Strange occurences affecting my PC

View previous topic View next topic Go down

Strange occurences affecting my PC

Post by pelle on 18th July 2009, 10:39 pm

This seems to have happened after visiting a torrent search engine. As soon as the particular page loaded, the Adobe Acrobat Reader application tried to open, but nothing showed up in the system tray or anything. Now, I seem to get commercials for ABC Family shows every few minutes. They sound like short 30 second radio commercials and sometimes two of the commercials will play at the same time. As soon as I go into Task Manager and stop the b.exe process, the commercials go away. B.exe seems to be opening up IE windows as well. You guys were able to help me in the past and I greatly appreciate it. Hopefully you can help me resolve this issue.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:37 PM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
S:\STUFF\shortcuts\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [TimeBell] C:\Program Files\TimeBell1.6\timebell.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7149 bytes

pelle
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-07
OS OS : Win XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by Origin on 18th July 2009, 11:13 pm

Hello pelle,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
    O15 - Trusted Zone: *.antimalwareguard.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)



  • Press "Fix Checked"
  • Close Hijack This.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by pelle on 19th July 2009, 6:44 am

this seems to have worked. you guys are great. thanks so much. donating now Smile

pelle
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-07
OS OS : Win XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by pelle on 19th July 2009, 6:47 am

the combofix.txt seems to be too long. i'll just break it up into two parts, if that's ok

ComboFix 09-07-14.08 - jb 07/19/2009 2:21.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1439 [GMT -4:00]
Running from: c:\documents and settings\jb\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jb\Application Data\upd.exe
c:\documents and settings\jb\nah_oumh.exe
c:\windows\msa.exe
c:\windows\system32\braviax.exe
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\cqwfedgrfivivmm.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\UACcgbaxhcerfdcyqxvf.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\UACcjdlhjesrmksmjlme.dll
c:\windows\system32\UACftevngolgceoixrad.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiomhhwejhlqtttyop.dll
c:\windows\system32\UACjwfcpiafkbwiytgnu.dll
c:\windows\system32\UACkejfhfgrnekkqbpbu.dat
c:\windows\system32\UACljxsklciohndxosgu.dll
c:\windows\system32\UACrnppfthxnvqexjxxd.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
S:\autorun.inf

----- BITS: Possible infected sites -----

[You must be registered and logged in to see this link.]
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UNVSAEM


((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 06:06 . 2009-07-19 06:06 66048 ----a-w- c:\windows\system32\drivers\geyekrnmtakvsc.sys
2009-07-19 06:00 . 2009-07-19 06:00 65536 ----a-w- c:\windows\system32\drivers\geyekrethxvrgr.sys
2009-07-18 21:33 . 2009-07-18 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-07-18 17:36 . 2009-07-19 06:09 180690 ----a-w- c:\windows\system32\wisdstr.exe
2009-07-18 08:21 . 2009-07-18 08:21 65536 ----a-w- c:\windows\system32\drivers\geyekrrtqlrdym.sys
2009-07-18 07:02 . 2009-07-18 07:02 65536 ----a-w- c:\windows\system32\drivers\geyekrakmxcvgq.sys
2009-07-17 06:09 . 2009-07-17 06:09 67072 ----a-w- c:\windows\system32\drivers\geyekreyiwmrkq.sys
2009-06-20 03:00 . 2009-06-20 03:00 -------- d-----w- c:\program files\Yamaha

