Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

Need help with my combofix log file

Started by DeanAshford , Aug 09 2009 09:39 AM

  • This topic is locked This topic is locked
1 reply to this topic

#1 DeanAshford

DeanAshford

  • Members
  • 2 posts
  • OFFLINE
    •  
  • Local time:09:02 AM

Posted 09 August 2009 - 09:39 AM

:huh:

This is the log file produced after running combofix.

ComboFix 09-08-08.04 - dean 09/08/2009 15:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.44.1033.18.3053.2010 [GMT 1:00]
Running from: c:\users\dean\Desktop\ComboFix.exe
AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc37B.tmp
c:\users\dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE431.tmp
c:\users\dean\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE95C.tmp
c:\users\dean\AppData\Roaming\inst.exe
c:\users\dean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Rising Antivirus.lnk
c:\windows\Installer\1b36fa.msi
c:\windows\Installer\269d4d1.msi
c:\windows\Installer\2999b9d.msi
c:\windows\system32\drivers\HookSys.sys
c:\windows\system32\drivers\vsfocevowhxcen.sys
c:\windows\system32\vsfocebbemxyxv.dat
c:\windows\system32\vsfoceociqejmm.dll
c:\windows\system32\vsfoceqjvviqnp.dat
c:\windows\system32\vsfocesrooccib.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_vsfocejuvemxrt
-------\Service_vsfocejuvemxrt
-------\Legacy_hooksys
-------\Service_hooksys


