WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Strange occurences affecting my PC

2 posters

descriptionStrange occurences affecting my PC EmptyStrange occurences affecting my PC18th July 2009, 10:39 pm

more_horiz
This seems to have happened after visiting a torrent search engine. As soon as the particular page loaded, the Adobe Acrobat Reader application tried to open, but nothing showed up in the system tray or anything. Now, I seem to get commercials for ABC Family shows every few minutes. They sound like short 30 second radio commercials and sometimes two of the commercials will play at the same time. As soon as I go into Task Manager and stop the b.exe process, the commercials go away. B.exe seems to be opening up IE windows as well. You guys were able to help me in the past and I greatly appreciate it. Hopefully you can help me resolve this issue.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:37 PM, on 7/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
S:\STUFF\shortcuts\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [TimeBell] C:\Program Files\TimeBell1.6\timebell.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\WINDOWS\system32\CSHelper.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 7149 bytes

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC18th July 2009, 11:13 pm

more_horiz
Hello pelle,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
    O15 - Trusted Zone: *.antimalwareguard.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
    O15 - Trusted Zone: *.gomyhit.com (HKLM)



  • Press "Fix Checked"
  • Close Hijack This.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

Strange occurences affecting my PC CF_download_FF

Strange occurences affecting my PC CF_download_rename

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Strange occurences affecting my PC 2wg6fte

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC19th July 2009, 6:44 am

more_horiz
this seems to have worked. you guys are great. thanks so much. donating now Smile...

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC19th July 2009, 6:47 am

more_horiz
the combofix.txt seems to be too long. i'll just break it up into two parts, if that's ok

ComboFix 09-07-14.08 - jb 07/19/2009 2:21.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1439 [GMT -4:00]
Running from: c:\documents and settings\jb\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jb\Application Data\upd.exe
c:\documents and settings\jb\nah_oumh.exe
c:\windows\msa.exe
c:\windows\system32\braviax.exe
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\cqwfedgrfivivmm.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\drivers\UACcgbaxhcerfdcyqxvf.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\UACcjdlhjesrmksmjlme.dll
c:\windows\system32\UACftevngolgceoixrad.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiomhhwejhlqtttyop.dll
c:\windows\system32\UACjwfcpiafkbwiytgnu.dll
c:\windows\system32\UACkejfhfgrnekkqbpbu.dat
c:\windows\system32\UACljxsklciohndxosgu.dll
c:\windows\system32\UACrnppfthxnvqexjxxd.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
S:\autorun.inf

----- BITS: Possible infected sites -----

hxxp://download.esd.intuit.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UNVSAEM


((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 06:06 . 2009-07-19 06:06 66048 ----a-w- c:\windows\system32\drivers\geyekrnmtakvsc.sys
2009-07-19 06:00 . 2009-07-19 06:00 65536 ----a-w- c:\windows\system32\drivers\geyekrethxvrgr.sys
2009-07-18 21:33 . 2009-07-18 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-07-18 17:36 . 2009-07-19 06:09 180690 ----a-w- c:\windows\system32\wisdstr.exe
2009-07-18 08:21 . 2009-07-18 08:21 65536 ----a-w- c:\windows\system32\drivers\geyekrrtqlrdym.sys
2009-07-18 07:02 . 2009-07-18 07:02 65536 ----a-w- c:\windows\system32\drivers\geyekrakmxcvgq.sys
2009-07-17 06:09 . 2009-07-17 06:09 67072 ----a-w- c:\windows\system32\drivers\geyekreyiwmrkq.sys
2009-06-20 03:00 . 2009-06-20 03:00 -------- d-----w- c:\program files\Yamaha