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 06:34 . 2009-03-20 00:28 -------- d-----w- c:\program files\Steam
2009-07-18 07:02 . 2007-12-11 01:31 -------- d-----w- c:\documents and settings\jb\Application Data\uTorrent
2009-07-17 05:51 . 2009-07-17 05:51 1063450 ----a-w- c:\windows\system32\rn.tmp
2009-07-16 05:58 . 2008-06-23 04:50 -------- d-----w- c:\documents and settings\jb\Application Data\Vso
2009-07-15 01:00 . 2008-01-22 09:47 -------- d-----w- c:\documents and settings\jb\Application Data\dvdcss
2009-07-08 05:00 . 2009-03-06 00:46 -------- d-----w- c:\documents and settings\jb\Application Data\Mp3 Audio Editor
2009-07-06 23:07 . 2009-06-19 23:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 23:07 . 2009-06-19 23:06 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 23:07 . 2009-06-19 23:06 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-20 03:07 . 2007-12-09 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 23:05 . 2007-12-23 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-29 23:06 . 2009-05-29 23:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 23:06 . 2009-03-14 00:56 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-24 23:06 . 2009-04-24 23:06 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 23:06 . 2009-03-13 23:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-13 02:26 . 2009-06-06 01:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-01-23 16:13 . 2008-01-23 16:12 24 --sh--w- c:\windows\S32D69F29.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"NoteZilla"="c:\program files\Conceptworld\NoteZilla\NoteZilla.exe" [2009-01-14 2707456]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-18 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-11-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\jb\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-7-6 547840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/13/2009 7:06 PM 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/9/2007 9:15 AM 17920]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/1/2009 3:03 PM 266240]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/24/2009 3:09 AM 210216]
S2 unvsaem;unvsaem;\??\c:\windows\system32\drivers\cqwfedgrfivivmm.sys --> c:\windows\system32\drivers\cqwfedgrfivivmm.sys [?]
S3 shspusb;Samsung High Speed USB Driver;c:\windows\system32\drivers\HSPUSB.sys [12/27/2007 3:06 AM 21282]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [10/14/2002 2:40 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [10/14/2002 2:40 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:06]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-QNPlus - (no file)
HKLM-Run-TimeBell - c:\program files\TimeBell1.6\timebell.exe

pelle
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-07
OS OS : Win XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by pelle on 19th July 2009, 6:47 am

.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\jb\Application Data\Mozilla\Firefox\Profiles\84si3lty.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-19 02:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TimeBell = c:\program files\TimeBell1.6\timebell.exe??????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AC62AA01-2C96-EE3F-5A75-692C6AC25CEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4614D68-DB62-EFB5-5000-8CB5D7EA95A0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,56,8d,b2,af,f6,
d9,b3,89,c8,28,51,af,b0,29,a3,98,2c,b8,05,3a,d7,f4,db,fa,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6c,51,17,5e,e6,
90,16,5e,71,3b,04,66,8b,46,0d,96,4f,91,41,8a,66,99,e9,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a7,ad,9d,22,73,
56,9c,5d,25,da,ec,7e,55,20,c9,26,95,0c,dd,83,80,ac,b9,ce,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,8e,bd,d4,8b,b0,
58,13,49,3e,1e,9e,e0,57,5a,93,61,e6,12,b0,fb,09,48,55,06,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d3,ea,7d,37,78,
29,0a,f1,cd,44,cd,b9,a6,33,6c,cd,33,a1,84,ae,c8,e9,e1,46,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,af,fa,b1,9b,63,
cc,11,f3,b0,18,ed,a7,3f,8d,37,a4,18,4f,83,e1,52,40,cc,cd,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a5,61,c0,79,e4,
ac,d2,c1,31,77,e1,ba,b1,f8,68,02,f6,b7,2d,bf,79,eb,e8,43,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,16,67,70,39,79,
8b,38,c7,83,6c,56,8b,a0,85,96,ab,49,56,70,23,ac,51,fb,85,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,8a,69,08,81,99,
56,26,b1,51,fa,6e,91,28,9e,14,cc,5b,2c,c9,6c,b4,2d,79,7e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,2e,9d,ba,ff,3b,
9d,cb,3f,b1,cd,45,5a,a8,c4,f8,b9,12,5a,9b,1f,7e,c2,08,e9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,dc,04,6c,76,77,
5b,4b,b6,e3,0e,66,d5,eb,bc,2f,6b,ee,65,5a,99,9c,22,51,9b,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,3d,fd,1e,00,43,
60,cf,82,fa,ea,66,7f,d4,3b,6b,70,8f,a5,f7,1d,c4,09,5a,77,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3560)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\McAfee\MSC\mcregist.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\MSC\mcoemmgr.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MSK\mskagent.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-19 2:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 06:40
ComboFix2.txt 2008-12-08 03:35