((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 14:07 . 2009-08-09 14:09 -------- d-----w- c:\users\dean\AppData\Local\temp
2009-08-09 12:06 . 2009-08-09 12:06 -------- d-----w- c:\users\dean\AppData\Roaming\Desktopicon
2009-08-09 10:33 . 2009-08-09 10:33 -------- d-----w- c:\users\dean\AppData\Local\Cyberlink
2009-08-09 10:28 . 2009-08-09 10:28 -------- d-----w- c:\program files\Common Files\CyberLink
2009-08-09 09:50 . 2009-08-09 10:33 -------- d-----w- c:\progra~3\CyberLink
2009-08-09 09:50 . 2009-08-09 10:05 -------- d-----w- c:\users\Public\CyberLink
2009-08-09 09:50 . 2009-08-09 10:33 -------- d-----w- c:\users\dean\AppData\Roaming\CyberLink
2009-08-09 09:47 . 2009-08-09 09:48 -------- d-----w- c:\progra~3\SmartSound Software Inc
2009-08-09 09:47 . 2009-08-09 09:47 -------- d-----w- c:\program files\SmartSound Software
2009-08-09 09:36 . 2009-08-09 10:27 -------- d-----w- c:\program files\CyberLink
2009-08-09 00:20 . 2009-08-09 00:47 -------- d-----w- c:\users\dean\AppData\Roaming\Faces
2009-08-09 00:18 . 2009-08-09 10:19 47360 ----a-w- c:\users\dean\AppData\Roaming\pcouffin.sys
2009-08-09 00:18 . 2009-08-09 10:19 -------- d-----w- c:\users\dean\AppData\Roaming\Vso
2009-08-09 00:18 . 2009-08-09 00:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-08-08 20:42 . 2009-08-08 20:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-08 20:42 . 2009-08-08 20:42 -------- d-----w- c:\program files\Java
2009-08-08 19:25 . 2009-08-08 19:25 -------- d-----w- c:\users\dean\AppData\Local\Tracker_Checker_2
2009-08-08 19:17 . 2009-08-08 19:17 -------- d-----w- c:\program files\Tracker Checker 2
2009-08-08 10:44 . 2009-08-08 10:44 -------- d-----w- c:\users\dean\AppData\Local\WindowsUpdate
2009-08-08 10:32 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2009-08-07 16:04 . 2009-08-07 16:04 -------- d-----w- c:\progra~3\Yahoo! Companion
2009-08-07 16:02 . 2009-08-07 16:03 -------- d-----w- c:\users\dean\AppData\Roaming\Motive
2009-08-07 16:02 . 2009-08-07 16:08 -------- d-----w- c:\progra~3\Motive
2009-08-07 16:02 . 2009-08-07 16:02 -------- d-----w- c:\program files\Common Files\Motive
2009-08-07 16:02 . 2009-08-07 16:02 -------- d-----w- c:\program files\BT Broadband Desktop Help
2009-08-07 16:02 . 2009-08-07 16:02 -------- d-----w- c:\program files\Citrix
2009-08-07 16:02 . 2009-02-02 09:38 218496 ------w- c:\windows\system32\BTEmailConfig.dll
2009-08-07 16:01 . 2009-08-07 16:02 -------- d-----w- c:\windows\BTV.0000
2009-08-07 16:01 . 2009-08-07 16:01 -------- d-----w- c:\program files\Yahoo!
2009-08-07 16:01 . 2009-08-07 16:01 -------- d-----w- c:\program files\BTHomeHub
2009-08-07 13:42 . 2008-07-28 16:19 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2009-08-07 13:42 . 2009-08-07 13:42 -------- d-----w- c:\program files\MagicDisc
2009-08-07 12:42 . 2009-08-08 11:47 -------- d-----w- C:\UBCD4Win1
2009-08-07 12:34 . 2009-08-07 12:39 -------- d-----w- C:\UBCD4Win
2009-08-07 11:45 . 2009-08-07 11:45 -------- d-----w- c:\program files\MSXML 4.0
2009-08-07 11:43 . 2009-08-07 11:43 -------- d-----w- c:\program files\IDT
2009-08-07 11:43 . 2008-05-06 15:33 212992 ----a-w- c:\windows\system32\stacsv.exe
2009-08-07 11:43 . 2008-05-06 15:31 2072576 ----a-w- c:\windows\system32\stlang.dll
2009-08-07 03:18 . 2004-12-02 17:20 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2009-08-07 03:18 . 2004-08-25 12:53 311296 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2009-08-07 03:18 . 2004-05-20 12:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2009-08-07 02:24 . 2009-08-07 02:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-07 02:24 . 2009-08-07 03:59 -------- d-----w- c:\program files\Winamp
2009-08-07 02:19 . 2009-08-07 02:19 -------- d-----w- c:\users\dean\AppData\Local\Super Internet TV
2009-08-07 02:09 . 2002-07-31 18:55 108 --sh--w- c:\windows\WSYS049.SYS
2009-08-07 02:08 . 2009-08-07 02:08 -------- d-----w- c:\users\dean\AppData\Roaming\CoffeeCup Software
2009-08-07 01:54 . 2004-03-18 16:36 401484 ----a-w- c:\windows\system32\msvcrtd.dll
2009-08-07 01:54 . 2006-01-26 23:56 831776 ----a-w- c:\windows\system32\wodFtpDLX.dll
2009-08-07 01:54 . 2003-10-09 19:10 274976 ----a-w- c:\windows\system32\XceedFtp.dll
2009-08-07 01:54 . 2009-08-07 03:19 -------- d-----w- c:\program files\CoffeeCup Software
2009-08-07 00:51 . 2009-08-07 00:51 -------- d-----w- c:\users\dean\AppData\Roaming\Xilisoft Corporation
2009-08-07 00:39 . 2009-08-09 12:19 -------- d-----w- c:\program files\Easy MPEG AVI DIVX WMV RM to DVD
2009-08-07 00:35 . 2009-08-07 00:35 -------- d-----w- c:\users\dean\AppData\Roaming\AVS4YOU
2009-08-07 00:35 . 2009-08-07 00:35 -------- d-----w- c:\progra~3\AVS4YOU
2009-08-07 00:32 . 2009-08-09 12:18 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-07 00:32 . 2007-02-27 17:36 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-07 00:32 . 2007-02-27 17:36 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-07 00:32 . 2007-02-27 17:36 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-08-07 00:32 . 2009-08-09 12:18 -------- d-----w- c:\program files\AVS4YOU
2009-08-07 00:32 . 2007-02-27 17:36 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2009-08-07 00:32 . 2007-02-27 17:36 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-08-06 19:47 . 2009-08-09 12:53 -------- d-----w- c:\program files\Google
2009-08-06 19:47 . 2009-08-06 19:49 -------- d-----w- c:\users\dean\AppData\Local\Google
2009-08-06 19:46 . 2009-08-06 19:46 -------- d-----w- c:\windows\Google Earth Pro 4.2
2009-08-06 19:14 . 2009-08-06 10:22 -------- d-----w- c:\windows\Panther
2009-08-06 19:00 . 2009-08-06 19:00 -------- d-----w- C:\Windows.old.001
2009-08-06 17:01 . 2009-08-06 17:01 -------- d-----w- c:\users\dean\AppData\Local\Adobe
2009-08-06 17:00 . 2009-08-06 17:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-06 16:58 . 2009-02-12 09:35 38208 ----a-w- c:\users\dean\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-06 16:58 . 2009-08-06 16:58 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-06 16:57 . 2009-08-06 16:57 -------- d-----w- c:\progra~3\NOS