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 06:34 . 2009-03-20 00:28 -------- d-----w- c:\program files\Steam
2009-07-18 07:02 . 2007-12-11 01:31 -------- d-----w- c:\documents and settings\jb\Application Data\uTorrent
2009-07-17 05:51 . 2009-07-17 05:51 1063450 ----a-w- c:\windows\system32\rn.tmp
2009-07-16 05:58 . 2008-06-23 04:50 -------- d-----w- c:\documents and settings\jb\Application Data\Vso
2009-07-15 01:00 . 2008-01-22 09:47 -------- d-----w- c:\documents and settings\jb\Application Data\dvdcss
2009-07-08 05:00 . 2009-03-06 00:46 -------- d-----w- c:\documents and settings\jb\Application Data\Mp3 Audio Editor
2009-07-06 23:07 . 2009-06-19 23:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 23:07 . 2009-06-19 23:06 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 23:07 . 2009-06-19 23:06 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-20 03:07 . 2007-12-09 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 23:05 . 2007-12-23 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-29 23:06 . 2009-05-29 23:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 23:06 . 2009-03-14 00:56 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-24 23:06 . 2009-04-24 23:06 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 23:06 . 2009-03-13 23:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-13 02:26 . 2009-06-06 01:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-01-23 16:13 . 2008-01-23 16:12 24 --sh--w- c:\windows\S32D69F29.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"NoteZilla"="c:\program files\Conceptworld\NoteZilla\NoteZilla.exe" [2009-01-14 2707456]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-18 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-11-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\jb\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-7-6 547840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/13/2009 7:06 PM 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/9/2007 9:15 AM 17920]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/1/2009 3:03 PM 266240]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/24/2009 3:09 AM 210216]
S2 unvsaem;unvsaem;\??\c:\windows\system32\drivers\cqwfedgrfivivmm.sys --> c:\windows\system32\drivers\cqwfedgrfivivmm.sys [?]
S3 shspusb;Samsung High Speed USB Driver;c:\windows\system32\drivers\HSPUSB.sys [12/27/2007 3:06 AM 21282]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [10/14/2002 2:40 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [10/14/2002 2:40 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:06]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-QNPlus - (no file)
HKLM-Run-TimeBell - c:\program files\TimeBell1.6\timebell.exe

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC19th July 2009, 6:47 am

more_horiz
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\jb\Application Data\Mozilla\Firefox\Profiles\84si3lty.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 02:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TimeBell = c:\program files\TimeBell1.6\timebell.exe??????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AC62AA01-2C96-EE3F-5A75-692C6AC25CEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4614D68-DB62-EFB5-5000-8CB5D7EA95A0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,56,8d,b2,af,f6,
d9,b3,89,c8,28,51,af,b0,29,a3,98,2c,b8,05,3a,d7,f4,db,fa,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6c,51,17,5e,e6,
90,16,5e,71,3b,04,66,8b,46,0d,96,4f,91,41,8a,66,99,e9,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a7,ad,9d,22,73,
56,9c,5d,25,da,ec,7e,55,20,c9,26,95,0c,dd,83,80,ac,b9,ce,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,8e,bd,d4,8b,b0,
58,13,49,3e,1e,9e,e0,57,5a,93,61,e6,12,b0,fb,09,48,55,06,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d3,ea,7d,37,78,
29,0a,f1,cd,44,cd,b9,a6,33,6c,cd,33,a1,84,ae,c8,e9,e1,46,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,af,fa,b1,9b,63,
cc,11,f3,b0,18,ed,a7,3f,8d,37,a4,18,4f,83,e1,52,40,cc,cd,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a5,61,c0,79,e4,
ac,d2,c1,31,77,e1,ba,b1,f8,68,02,f6,b7,2d,bf,79,eb,e8,43,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,16,67,70,39,79,
8b,38,c7,83,6c,56,8b,a0,85,96,ab,49,56,70,23,ac,51,fb,85,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,8a,69,08,81,99,
56,26,b1,51,fa,6e,91,28,9e,14,cc,5b,2c,c9,6c,b4,2d,79,7e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,2e,9d,ba,ff,3b,
9d,cb,3f,b1,cd,45,5a,a8,c4,f8,b9,12,5a,9b,1f,7e,c2,08,e9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,dc,04,6c,76,77,
5b,4b,b6,e3,0e,66,d5,eb,bc,2f,6b,ee,65,5a,99,9c,22,51,9b,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,3d,fd,1e,00,43,
60,cf,82,fa,ea,66,7f,d4,3b,6b,70,8f,a5,f7,1d,c4,09,5a,77,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3560)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\McAfee\MSC\mcregist.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\MSC\mcoemmgr.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MSK\mskagent.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-19 2:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 06:40
ComboFix2.txt 2008-12-08 03:35

Pre-Run: 46,990,614,528 bytes free
Post-Run: 47,348,609,024 bytes free

286 --- E O F --- 2009-03-15 06:03

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC19th July 2009, 7:13 pm

more_horiz
Now open a new notepad file.
Input this into the notepad file:

