat
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\NetHood
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\My Documents <MYDOCU~1>
2008-07-26 01:03:02 0 d--h----- F:\Documents and Settings\Mason.LANDRY2\Local Settings <LOCALS~1>
2008-07-26 01:03:02 0 dr------- F:\Documents and Settings\Mason.LANDRY2\Favorites <FAVORI~1>
2008-07-26 01:03:02 0 d-------- F:\Documents and Settings\Mason.LANDRY2\Desktop
2008-07-26 01:03:02 0 d--hs---- F:\Documents and Settings\Mason.LANDRY2\Cookies
2008-07-26 01:03:02 0 dr-h----- F:\Documents and Settings\Mason.LANDRY2\Application Data <APPLIC~1>
2008-07-26 01:03:02 0 d---s---- F:\Documents and Settings\Mason.LANDRY2\Application Data\Microsoft
2008-07-25 13:00:33 0 d-------- F:\Documents and Settings\Mason\Application Data\Winamp
2008-07-23 09:54:06 0 d--hs---- F:\WINDOWS\ftpcache
2008-07-14 23:56:49 0 d-------- F:\Program Files\Microsoft ActiveSync
2008-07-14 22:37:03 0 d-------- F:\Program Files\Microsoft Silverlight
2008-07-14 14:07:17 0 d-------- F:\Program Files\Mozilla ActiveX Control v1.7.12
2008-07-14 11:53:08 0 d-------- F:\WINDOWS\system32\xlive
2008-07-14 11:48:02 0 d-------- F:\Program Files\Microsoft XNA
2008-07-14 11:36:03 0 d-------- F:\Program Files\iPod
2008-07-14 11:14:58 0 d-------- F:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-14 11:00:17 0 d-------- F:\WINDOWS\system32\FxsTmp
2008-07-14 10:53:42 2560 --a------ F:\WINDOWS\_MSRSTRT.EXE
2008-07-14 09:49:34 0 d-------- F:\Program Files\ElcomSoft

See Next Post
Reply With Quote