2009-08-06 16:57 . 2009-08-06 16:57 -------- d-----w- c:\program files\NOS
2009-08-06 16:32 . 2009-08-06 16:37 -------- d-----w- c:\program files\ElcomSoft
2009-08-06 15:18 . 2009-08-06 15:18 -------- d-----w- c:\users\dean\AppData\Roaming\GRETECH
2009-08-06 15:15 . 2009-08-06 15:18 -------- d-----w- c:\users\dean\AppData\Roaming\SuperNZB
2009-08-06 14:45 . 2009-08-06 16:43 -------- d-----w- c:\program files\uTorrent Ultra Accelerator
2009-08-06 12:44 . 2009-08-06 12:44 -------- d-----w- c:\windows\Application Data
2009-08-06 12:21 . 2009-08-06 12:21 -------- d-----w- C:\dell
2009-08-06 12:03 . 2009-08-06 12:03 -------- d-----w- c:\program files\GRETECH
2009-08-06 11:53 . 2007-12-24 12:47 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-06 11:53 . 2007-11-29 11:52 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-06 11:53 . 2009-08-06 11:53 -------- d-----w- c:\program files\ffdshow
2009-08-06 11:53 . 2009-08-06 11:53 -------- d-----w- c:\program files\TVersity Codec Pack
2009-08-06 11:52 . 2009-08-06 11:52 -------- d-----w- c:\program files\TVersity
2009-08-06 11:46 . 2009-08-06 11:46 -------- d-----w- c:\windows\system32\Macromed
2009-08-06 11:37 . 2009-08-06 11:37 -------- d-----w- c:\program files\Ahead
2009-08-06 11:37 . 2009-08-06 11:37 -------- d-----w- c:\program files\GoldEsel
2009-08-06 11:37 . 2009-08-09 10:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 11:36 . 2009-08-09 09:46 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-06 11:35 . 2009-08-07 17:02 -------- d-----w- c:\users\dean\AppData\Local\Ahead
2009-08-06 11:33 . 2009-08-06 15:59 -------- d-----w- c:\users\dean\AppData\Roaming\Ahead
2009-08-06 11:33 . 2009-08-06 11:33 -------- d-----w- c:\progra~3\Ahead
2009-08-06 11:31 . 2009-08-06 11:32 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-06 11:31 . 2009-08-06 11:31 -------- d-----w- c:\program files\Nero
2009-08-06 11:31 . 2009-08-06 11:31 -------- d-----w- c:\progra~3\Nero
2009-08-06 11:06 . 2009-08-06 12:41 34160 ----a-w- c:\windows\system32\drivers\HookHelp.sys
2009-08-06 11:06 . 2009-08-06 11:05 17520 ----a-w- c:\windows\system32\drivers\HookCont.sys
2009-08-06 11:06 . 2009-08-06 11:05 238704 ----a-w- c:\windows\system32\bsmain.exe
2009-08-06 11:06 . 2009-08-06 11:05 10832 ----a-w- c:\windows\system32\drivers\RsNTGdi.sys
2009-08-06 11:06 . 2009-08-06 11:05 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-06 11:06 . 2009-08-06 11:05 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-06 11:06 . 2009-08-06 11:05 146032 ----a-w- c:\windows\system32\RavExt.dll
2009-08-06 11:06 . 2009-08-06 11:05 1060864 ----a-w- c:\windows\system32\mfc71.dll
2009-08-06 11:06 . 2009-08-06 11:06 -------- d-----w- c:\program files\Rising
2009-08-06 11:06 . 2009-08-06 11:06 -------- d-----w- c:\progra~3\Rising
2009-08-06 10:56 . 2009-08-06 10:56 -------- d-----w- c:\program files\uTorrent
2009-08-06 10:56 . 2009-08-09 14:05 -------- d-----w- c:\users\dean\AppData\Roaming\uTorrent
2009-08-06 10:49 . 2009-08-06 10:49 -------- d-----w- c:\windows\system32\x64
2009-08-06 10:49 . 2008-02-11 19:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2009-08-06 10:49 . 2006-11-10 15:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2009-08-06 10:47 . 2009-08-06 10:47 -------- d-----w- C:\$WINDOWS.~BT
2009-08-06 10:43 . 2009-08-09 14:07 -------- d-sh--w- c:\windows\Installer
2009-08-06 10:41 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-06 10:41 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-06 10:41 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-06 10:41 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-06 10:41 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-06 10:41 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-06 10:41 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-06 10:36 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-06 10:36 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-06 10:36 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-06 10:36 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-06 10:36 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-06 10:34 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 09:50 . 2009-08-06 10:27 56448 ----a-w- c:\users\dean\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-09 09:47 . 2009-08-09 09:46 -------- d-----w- c:\program files\QuickTime
2009-08-09 09:46 . 2009-08-09 09:46 -------- d-----w- c:\progra~3\Apple Computer
2009-08-08 22:32 . 2009-08-08 22:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-08-08 09:53 . 2009-08-08 09:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-06 11:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-06 11:07 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-06 10:58 . 2009-08-06 10:27 680 ----a-w- c:\users\dean\AppData\Local\d3d9caps.dat
2009-08-06 10:52 . 2009-08-06 10:52 552 ----a-w- c:\users\dean\AppData\Local\d3d8caps.dat
2009-07-18 16:06 . 2009-08-06 10:35 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-08-06 10:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-08-06 10:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-27 21:34 . 2009-06-27 21:34 45280 ----a-w- c:\windows\VerifyKey32.exe
2009-06-15 15:24 . 2009-08-06 10:34 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-08-06 10:34 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-06 10:34 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-08-06 10:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2002-07-31 18:55 . 2009-08-07 02:09 108 --sh--w- c:\windows\WSYS049.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-08-06 288048]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"RavTray"="c:\program files\Rising\Rav\RsTray.exe" [2009-08-06 141936]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-06 409600]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-03-25 1548288]
"btbb_wcm_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe" [2009-03-25 1516032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-08 149280]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-09 282624]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]