Rookit::
c:\windows\system32\drivers\geyekrnmtakvsc.sys
c:\windows\system32\drivers\geyekrethxvrgr.sys
c:\windows\system32\drivers\geyekrrtqlrdym.sys
c:\windows\system32\drivers\geyekrakmxcvgq.sys
c:\windows\system32\drivers\geyekreyiwmrkq.sys

File::
c:\windows\system32\wisdstr.exe
c:\windows\S32D69F29.tmp

Folder::
c:\documents and settings\jb\Application Data\uTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=-

Driver::
unvsaem


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Strange occurences affecting my PC Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Strange occurences affecting my PC 2wg6fte

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC20th July 2009, 3:12 am

more_horiz
ComboFix 09-07-19.04 - jb 07/19/2009 22:48.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1370 [GMT -4:00]
Running from: c:\documents and settings\jb\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\jb\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\S32D69F29.tmp"
"c:\windows\system32\wisdstr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jb\Application Data\uTorrent
c:\documents and settings\jb\Application Data\uTorrent\10000 cd keys www.monkeys.webb.se.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\2007 Hottest 100.torrent
c:\documents and settings\jb\Application Data\uTorrent\2007 Sweeney Todd Official Movie Wallpapers -Legal-Ups.torrent
c:\documents and settings\jb\Application Data\uTorrent\27 Dresses TS XVID - Stuffies.torrent
c:\documents and settings\jb\Application Data\uTorrent\American.Gangster.UNRATED.DVDR-Replica.torrent
c:\documents and settings\jb\Application Data\uTorrent\amrickiwhite_FULL.wmv.torrent
c:\documents and settings\jb\Application Data\uTorrent\AnyDVD & AnyDVD HD 6.3.0.3 - Final.torrent
c:\documents and settings\jb\Application Data\uTorrent\Apple.QuickTime.Pro.v7.4.1.14.Multilingual.Regged-ViRiLiTY.torrent
c:\documents and settings\jb\Application Data\uTorrent\Beetlejuice.1998.Xvid.NeRoZ.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Birdman-5_Star_Stunna-(RapGodFathers.com).torrent
c:\documents and settings\jb\Application Data\uTorrent\Cops Doubleheader~ Too Hot For Fox-Xtreme.torrent
c:\documents and settings\jb\Application Data\uTorrent\Daft_Punk_-_Alive_2007__Deluxe_Edition-Promo-CD-2007-by-Caizzii.info.torrent
c:\documents and settings\jb\Application Data\uTorrent\dht.dat
c:\documents and settings\jb\Application Data\uTorrent\dht.dat.old
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.S06E05.Vomit.Island.Workers.WS.DSR.XviD-OMiCRON.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.S06E09.Special.Effects.Artist.DSR.XviD-iHT.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.S06E12.Creepy.Slimy.And.Just.Plain.Weird.DSR.XviD-iHT.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dirty.Jobs.Special.150th.Dirty.Job.WS.DSR.XviD-K4RM4.torrent
c:\documents and settings\jb\Application Data\uTorrent\Discovered - A collection of Daft Punk Samples.torrent
c:\documents and settings\jb\Application Data\uTorrent\Dragon Wars[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\jb\Application Data\uTorrent\Drawn Together Complete Seasons 1&2.torrent
c:\documents and settings\jb\Application Data\uTorrent\Drawn Together.torrent
c:\documents and settings\jb\Application Data\uTorrent\DVD Shrink v3.2.0.15 -LegalTorrents.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family Guy - 102 - Padre De Familia {C_P}.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family Guy - 97 - It Takes a Village Idiot, and I Married One {C_P}.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family Guy Season 7(6) Episode 1 (99) RMVB.torrent
c:\documents and settings\jb\Application Data\uTorrent\Family.Guy.S06E08.PDTV.XviD-0TV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\fff-ea162.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\Fifth.Gear.S13E03.WS.PDTV.XviD-RiVER.torrent
c:\documents and settings\jb\Application Data\uTorrent\Finger Eleven - Them Vs You Vs Me.torrent
c:\documents and settings\jb\Application Data\uTorrent\frisky dingo.torrent
c:\documents and settings\jb\Application Data\uTorrent\Futurama.Benders.Big.Score.XViD.DVDRiP-ANiVCD.torrent
c:\documents and settings\jb\Application Data\uTorrent\Gorillaz - D-Sides (2007) - Pop Easy CD RIP [128kbps].torrent.torrent
c:\documents and settings\jb\Application Data\uTorrent\History Channel - Ku Klux Klan, A Secret History (1998.TVRip.SoS).1.torrent
c:\documents and settings\jb\Application Data\uTorrent\History Channel - Ku Klux Klan, A Secret History (1998.TVRip.SoS).torrent
c:\documents and settings\jb\Application Data\uTorrent\History_Channel_-_The_Russian_Mafia.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\I.Think.I.Love.My.Wife[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\jb\Application Data\uTorrent\I.Want.Someone.To.Eat.Cheese.With.2006.LIMITED.DVDRip.XviD-RiZLA.torrent
c:\documents and settings\jb\Application Data\uTorrent\intervention.s04e04.pdtv.xvid-crimson.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Its Always Sunny In Philadelphia.torrent
c:\documents and settings\jb\Application Data\uTorrent\Its.Always.Sunny.in.Philadelphia.S03E01.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Its.Always.Sunny.in.Philadelphia.S03E02.DSR.XviD-NoTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Lost.S04E02.HDTV.XviD-2HD.torrent