Pre-Run: 46,990,614,528 bytes free
Post-Run: 47,348,609,024 bytes free

286 --- E O F --- 2009-03-15 06:03

pelle
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-07
OS OS : Win XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by Origin on 19th July 2009, 7:13 pm

Now open a new notepad file.
Input this into the notepad file:

Rookit::
c:\windows\system32\drivers\geyekrnmtakvsc.sys
c:\windows\system32\drivers\geyekrethxvrgr.sys
c:\windows\system32\drivers\geyekrrtqlrdym.sys
c:\windows\system32\drivers\geyekrakmxcvgq.sys
c:\windows\system32\drivers\geyekreyiwmrkq.sys

File::
c:\windows\system32\wisdstr.exe
c:\windows\S32D69F29.tmp

Folder::
c:\documents and settings\jb\Application Data\uTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=-

Driver::
unvsaem

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by pelle on 20th July 2009, 3:12 am

ComboFix 09-07-19.04 - jb 07/19/2009 22:48.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1370 [GMT -4:00]
Running from: c:\documents and settings\jb\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\jb\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\S32D69F29.tmp"
"c:\windows\system32\wisdstr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jb\Application Data\uTorrent
c:\documents and settings\jb\Application Data\uTorrent\10000 cd keys [You must be registered and logged in to see this link.]
c:\documents and settings\jb\Application Data\uTorrent\2007 Hottest 100.torrent
c:\documents and settings\jb\Application Data\uTorrent\2007 Sweeney Todd Official Movie Wallpapers -Legal-Ups.torrent
c:\documents and settings\jb\Application Data\uTorrent\27 Dresses TS XVID - Stuffies.torrent
c:\documents and settings\jb\Application Data\uTorrent\American.Gangster.UNRATED.DVDR-Replica.torrent
c:\documents and settings\jb\Application Data\uTorrent\amrickiwhite_FULL.wmv.torrent
c:\documents and settings\jb\Application Data\uTorrent\AnyDVD & AnyDVD HD 6.3.0.3 - Final.torrent
c:\documents and settings\jb\Application Data\uTorrent\Apple.QuickTime.Pro.v7.4.1.14.Multilingual.Regged-ViRiLiTY.torrent
c:\documents and settings\jb\Application Data\uTorrent\Beetlejuice.1998.Xvid.NeRoZ.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Birdman-5_Star_Stunna-(RapGodFathers.com).torrent
c:\documents and settings\jb\Application Data\uTorrent\Cops Doubleheader~ Too Hot For Fox-Xtreme.torrent
c:\documents and settings\jb\Application Data\uTorrent\Daft_Punk_-_Alive_2007__Deluxe_Edition-Promo-CD-2007-by-Caizzii.info.torrent
c:\documents and settings\jb\Application Data\uTorrent\dht.dat
c:\documents and settings\jb\Application Data\uTorrent\dht.dat.old
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.S06E05.Vomit.Island.Workers.WS.DSR.XviD-OMiCRON.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.S06E09.Special.Effects.Artist.DSR.XviD-iHT.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.S06E12.Creepy.Slimy.And.Just.Plain.Weird.DSR.XviD-iHT.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.Special.150th.Dirty.Job.WS.DSR.XviD-K4RM4.torrent
c:\documents and settings\jb\Application Data\uTorrent\Discovered - A collection of Daft Punk Samples.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dragon Wars[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\jb\Application Data\uTorrent\Drawn Together Complete Seasons 1&2.torrent
c:\documents and settings\jb\Application Data\uTorrent\Drawn Together.torrent
c:\documents and settings\jb\Application Data\uTorrent\DVD Shrink v3.2.0.15 -LegalTorrents.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family Guy - 102 - Padre De Familia {C_P}.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family Guy - 97 - It Takes a Village Idiot, and I Married One {C_P}.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family Guy Season 7(6) Episode 1 (99) RMVB.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family.Guy.S06E08.PDTV.XviD-0TV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\fff-ea162.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\Fifth.Gear.S13E03.WS.PDTV.XviD-RiVER.torrent
c:\documents and settings\jb\Application Data\uTorrent\Finger Eleven - Them Vs You Vs Me.torrent
c:\documents and settings\jb\Application Data\uTorrent\frisky dingo.torrent
c:\documents and settings\jb\Application Data\uTorrent\Futurama.Benders.Big.Score.XViD.DVDRiP-ANiVCD.torrent
c:\documents and settings\jb\Application Data\uTorrent\Gorillaz - D-Sides (2007) - Pop Easy CD RIP [128kbps].torrent.torrent
c:\documents and settings\jb\Application Data\uTorrent\History Channel - Ku Klux Klan, A Secret History (1998.TVRip.SoS).1.torrent
c:\documents and settings\jb\Application Data\uTorrent\History Channel - Ku Klux Klan, A Secret History (1998.TVRip.SoS).torrent
c:\documents and settings\jb\Application Data\uTorrent\History_Channel_-_The_Russian_Mafia.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\I.Think.I.Love.My.Wife[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\jb\Application Data\uTorrent\I.Want.Someone.To.Eat.Cheese.With.2006.LIMITED.DVDRip.XviD-RiZLA.torrent
c:\documents and settings\jb\Application Data\uTorrent\intervention.s04e04.pdtv.xvid-crimson.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Its Always Sunny In Philadelphia.torrent
c:\documents and settings\jb\Application Data\uTorrent\Its.Always.Sunny.in.Philadelphia.S03E01.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Its.Always.Sunny.in.Philadelphia.S03E02.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Lost.S04E02.HDTV.XviD-2HD.torrent