c:\users\dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-8-7 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^dean^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^uTorrent Ultra Accelerator.lnk]
path=c:\users\dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uTorrent Ultra Accelerator.lnk
backup=c:\windows\pss\uTorrent Ultra Accelerator.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B6A9425-FCC8-4B66-A4B8-4C3E534D635A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5FB3C2D1-AA12-454C-8379-856B9890EADF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7BDA5889-0E1C-47B5-851F-E6DBD6D9F7BE}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{43FC915D-2255-4582-818A-A1B7C79B760B}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{8C337D1F-9EA6-4455-BE3B-1DD348434E92}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{D1D1EE4F-90BB-4D44-BD93-1CA9FD52FD88}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{82719207-5C09-4038-916F-D4951BEC3211}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0
"{74E8A062-1C45-471F-BA0E-236FAFB1BCA6}"= UDP:c:\windows\System32\ftp.exe:FileTransferProtocol
"{51AD5289-7550-4ED6-80A8-B10E95CB7234}"= TCP:c:\windows\System32\ftp.exe:FileTransferProtocol

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 RsNTGDI;RsNTGDI;c:\windows\System32\drivers\RsNTGdi.sys [06/08/2009 12:06 10832]
R1 hookcont;hookcont;c:\windows\System32\drivers\HookCont.sys [06/08/2009 12:06 17520]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/09 11:28];c:\program files\CyberLink\PowerDVD9\000.fcl [07/05/2009 21:05 87536]
R2 RavTask;Rising RavTask Manager;c:\program files\Rising\Rav\RavTask.exe [06/08/2009 12:06 129648]
S2 RavCCenter;Rav Process Communication Center;c:\program files\Rising\Rav\CCenter.exe [06/08/2009 12:06 113264]
S2 RsRavMon;Rising RealTime Monitor;c:\program files\Rising\Rav\RavMonD.exe [06/08/2009 12:06 262336]
S2 RsScanSrv;Rising Scan Service;c:\program files\Rising\Rav\ScanFrm.exe [06/08/2009 12:06 51824]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [06/08/2009 17:57 66056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TrackerChecker2 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 15:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Rising\Rav\RsStub.exe
c:\program files\Rising\Rav\rsnetsvr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\stacsv.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-09 15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 14:14

Pre-Run: 243,295,309,824 bytes free
Post-Run: 246,456,094,720 bytes free

310 --- E O F --- 2009-08-09 12:24

BC AdBot (Login to Remove)

 

#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,565 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:01:02 AM

Posted 09 August 2009 - 12:00 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+
Back to Windows Vista


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Microsoft Windows Support
  3. Windows Vista
  4. Privacy Policy
  5. Rules ·