c:\documents and settings\jb\Application Data\uTorrent\MADtv.S12E13.PDTV.XViD-SiTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\MadTV.S13E10.PDTV.XviD-2HD.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\MagicIso 5.3b221 + Crack.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\Michael_Jackson-Thriller_(25th_Anniversary_Edition)-2008-OLDSCHOOL.torrent
c:\documents and settings\jb\Application Data\uTorrent\Microsoft Office 2007 Complete DVD + Serial.torrent
c:\documents and settings\jb\Application Data\uTorrent\Money.Talks.1997.PROPER.DVDRip.XviD-DVDiSO.torrent
c:\documents and settings\jb\Application Data\uTorrent\Nip.Tuck.S05E12.DSR.XviD-0TV.torrent
c:\documents and settings\jb\Application Data\uTorrent\Norton Antivirus 2007 + keygen.torrent
c:\documents and settings\jb\Application Data\uTorrent\Older.And.Horny.10.XviD-SPiCE.torrent
c:\documents and settings\jb\Application Data\uTorrent\Payback.1999.Directors.Cut.DVDRip.XviD-FRAGMENT.torrent
c:\documents and settings\jb\Application Data\uTorrent\Pretty.Baby.torrent
c:\documents and settings\jb\Application Data\uTorrent\PrimeCups.e86.darina.mp4.iPod.torrent
c:\documents and settings\jb\Application Data\uTorrent\Prison.Break.S03E11.HDTV.XviD-XOR.torrent
c:\documents and settings\jb\Application Data\uTorrent\Quicken Home and Business 2008 Full CD.torrent
c:\documents and settings\jb\Application Data\uTorrent\Real Genius (+Extras).torrent
c:\documents and settings\jb\Application Data\uTorrent\reno.911.s05e01.dsr.xvid-0tv.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\resume.dat
c:\documents and settings\jb\Application Data\uTorrent\resume.dat.1.bad
c:\documents and settings\jb\Application Data\uTorrent\resume.dat.old
c:\documents and settings\jb\Application Data\uTorrent\RHM-Pack 7.torrent
c:\documents and settings\jb\Application Data\uTorrent\rss.dat
c:\documents and settings\jb\Application Data\uTorrent\rss.dat.old
c:\documents and settings\jb\Application Data\uTorrent\Series 7.torrent
c:\documents and settings\jb\Application Data\uTorrent\settings.dat
c:\documents and settings\jb\Application Data\uTorrent\settings.dat.old
c:\documents and settings\jb\Application Data\uTorrent\skunkriley2.torrent
c:\documents and settings\jb\Application Data\uTorrent\Sophos Antiv-Virus v7.0 2007 XP or VISTA 32&64bit-iNT.FTS.torrent
c:\documents and settings\jb\Application Data\uTorrent\South Park OST.torrent
c:\documents and settings\jb\Application Data\uTorrent\Squidbillies S1 Complete.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved Episode 6.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E01.DSR.XviD-TCM.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E02.DSR.XviD-LOKi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E03.DigiRip.XviD-BamVCD.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E04.DSR.XviD-TCM.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E05.DSR.XviD-LOKi.torrent
c:\documents and settings\jb\Application Data\uTorrent\Starved.S01E07.DSR.XviD.PROPER-CRiMSON.torrent
c:\documents and settings\jb\Application Data\uTorrent\Strange.Wilderness.CAM.XviD-JJxvid.torrent
c:\documents and settings\jb\Application Data\uTorrent\Super.Mario.Bros.1993.WS.DVDRip.XviD.iNT-EwDp.torrent
c:\documents and settings\jb\Application Data\uTorrent\Sweeney.Todd.The.Demon.Barber.Of.Fleet.Street.DVD.SCREENER.DVDR-DREAMLiGHT.torrent
c:\documents and settings\jb\Application Data\uTorrent\Talladega.Nights.UNRATED.DVDRip.XviD-LMG.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Adventures of Pete & Pete - Season 1.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Adventures of Pete and Pete Season 1.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Boondocks - S02E04 - The Return of Stinkmeaner.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Wire S05E06.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\THE WIRE S5 EP7.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\THE WIRE S5E2.rar.torrent
c:\documents and settings\jb\Application Data\uTorrent\The Wire_S5E05.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Apprentice.S07E06.PDTV.XviD-STFU.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Boondocks.S02E11.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Goonies.1985.iNTERNAL.DVDRip.XviD-CULTXviD.torrent
c:\documents and settings\jb\Application Data\uTorrent\the.wire.s05.e04-rrt.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Wire.S05E01.PDTV.XviD-NoTV.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\The.Wire.S05E03.TVRip.XviD-MiNT.avi.torrent
c:\documents and settings\jb\Application Data\uTorrent\ubuntu-7.10-alternate-i386.iso.torrent
c:\documents and settings\jb\Application Data\uTorrent\utorrent.lng
c:\documents and settings\jb\Application Data\uTorrent\VA-Galactik_Beat_Presents_Hip-Hop_Instrumentals_Vol_1-2008-H5N1.torrent
c:\documents and settings\jb\Application Data\uTorrent\VA-History_Of_Dance_14_The_House_Edition_Top_100-5CD-2007-WRE.torrent
c:\documents and settings\jb\Application Data\uTorrent\Walk.Hard.The.Dewey.Cox.Story.DVDScr.XViD.mVs.torrent
c:\documents and settings\jb\Application Data\uTorrent\War of the Worlds.iso.torrent
c:\documents and settings\jb\Application Data\uTorrent\Xilisoft Video Converter 3.1.50.0104b.torrent
c:\windows\S32D69F29.tmp
c:\windows\system32\drivers\geyekrakmxcvgq.sys
c:\windows\system32\drivers\geyekrethxvrgr.sys
c:\windows\system32\drivers\geyekreyiwmrkq.sys
c:\windows\system32\drivers\geyekrnmtakvsc.sys
c:\windows\system32\drivers\geyekrrtqlrdym.sys
c:\windows\system32\wisdstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_unvsaem