c:\documents and settings\jb\Application Data\uTorrent\MADtv.S12E13.PDTV.XViD-SiTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\MadTV.S13E10.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\MagicIso 5.3b221 + Crack.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\Michael_Jackson-Thriller_(25th_Anniversary_Edition)-2008-OLDSCHOOL.torrent
c:\documents and settings\jb\Application Data\uTorrent\Microsoft Office 2007 Complete DVD + Serial.torrent
c:\documents and settings\jb\Application Data\uTorrent\Money.Talks.1997.PROPER.DVDRip.XviD-DVDiSO.torrent
c:\documents and settings\jb\Application Data\uTorrent\Nip.Tuck.S05E12.DSR.XviD-0TV.torrent
c:\documents and settings\jb\Application Data\uTorrent\Norton Antivirus 2007 + keygen.torrent
c:\documents and settings\jb\Application Data\uTorrent\Older.And.Horny.10.XviD-SPiCE.torrent
c:\documents and settings\jb\Application Data\uTorrent\Payback.1999.Directors.Cut.DVDRip.XviD-FRAGMENT.torrent
c:\documents and settings\jb\Application Data\uTorrent\Pretty.Baby.torrent
c:\documents and settings\jb\Application Data\uTorrent\PrimeCups.e86.darina.mp4.iPod.torrent
c:\documents and settings\jb\Application Data\uTorrent\Prison.Break.S03E11.HDTV.XviD-XOR.torrent
c:\documents and settings\jb\Application Data\uTorrent\Quicken Home and Business 2008 Full CD.torrent
c:\documents and settings\jb\Application Data\uTorrent\Real Genius (+Extras).torrent
c:\documents and settings\jb\Application Data\uTorrent\reno.911.s05e01.dsr.xvid-0tv.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\resume.dat
c:\documents and settings\jb\Application Data\uTorrent\resume.dat.1.bad
c:\documents and settings\jb\Application Data\uTorrent\resume.dat.old
c:\documents and settings\jb\Application Data\uTorrent\RHM-Pack 7.torrent
c:\documents and settings\jb\Application Data\uTorrent\rss.dat
c:\documents and settings\jb\Application Data\uTorrent\rss.dat.old
c:\documents and settings\jb\Application Data\uTorrent\Series 7.torrent
c:\documents and settings\jb\Application Data\uTorrent\settings.dat
c:\documents and settings\jb\Application Data\uTorrent\settings.dat.old
c:\documents and settings\jb\Application Data\uTorrent\skunkriley2.torrent
c:\documents and settings\jb\Application Data\uTorrent\Sophos Antiv-Virus v7.0 2007 XP or VISTA 32&64bit-iNT.FTS.torrent
c:\documents and settings\jb\Application Data\uTorrent\South Park OST.torrent
c:\documents and settings\jb\Application Data\uTorrent\Squidbillies S1 Complete.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved Episode 6.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E01.DSR.XviD-TCM.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E02.DSR.XviD-LOKi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E03.DigiRip.XviD-BamVCD.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E04.DSR.XviD-TCM.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E05.DSR.XviD-LOKi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E07.DSR.XviD.PROPER-CRiMSON.torrent
c:\documents and settings\jb\Application Data\uTorrent\Strange.Wilderness.CAM.XviD-JJxvid.torrent
c:\documents and settings\jb\Application Data\uTorrent\Super.Mario.Bros.1993.WS.DVDRip.XviD.iNT-EwDp.torrent
c:\documents and settings\jb\Application Data\uTorrent\Sweeney.Todd.The.Demon.Barber.Of.Fleet.Street.DVD.SCREENER.DVDR-DREAMLiGHT.torrent
c:\documents and settings\jb\Application Data\uTorrent\Talladega.Nights.UNRATED.DVDRip.XviD-LMG.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Adventures of Pete & Pete - Season 1.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Adventures of Pete and Pete Season 1.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Boondocks - S02E04 - The Return of Stinkmeaner.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Wire S05E06.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\THE WIRE S5 EP7.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\THE WIRE S5E2.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Wire_S5E05.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Apprentice.S07E06.PDTV.XviD-STFU.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Boondocks.S02E11.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Goonies.1985.iNTERNAL.DVDRip.XviD-CULTXviD.torrent
c:\documents and settings\jb\Application Data\uTorrent\the.wire.s05.e04-rrt.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Wire.S05E01.PDTV.XviD-NoTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Wire.S05E03.TVRip.XviD-MiNT.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\ubuntu-7.10-alternate-i386.iso.torrent
c:\documents and settings\jb\Application Data\uTorrent\utorrent.lng
c:\documents and settings\jb\Application Data\uTorrent\VA-Galactik_Beat_Presents_Hip-Hop_Instrumentals_Vol_1-2008-H5N1.torrent
c:\documents and settings\jb\Application Data\uTorrent\VA-History_Of_Dance_14_The_House_Edition_Top_100-5CD-2007-WRE.torrent
c:\documents and settings\jb\Application Data\uTorrent\Walk.Hard.The.Dewey.Cox.Story.DVDScr.XViD.mVs.torrent
c:\documents and settings\jb\Application Data\uTorrent\War of the Worlds.iso.torrent
c:\documents and settings\jb\Application Data\uTorrent\Xilisoft Video Converter 3.1.50.0104b.torrent
c:\windows\S32D69F29.tmp
c:\windows\system32\drivers\geyekrakmxcvgq.sys
c:\windows\system32\drivers\geyekrethxvrgr.sys
c:\windows\system32\drivers\geyekreyiwmrkq.sys
c:\windows\system32\drivers\geyekrnmtakvsc.sys
c:\windows\system32\drivers\geyekrrtqlrdym.sys
c:\windows\system32\wisdstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_unvsaem


