| jambo1234 |
| (regular) |
| Tue Feb 26 2008 04:40 PM |
Re: can anyone help?
|
thanks for helping here is the log report
ComboFix 08-02-25.3 - User 2008-02-26 16:27:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.856 [GMT 0:00]
Running from: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\MDRJCIMC\ComboFix[1].exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-25 15:55 . 2008-02-25 15:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 16:48 . 2008-02-21 16:48 <DIR> d-------- C:\Documents and Settings\Gee\Application Data\Leadertech
2008-02-18 22:43 . 2008-02-18 22:43 <DIR> dr-h----- C:\Documents and Settings\Gee\Application Data\SecuROM
2008-02-17 14:59 . 2008-02-17 14:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-11 22:31 . 2008-02-11 22:31 <DIR> dr-h----- C:\Documents and Settings\User\Application Data\SecuROM
2008-02-11 22:29 . 2008-02-12 22:31 <DIR> d-------- C:\Program Files\GameShadow
2008-02-10 15:27 . 2008-02-10 15:27 <DIR> d-------- C:\Documents and Settings\User\Application Data\Leadertech
2008-02-10 12:15 . 2008-02-10 15:55 2,359,350 --a------ C:\WINDOWS\wallpaper.bmp
2008-02-07 21:32 . 2008-02-07 21:32 <DIR> d-------- C:\Program Files\Macrogaming
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 14:21 --------- d-----w C:\Program Files\Hearts FC - DNA
2008-02-23 23:33 --------- d-----w C:\Documents and Settings\Gee\Application Data\LimeWire
2008-02-18 23:31 --------- d-----w C:\Program Files\LimeWire
2008-02-18 22:31 --------- d-----w C:\Program Files\Eidos
2008-02-17 14:59 --------- d-----w C:\Program Files\Common Files\Real
2008-02-17 14:58 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-11 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-25 18:37 --------- d-----w C:\Program Files\Virgin Broadband
2008-01-24 21:26 --------- d-----w C:\Program Files\Raxco
2008-01-24 21:26 --------- d-----w C:\Program Files\Common Files\Authentium
2008-01-24 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-01-24 21:25 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-24 21:25 --------- d-----w C:\Program Files\CA
2008-01-24 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Virgin Broadband
2008-01-24 21:20 --------- d-----w C:\Documents and Settings\User\Application Data\InstallShield
2008-01-24 20:13 --------- d-----w C:\Documents and Settings\Gee\Application Data\Virgin Broadband
2008-01-23 20:40 --------- d-----w C:\Documents and Settings\User\Application Data\Virgin Broadband
2008-01-18 10:55 --------- d-----w C:\Program Files\Samsung
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-07-23 14:40 26,511 ----a-w C:\Program Files\system4.exe
2007-05-22 18:51 256,306 ---ha-w C:\WINDOWS\inf\vbrun.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\Program Files\Microsoft Works\WkDetect.exe" [ ]
"Hearts FC - Desktop News Alerts"="C:\Program Files\Hearts FC - DNA\launch.exe" [2006-10-10 09:15 339968]
"msnmsgr"="~C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"eanth_critical_update_alert"="C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2007-09-05 14:10 310000]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [2007-09-05 14:10 13552]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-08-07 18:49 2061552]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-17 14:57 185896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe" [2007-09-05 14:09 61168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
C:\Documents and Settings\Gee\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-07-02 17:07:31 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\System32\adspipe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chckup]
C:\WINDOWS\System32\Netverchk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafe]
C:\Program Files\Error Safe\ERS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSafeFree]
C:\Program Files\ErrorSafe Free\UERS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERScw]
C:\Program Files\Common Files\Error Safe\ERScw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
--a------ 2007-06-22 20:37 124180 C:\WINDOWS\System32\bojhwpuf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-07-26 03:03 49263 C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UERScw]
C:\Program Files\ErrorSafe Free\UERScw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\was6_check]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\was_check]
C:\Program Files\Common Files\Error Safe\startmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NetSvc"=3 (0x3)
"IDriverT"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
S3 Radialpoint Security Services;Virgin Broadband PCguard;C:\WINDOWS\system32\dllhost.exe [2004-08-04 07:56]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 w550bus;Sony Ericsson W550 driver (WDM);C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 15:47]
S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w550mdfl.sys [2005-07-15 15:48]
S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\w550mdm.sys [2005-07-15 15:48]
S3 w550mgmt;Sony Ericsson W550 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\w550mgmt.sys [2005-07-15 15:49]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\w550obex.sys [2005-07-15 15:50]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 08:21:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 16:32:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-26 16:34:22
ComboFix-quarantined-files.txt 2008-02-26 16:34:06
.
2008-02-13 22:17:19 --- E O F ---