Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Newb Needs Help!


  • This topic is locked This topic is locked
5 replies to this topic

#1 newbreed424

newbreed424

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 15 February 2008 - 06:18 PM

I ran combofix, things appear to be working great. I do not want to turn my computer off in fear that my computer will revert to its previous state. I can still see a recognized virus file "pmkhf.dll" and "pmkhf.dll.vir" in my system32 folder. Though they do not appear to be active, I do not want to make any moves until advised by a someone with a higher knowledge. Below is my .txt output file created by combofix. Please help! NEED TO SLEEP!!!

+++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 08-02-15.2 - Chris 2008-02-15 4:41:11.1 - NTFSx86
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Chris\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Chris\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Chris\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Chris\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule12.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\trgts.gz
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\anwwljuc.ini
C:\WINDOWS\system32\btizkviu.dllbox
C:\WINDOWS\system32\bwppfdtm.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\flxsqsno.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ohqpvixa.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pyrpsegw.dllbox
C:\WINDOWS\system32\quheagdn.ini
C:\WINDOWS\system32\rkskjkqc.ini
C:\WINDOWS\system32\utgdnjoz.dllbox
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\vp4
C:\WINDOWS\system32\vwzcwopg.dllbox
C:\WINDOWS\system32\zb2
C:\WINDOWS\system32\zhvsrhzo.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 07:01 . 2008-02-15 07:25 233,999 --ahs---- C:\WINDOWS\system32\fhkmp.ini2
2008-02-15 06:57 . 2008-02-15 07:26 234,120 --ahs---- C:\WINDOWS\system32\fhkmp.ini
2008-02-15 06:03 . 2008-02-15 06:03 334,336 --a------ C:\WINDOWS\system32\pmkhf.dll.vir
2008-02-11 21:46 . 2008-02-13 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-11 21:44 . 2008-02-11 21:45 <DIR> d-------- C:\Program Files\Security Task Manager
2008-02-11 16:50 . 2008-02-11 16:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 16:50 . 2008-02-11 16:51 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-10 17:34 . 2008-02-10 17:34 15 --a------ C:\WINDOWS\system32\440da508
2008-02-10 01:23 . 2008-02-10 01:24 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\MailFrontier
2008-02-09 05:09 . 2008-02-09 12:33 512 --a------ C:\ScanSectorLog.dat
2008-02-09 04:51 . 2008-02-15 07:19 5,367,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 04:51 . 2008-02-15 06:42 72,884 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-09 04:41 . 2008-02-09 04:41 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-09 04:41 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-09 04:41 . 2008-02-15 06:56 355,091 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-09 04:41 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-08 18:05 . 2008-02-10 01:22 1,998,259 --ahs---- C:\WINDOWS\system32\stysuywr.ini
2008-02-07 01:46 . 2008-02-07 01:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-06 18:02 . 2008-02-06 18:07 <DIR> d-------- C:\Program Files\Macromedia
2008-02-06 18:02 . 2008-02-06 18:11 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-02-05 01:24 . 2008-02-08 18:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 01:24 . 2008-02-05 01:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 02:26 . 2008-02-04 02:26 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-04 02:26 . 2008-02-04 02:26 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-02-02 03:00 . 2008-02-09 17:56 49 --a------ C:\WINDOWS\BM473e841a.xml
2008-02-02 03:00 . 2008-02-10 01:23 22 --a------ C:\WINDOWS\pskt.ini
2008-01-31 19:47 . 2008-01-31 19:47 334,336 --a------ C:\WINDOWS\system32\pmkhf.dll
2008-01-31 19:46 . 2008-01-31 19:46 <DIR> d-------- C:\Program Files\RcvSystem
2008-01-31 17:15 . 2004-12-14 11:07 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-31 17:15 . 2004-12-14 11:07 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-31 17:07 . 2004-12-14 11:07 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-01-31 17:07 . 2004-12-14 11:07 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-29 19:19 . 2008-01-29 19:20 <DIR> d-------- C:\Program Files\WinPcap
2008-01-29 18:55 . 2008-01-29 20:50 <DIR> d-------- C:\Program Files\WMR11
2008-01-29 18:09 . 2008-01-29 18:23 <DIR> d-------- C:\Program Files\GetASFStream
2008-01-28 22:41 . 2008-01-28 22:41 0 --a------ C:\Documents and Settings\Chris\reset.cmd
2008-01-28 22:38 . 2008-01-28 22:38 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-01-28 22:10 . 2008-01-11 17:39 145,408 --a------ C:\WINDOWS\system32\ZuneMTPZ.dll
2008-01-28 22:10 . 2008-01-11 17:39 70,656 --a------ C:\WINDOWS\system32\ZuneIpTransport.dll
2008-01-28 22:10 . 2008-01-11 17:39 62,464 --a------ C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-01-28 22:10 . 2008-01-11 17:39 35,840 --a------ C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-01-28 22:07 . 2008-01-28 22:22 <DIR> d-------- C:\bcaff7368770197470fc1cb5c1
2008-01-26 10:46 . 2008-01-26 10:46 270,698 --a------ C:\WINDOWS\system32\L9AF7.tmp
2008-01-26 10:46 . 2008-01-26 10:46 181,965 --a------ C:\WINDOWS\system32\L47FE.tmp
2008-01-19 05:25 . 2008-01-19 05:31 <DIR> d-------- C:\Program Files\ICOO Loader
2008-01-18 19:12 . 2008-01-18 19:12 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-18 18:01 . 2008-01-18 18:01 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-18 17:55 . 2008-01-18 18:02 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-18 17:45 . 2008-01-28 22:10 <DIR> d-------- C:\Program Files\Zune
2008-01-18 15:01 . 2008-01-18 15:01 <DIR> d-------- C:\e48b2fd84beff9728b9bf0e9a4
2008-01-18 14:37 . 2008-01-18 14:50 <DIR> d-------- C:\Program Files\PConPoint
2008-01-18 14:33 . 2008-01-18 14:35 <DIR> d-------- C:\Program Files\WhatsRunning
2008-01-16 15:14 . 2008-01-16 15:14 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\acccore
2008-01-16 15:07 . 2008-01-16 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-16 15:00 . 2008-01-16 15:13 449 --ah----- C:\IPH.PH
2008-01-16 14:21 . 2008-02-13 22:57 3,507 --a------ C:\rollback.ini
2008-01-16 09:09 . 2008-01-16 09:09 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Uniblue