((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-18 21:33 . 2009-07-18 21:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-06-20 03:00 . 2009-06-20 03:00 -------- d-----w- c:\program files\Yamaha

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 02:57 . 2009-03-20 00:28 -------- d-----w- c:\program files\Steam
2009-07-17 05:51 . 2009-07-17 05:51 1063450 ----a-w- c:\windows\system32\rn.tmp
2009-07-16 05:58 . 2008-06-23 04:50 -------- d-----w- c:\documents and settings\jb\Application Data\Vso
2009-07-15 01:00 . 2008-01-22 09:47 -------- d-----w- c:\documents and settings\jb\Application Data\dvdcss
2009-07-08 05:00 . 2009-03-06 00:46 -------- d-----w- c:\documents and settings\jb\Application Data\Mp3 Audio Editor
2009-07-06 23:07 . 2009-06-19 23:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 23:07 . 2009-06-19 23:06 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 23:07 . 2009-06-19 23:06 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-20 03:07 . 2007-12-09 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 23:05 . 2007-12-23 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-29 23:06 . 2009-05-29 23:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-29 23:06 . 2009-03-14 00:56 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-24 23:06 . 2009-04-24 23:06 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-24 23:06 . 2009-03-13 23:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-13 02:26 . 2009-06-06 01:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-19_06.34.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-20 02:57 . 2009-07-20 02:57 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
+ 2006-02-28 12:00 . 2009-07-19 06:37 63528 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2009-07-19 06:12 63528 c:\windows\system32\perfc009.dat
+ 2007-12-08 18:02 . 2009-07-19 23:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-08 18:02 . 2009-07-19 06:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-08 18:02 . 2009-07-19 23:27 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-12-08 18:02 . 2009-07-19 06:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-02-28 12:00 . 2009-07-19 06:37 406328 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2009-07-19 06:12 406328 c:\windows\system32\perfh009.dat