((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-18 21:33 . 2009-07-18 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-06-20 03:00 . 2009-06-20 03:00 -------- d-----w- c:\program files\Yamaha

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 02:57 . 2009-03-20 00:28 -------- d-----w- c:\program files\Steam
2009-07-17 05:51 . 2009-07-17 05:51 1063450 ----a-w- c:\windows\system32\rn.tmp
2009-07-16 05:58 . 2008-06-23 04:50 -------- d-----w- c:\documents and settings\jb\Application Data\Vso
2009-07-15 01:00 . 2008-01-22 09:47 -------- d-----w- c:\documents and settings\jb\Application Data\dvdcss
2009-07-08 05:00 . 2009-03-06 00:46 -------- d-----w- c:\documents and settings\jb\Application Data\Mp3 Audio Editor
2009-07-06 23:07 . 2009-06-19 23:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 23:07 . 2009-06-19 23:06 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 23:07 . 2009-06-19 23:06 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-20 03:07 . 2007-12-09 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 23:05 . 2007-12-23 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-29 23:06 . 2009-05-29 23:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 23:06 . 2009-03-14 00:56 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-24 23:06 . 2009-04-24 23:06 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 23:06 . 2009-03-13 23:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-13 02:26 . 2009-06-06 01:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-20 02:57 . 2009-07-20 02:57 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
+ 2006-02-28 12:00 . 2009-07-19 06:37 63528 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2009-07-19 06:12 63528 c:\windows\system32\perfc009.dat
+ 2007-12-08 18:02 . 2009-07-19 23:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-08 18:02 . 2009-07-19 06:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-08 18:02 . 2009-07-19 23:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-12-08 18:02 . 2009-07-19 06:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-28 12:00 . 2009-07-19 06:37 406328 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2009-07-19 06:12 406328 c:\windows\system32\perfh009.dat

pelle
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-07
OS OS : Win XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by pelle on 20th July 2009, 3:13 am

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"NoteZilla"="c:\program files\Conceptworld\NoteZilla\NoteZilla.exe" [2009-01-14 2707456]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-18 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-11-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\jb\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-7-6 547840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/13/2009 7:06 PM 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/9/2007 9:15 AM 17920]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/1/2009 3:03 PM 266240]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/24/2009 3:09 AM 210216]
S3 shspusb;Samsung High Speed USB Driver;c:\windows\system32\drivers\HSPUSB.sys [12/27/2007 3:06 AM 21282]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [10/14/2002 2:40 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [10/14/2002 2:40 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:06]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\jb\Application Data\Mozilla\Firefox\Profiles\84si3lty.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-19 22:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AC62AA01-2C96-EE3F-5A75-692C6AC25CEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4614D68-DB62-EFB5-5000-8CB5D7EA95A0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,56,8d,b2,af,f6,
d9,b3,89,c8,28,51,af,b0,29,a3,98,2c,b8,05,3a,d7,f4,db,fa,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6c,51,17,5e,e6,
90,16,5e,71,3b,04,66,8b,46,0d,96,4f,91,41,8a,66,99,e9,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a7,ad,9d,22,73,
56,9c,5d,25,da,ec,7e,55,20,c9,26,95,0c,dd,83,80,ac,b9,ce,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,8e,bd,d4,8b,b0,
58,13,49,3e,1e,9e,e0,57,5a,93,61,e6,12,b0,fb,09,48,55,06,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d3,ea,7d,37,78,
29,0a,f1,cd,44,cd,b9,a6,33,6c,cd,33,a1,84,ae,c8,e9,e1,46,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,af,fa,b1,9b,63,
cc,11,f3,b0,18,ed,a7,3f,8d,37,a4,18,4f,83,e1,52,40,cc,cd,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a5,61,c0,79,e4,
ac,d2,c1,31,77,e1,ba,b1,f8,68,02,f6,b7,2d,bf,79,eb,e8,43,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,16,67,70,39,79,
8b,38,c7,83,6c,56,8b,a0,85,96,ab,49,56,70,23,ac,51,fb,85,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,8a,69,08,81,99,
56,26,b1,51,fa,6e,91,28,9e,14,cc,5b,2c,c9,6c,b4,2d,79,7e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,2e,9d,ba,ff,3b,
9d,cb,3f,b1,cd,45,5a,a8,c4,f8,b9,12,5a,9b,1f,7e,c2,08,e9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,dc,04,6c,76,77,
5b,4b,b6,e3,0e,66,d5,eb,bc,2f,6b,ee,65,5a,99,9c,22,51,9b,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,3d,fd,1e,00,43,
60,cf,82,fa,ea,66,7f,d4,3b,6b,70,8f,a5,f7,1d,c4,09,5a,77,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2852)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MSC\mcregist.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-07-20 23:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-20 03:04
ComboFix2.txt 2009-07-19 06:40
ComboFix3.txt 2008-12-08 03:35

Pre-Run: 47,418,818,560 bytes free
Post-Run: 47,362,367,488 bytes free

421 --- E O F --- 2009-03-15 06:03

pelle
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-07
OS OS : Win XP
Points Points : 29258
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange occurences affecting my PC

Post by Origin on 20th July 2009, 4:23 pm

Just a leftover:

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\rn.tmp


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum