|
|
media
new user
Reg'd: Fri
Posts: 24
|
Re: Virus & IE Problem
Sat Apr 26 2008 01:42 PM
|
|
|
Report below:
ComboFix 08-04-24.1 - mymelody 2008-04-26 12:29:51.1 - FAT32x86
Running from: C:\Documents and Settings\mymelody\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\rqqsBcfe.ini
C:\WINDOWS\system32\rqqsBcfe.ini2
C:\WINDOWS\system32\xjlorwgw.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.
2008-04-25 18:46 . 2008-04-25 18:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 23:43 . 2008-04-24 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-24 23:42 . 2008-04-24 23:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-24 23:42 . 2008-04-24 23:43 <DIR> d-------- C:\Documents and Settings\mymelody\Application Data\SUPERAntiSpyware.com
2008-04-24 23:05 . 2008-04-24 23:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 23:05 . 2008-04-24 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 23:04 . 2008-04-24 23:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-24 22:26 . 2007-07-16 18:23 101,120 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-04-24 22:26 . 2007-07-16 18:23 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-04-24 21:42 . 2008-04-24 21:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-24 21:24 . 2008-04-24 21:24 <DIR> d-------- C:\Program Files\Opera
2008-04-23 21:59 . 2008-03-01 14:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 21:59 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-23 21:59 . 2007-03-08 06:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-23 21:59 . 2008-03-01 14:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 21:59 . 2008-03-01 14:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 21:59 . 2008-03-01 14:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-23 21:59 . 2008-03-01 14:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 21:59 . 2008-03-01 14:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 21:59 . 2008-02-22 11:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-23 21:23 . 2008-04-23 21:23 <DIR> d--hs---- C:\FOUND.000
2008-04-22 22:40 . 2008-04-22 22:40 <DIR> d-------- C:\Documents and Settings\mymelody\Application Data\Talkback
2008-04-22 22:39 . 2008-04-22 22:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-22 20:25 . 2008-04-22 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 18:38 . 2008-04-22 18:38 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-04-21 21:34 . 2008-04-22 21:00 1,541,392 ---hs---- C:\WINDOWS\system32\wwficrrr.ini
2008-04-21 00:24 . 2008-04-21 00:24 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-20 22:54 . 2008-04-26 12:27 109,815 --a------ C:\WINDOWS\BM5befe715.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 17:16 --------- d-----w C:\Program Files\Golden FTP Server
2008-03-21 13:57 --------- d-----w C:\Documents and Settings\mymelody\Application Data\Canon
2008-03-21 13:55 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-03-21 13:55 --------- d-----w C:\Documents and Settings\mymelody\Application Data\ScanSoft
2008-03-21 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-03-21 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-21 13:53 --------- d-----w C:\Program Files\ScanSoft
2008-03-21 13:52 --------- d-----w C:\Program Files\Common Files\CANON
2008-03-21 13:48 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-03-21 13:45 --------- d--h--w C:\Program Files\CanonBJ
2008-03-21 13:44 --------- d-----w C:\Program Files\Canon
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 11:01 --------- d-----w C:\Program Files\Transparent
2008-03-15 11:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Transparent
2008-03-03 20:07 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-01 21:22 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-01 21:22 --------- d-----w C:\Program Files\Windows Live
2008-03-01 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 17:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:32 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-02-16 09:32 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-16 09:32 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-02-16 09:32 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-14 21:23 39,440 ----a-w C:\Documents and Settings\mymelody\Application Data\GDIPFONTCACHEV1.DAT
2005-07-25 06:41 110,657 ----a-w C:\Program Files\Common Files\UninstallDrv.exe
2002-04-16 10:27 5 --sha-w C:\WINDOWS\system32\CdI5T.drv
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2004-04-20 16:49 40960]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 16:25 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 16:24 688218]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 17:23 15961088 C:\WINDOWS\RTHDCPL.exe]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Program Files\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2005-11-08 10:45 69632]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Program Files\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 12:49 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 22:02 53248]
"MPFExe"="C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE" [2005-04-05 14:41 950272]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2006-07-06 14:34 491520]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 16:01 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 16:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYoMGV]
mlJYoMGV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\MYMELODY\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{639c24dd-83ed-11dc-9926-0016cf42ff88}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5805c18-9add-11dc-994c-0016cf42ff88}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5805c19-9add-11dc-994c-0016cf42ff88}]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5805c1a-9add-11dc-994c-0016cf42ff88}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5805c1b-9add-11dc-994c-0016cf42ff88}]
\Shell\AutoRun\command - F:\VMC_PBStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f85e7940-1244-11dd-9a34-0016cf42ff88}]
\Shell\AutoRun\command - F:\AutoRun.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 12:35:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ADMSERV.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCDETECT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHIELD.EXE
C:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\DOCUME~1\mymelody\LOCALS~1\Temp\RtkBtMnt.exe
C:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\mcafee.com\agent\mcregwiz.exe
.
**************************************************************************
.
Completion time: 2008-04-26 12:40:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-26 11:40:28
Pre-Run: 9,747,234,816 bytes free
Post-Run: 10,240,131,072 bytes free
216 --- E O F --- 2008-04-26 06:57:48
|
|
|
|
0 registered and 17 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