2008-01-16 08:56 . 2008-01-16 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-16 08:56 . 2008-02-15 03:04 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-01-16 08:54 . 2008-02-11 20:17 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 11:44 2,655,452 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-15 11:42 2,897,408 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-15 11:42 2,074,624 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-14 02:13 2,042,368 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-14 02:13 1,357,824 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-13 23:42 1,249,792 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-13 00:45 616,448 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-13 00:45 2,038,272 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-12 23:33 329,728 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-12 23:33 2,036,224 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-12 22:58 307,200 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-12 22:27 2,038,272 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-12 22:27 1,492,992 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-12 11:20 2,036,224 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-12 11:20 1,225,728 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-12 09:02 2,884,096 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-12 00:47 2,922,496 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-11 02:26 1,261,056 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-11 00:23 1,883,648 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-11 00:23 1,060,352 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-10 22:25 719,360 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-10 09:09 3,006,976 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-10 09:09 1,881,600 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-09 20:55 --------- d-----w C:\Program Files\UltimateBet
2008-02-09 09:10 --------- d-----w C:\Program Files\FileZilla
2008-02-09 09:10 --------- d-----w C:\Program Files\eMule
2008-02-09 09:08 --------- d-----w C:\Program Files\AIM
2008-02-09 09:08 --------- d-----w C:\Documents and Settings\Chris\Application Data\Aim
2008-02-04 21:16 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2008-01-18 14:30 --------- d-----w C:\Program Files\palmOne
2008-01-17 19:28 --------- d-----w C:\Program Files\Lexmark X6100 Series
2008-01-16 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-16 20:12 --------- d-----w C:\Program Files\Viewpoint
2008-01-16 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-15 21:18 --------- d-----w C:\Program Files\BitComet
2008-01-13 07:45 --------- d-----w C:\Documents and Settings\Chris\Application Data\Webshots
2008-01-12 10:34 --------- d-----w C:\Documents and Settings\Chris\Application Data\Ahead
2008-01-11 22:54 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-01-11 22:54 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 22:39 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-01-10 02:33 95,312 ----a-w C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2007-12-27 10:01 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-26 09:14 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-26 07:34 --------- d-----w C:\Program Files\DIFX
2007-12-26 07:33 --------- d-----w C:\Program Files\Common Files\ComponentOne
2007-12-26 06:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-26 06:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-26 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2007-12-26 04:59 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-26 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-26 04:56 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-26 04:52 --------- d-----w C:\Program Files\Nero
2007-12-26 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 05:27 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-17 04:23 9,655,296 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-12-16 21:06 --------- d-----w C:\Program Files\WinCustomize
2007-12-16 20:48 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-16 20:47 --------- d-----w C:\Program Files\Stardock
2007-12-15 18:42 --------- d-----w C:\Program Files\DivX
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-30 23:16 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2006-10-17 19:28 55,998 ----a-w C:\WINDOWS\Cursors\SNF.zip
2006-10-17 19:22 90,329 ----a-w C:\WINDOWS\Cursors\DLS\a\125643.zip
2006-10-17 19:22 8,189 ----a-w C:\WINDOWS\Cursors\DLS\a\114243.zip
2006-10-17 19:22 27,967 ----a-w C:\WINDOWS\Cursors\DLS\a\124572.zip
2006-10-17 19:21 43,153 ----a-w C:\WINDOWS\Cursors\DLS\a\116008.zip
2006-10-17 19:20 47,326 ----a-w C:\WINDOWS\Cursors\DLS\a\119805.zip
2006-10-17 19:19 56,087 ----a-w C:\WINDOWS\Cursors\DLS\a\105945.zip
2006-10-17 19:17 52,337 ----a-w C:\WINDOWS\Cursors\DLS\a\158949.zip
2006-10-17 19:17 34,366 ----a-w C:\WINDOWS\Cursors\DLS\a\104278.zip
2006-10-17 19:17 143,789 ----a-w C:\WINDOWS\Cursors\DLS\a\103645.zip
2006-10-17 19:16 55,937 ----a-w C:\WINDOWS\Cursors\DLS\a\160073.zip
2006-10-17 19:12 60,999 ----a-w C:\WINDOWS\Cursors\DLS\a\161605(2).zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\DLS\a\161605.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\Copy of 161605.cur.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\161605\161605.cur.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\161605.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\161605.cur.zip
2005-10-28 00:23 27,206 ----a-w C:\WINDOWS\Cursors\124572\blackhawk.exe
2007-10-11 01:06 6,465 --sha-w C:\WINDOWS\system32\vvwxx.bak1
2007-10-24 17:03 410,596 --sha-w C:\WINDOWS\system32\vvwxx.bak2
2007-10-24 18:56 311,601 --sha-w C:\WINDOWS\system32\vvwxx.ini2
.
Files Infected - Win32.Agent.zb
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAFA9AB0-0BEC-49FB-A409-3278B1CB511B}]
2008-01-31 19:47 334336 --a------ C:\WINDOWS\system32\pmkhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SysRestore"="C:\DOCUME~1\Chris\LOCALS~1\Temp\tmp57.tmp.exe" [ ]
"SfKg6w"="C:\Documents and Settings\Chris\Application Data\Microsoft\Windows\antqsj.exe" [ ]
"QdrPack12"="C:\Program Files\QdrPack\QdrPack12.exe" [ ]
"QdrModule12"="C:\Program Files\QdrModule\QdrModule12.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24 1694208]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]
"DW4"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"Lexmark_X79-55"="C:\WINDOWS\System32\lsasss.exe" [ ]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54 229952]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-10-19 07:59 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-10-19 07:59 126976]
"HostManager"="C:\Program Files\Common Files\AOL\1123874687\EE\AOLHostManager.exe" [ ]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408]
"CARPService"="carpserv.exe" [2002-10-17 10:54 4608 C:\WINDOWS\system32\carpserv.exe]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"BM473e841a"="C:\WINDOWS\system32\iffwxfwc.dll" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 09:36 83544]
"AEIWLSTA.EXE"="AEIWLSTA.exe" [2002-09-23 19:07 214016 C:\WINDOWS\system32\AEIWLSTA.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"440db786"="C:\WINDOWS\system32\rwyusyts.dll" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 02:56 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Win TaskLoader"="msgmr.exe" []
"sysPersonalFirewall"="msnmssgr.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-06-09 13:27:34 471040]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2007-09-30 18:57:51 2367488]
Script execution time was exceeded on script "C:\ComboFix\lnkread.vbs".
Script execution was terminated.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-22 11:41:55 113664]
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe [2005-08-18 16:09:58 1388544]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-02-07 04:34:10 118784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-05-15 21:14:33 24576]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:27:34 471040]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
University at Buffalo VPN Client.lnk - C:\Program Files\UB-VPN\vpngui.exe [2005-05-18 10:16:59 1462104]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Warning homepage

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EE0DBHCJ"= {7C212A2B-2E1C-3D4B-2F29-69FB7C3261BA} - C:\WINDOWS\System32\Obbkoleb.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
"SFCDisable"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\flxsqsno]
flxsqsno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ie4i32]
ie4i32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuuvt]
vtuuuvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 17:06:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 11:47:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 06:57:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\fhkmp.ini2 233999 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\pmkhf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\UB-VPN\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
.
**************************************************************************
.
Completion time: 2008-02-15 10:35:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 15:23:14
.
2008-02-12 21:29:21 --- E O F ---


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Any input is greatly appreciated. Thank you.

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:24 AM

Posted 15 February 2008 - 07:17 PM

Moved to a more appropriate venue.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 JDM2

JDM2

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 16 February 2008 - 01:01 PM

Using Combofix without the advice of a Malware expert could result in serious problems.

#4 newbreed424

newbreed424
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 16 February 2008 - 04:12 PM

I really didnt have any other choices. I talked to numerous IT people on the phone and they have all been unable to help me. They all seem to not care and instructed me to just reformat. This is a process I would very much like to avoid, and have thus spent the last 4 days trying alternate methods to fix it. This was sort of a last resort. Please advise. Thank you.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 AM

Posted 16 February 2008 - 05:09 PM

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Further, you did not follow the required instructions for using ComboFix as its log indicates your machine does not have the Recovery Console installed.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:24 AM

Posted 17 February 2008 - 08:27 AM

I have moved your HijackThis log to the HijackThis Logs and Malware Removal forum. Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users