PDA

View Full Version : Teatimer - MSPCLOCK, MSPQM and more changes -> 2x media speed



The_Rubberduck
2009-05-16, 14:42
Hi there.

Some of my friends had accidentally visited a site, where some sh*t was downloaded. Allow change was clicked on TeaTimer and nothing more happened.
When I woke up this morning, and turned on my computer, I realized that all media players, iTunes, WMP, Real Player etc. was running at twice the normal speed.
So there was a problem, and I ran Spybot S&D, Ad-Aware and avast! Antivirus. Nothing found, sadly.
So I accessed the TeaTimer log, and found this:

16-05-2009 01:07:09 Allowed (based on lassh blacklist) value "MSPCLOCK" (new data: "rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}") Added in System Startup global entry!
16-05-2009 01:07:09 Allowed (based on lassh blacklist) value "MSPQM" (new data: "rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}") Added in System Startup global entry!
16-05-2009 01:07:09 Allowed (based on lassh blacklist) value "MSKSSRV" (new data: "rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}") Added in System Startup global entry!
16-05-2009 01:07:17 Denied (based on user decision) value "WDM_SYSAUDIO" (new data: "rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install") Added in System Startup global entry!
16-05-2009 01:07:47 Allowed (based on user decision) value "WIAWizardMenu" (new data: "") Deleted in System Startup global entry!
16-05-2009 01:07:56 Allowed (based on user decision) value "WIAWizardMenu" (new data: "RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu") Added in System Startup global entry!
16-05-2009 01:07:56 Allowed (based on lassh blacklist) value "MSPCLOCK" (new data: "") Deleted in System Startup global entry!
16-05-2009 01:07:56 Allowed (based on lassh blacklist) value "MSPQM" (new data: "") Deleted in System Startup global entry!
16-05-2009 01:07:56 Allowed (based on lassh blacklist) value "MSKSSRV" (new data: "") Deleted in System Startup global entry!

Is it possible to backtrack these changes and undo them?
Hopefully some of you will be able to help me.
Please bear with me, I'm a newbie in the forum, so I'm sorry for any mistakes in my post.

Sincerely Nicky

The_Rubberduck
2009-05-16, 17:51
Problem solved