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC20th July 2009, 3:13 am

more_horiz
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]
"NoteZilla"="c:\program files\Conceptworld\NoteZilla\NoteZilla.exe" [2009-01-14 2707456]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-18 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-04 210240]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-29 520024]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-11-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]

c:\documents and settings\jb\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-7-6 547840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/13/2009 7:06 PM 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [12/9/2007 9:15 AM 17920]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [3/1/2009 3:03 PM 266240]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/24/2009 3:09 AM 210216]
S3 shspusb;Samsung High Speed USB Driver;c:\windows\system32\drivers\HSPUSB.sys [12/27/2007 3:06 AM 21282]
S3 tj2knd5;Terayon Cable Modem (NDIS);c:\windows\system32\drivers\tj2knd5.sys [10/14/2002 2:40 PM 17616]
S3 tj2kunic;Terayon Cable Modem (WDM);c:\windows\system32\drivers\tj2kunic.sys [10/14/2002 2:40 PM 69680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:06]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\jb\Application Data\Mozilla\Firefox\Profiles\84si3lty.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 22:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AC62AA01-2C96-EE3F-5A75-692C6AC25CEB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1644491937-1708537768-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D4614D68-DB62-EFB5-5000-8CB5D7EA95A0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,56,8d,b2,af,f6,
d9,b3,89,c8,28,51,af,b0,29,a3,98,2c,b8,05,3a,d7,f4,db,fa,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,6c,51,17,5e,e6,
90,16,5e,71,3b,04,66,8b,46,0d,96,4f,91,41,8a,66,99,e9,2f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a7,ad,9d,22,73,
56,9c,5d,25,da,ec,7e,55,20,c9,26,95,0c,dd,83,80,ac,b9,ce,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,8e,bd,d4,8b,b0,
58,13,49,3e,1e,9e,e0,57,5a,93,61,e6,12,b0,fb,09,48,55,06,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d3,ea,7d,37,78,
29,0a,f1,cd,44,cd,b9,a6,33,6c,cd,33,a1,84,ae,c8,e9,e1,46,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,af,fa,b1,9b,63,
cc,11,f3,b0,18,ed,a7,3f,8d,37,a4,18,4f,83,e1,52,40,cc,cd,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a5,61,c0,79,e4,
ac,d2,c1,31,77,e1,ba,b1,f8,68,02,f6,b7,2d,bf,79,eb,e8,43,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,16,67,70,39,79,
8b,38,c7,83,6c,56,8b,a0,85,96,ab,49,56,70,23,ac,51,fb,85,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,8a,69,08,81,99,
56,26,b1,51,fa,6e,91,28,9e,14,cc,5b,2c,c9,6c,b4,2d,79,7e,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,2e,9d,ba,ff,3b,
9d,cb,3f,b1,cd,45,5a,a8,c4,f8,b9,12,5a,9b,1f,7e,c2,08,e9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,dc,04,6c,76,77,
5b,4b,b6,e3,0e,66,d5,eb,bc,2f,6b,ee,65,5a,99,9c,22,51,9b,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,3d,fd,1e,00,43,
60,cf,82,fa,ea,66,7f,d4,3b,6b,70,8f,a5,f7,1d,c4,09,5a,77,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2852)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MSC\mcregist.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-07-20 23:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-20 03:04
ComboFix2.txt 2009-07-19 06:40
ComboFix3.txt 2008-12-08 03:35

Pre-Run: 47,418,818,560 bytes free
Post-Run: 47,362,367,488 bytes free

421 --- E O F --- 2009-03-15 06:03

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC20th July 2009, 4:23 pm

more_horiz
Just a leftover:

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\rn.tmp



Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Strange occurences affecting my PC Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................

While my help is always free, please consider donating to keep this site alive: Donate

Strange occurences affecting my PC 2wg6fte

descriptionStrange occurences affecting my PC EmptyRe: Strange occurences affecting my PC

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum