Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix By Bleepingcomputer


  • This topic is locked This topic is locked
1 reply to this topic

#1 rsbjr99

rsbjr99

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 05 July 2008 - 09:26 PM

Here is log.txt from my scan on 7/4/08 and I am still having problems with Windows Install & Windows Automatic Update.
I also did Windows Onecare Safety Scanner today per Microsoft technician. But, get error messages before completing.
"Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain stability
Windows must restore the Original versions of these files."

Any ideas as to what I can do ??


ComboFix 08-07-04.1 - Rick Basham 2008-07-04 17:53:05.1 - NTFSx86

Running from: C:\Documents and Settings\Rick Basham\Desktop\combofix3.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMdbd9c0fb.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ahhefmom.ini2
C:\WINDOWS\system32\asaceppf.dll
C:\WINDOWS\system32\b10
C:\WINDOWS\system32\bnvgecrb.dll
C:\WINDOWS\system32\bxxezi.dll
C:\WINDOWS\system32\DKRuCJjl.ini
C:\WINDOWS\system32\DKRuCJjl.ini2
C:\WINDOWS\system32\dNpqYcdd.ini
C:\WINDOWS\system32\dNpqYcdd.ini2
C:\WINDOWS\system32\eawyhdxb.ini
C:\WINDOWS\system32\EfggMnpo.ini
C:\WINDOWS\system32\EfggMnpo.ini2
C:\WINDOWS\system32\HQYJmUtv.ini
C:\WINDOWS\system32\HQYJmUtv.ini2
C:\WINDOWS\system32\iijSYJjl.ini
C:\WINDOWS\system32\iijSYJjl.ini2
C:\WINDOWS\system32\ikvaarxq.dll
C:\WINDOWS\system32\inylds.dll
C:\WINDOWS\system32\jnbbytpb.ini2
C:\WINDOWS\system32\jnbbytpb.tmp
C:\WINDOWS\system32\ljJCuRKD.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qtbjnppc.ini
C:\WINDOWS\system32\sumdwnak.dll
C:\WINDOWS\system32\tenwod.dll
C:\WINDOWS\system32\wmgmypso.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-04 to 2008-07-04 )))))))))))))))))))))))))))))))
.

2008-07-04 10:05 . 2008-07-04 10:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-04 10:05 . 2008-07-04 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 09:46 . 2008-07-04 09:46 <DIR> d-------- C:\Program Files\Auslogics
2008-07-04 09:46 . 2008-07-04 09:46 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\Auslogics
2008-07-03 05:40 . 2008-07-03 05:42 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-07-03 05:40 . 2008-07-03 05:42 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-07-02 17:33 . 2008-07-02 17:34 <DIR> d-------- C:\Documents and Settings\Rick Basham\.aTunes
2008-07-02 06:01 . 2008-07-02 06:01 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Citeknet
2008-07-01 11:04 . 2008-07-01 11:04 <DIR> d-------- C:\Program Files\IEPro
2008-07-01 10:24 . 2008-07-02 09:57 99 --a------ C:\WINDOWS\system32\mhncache.dat
2008-06-30 14:53 . 2008-06-30 15:10 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-29 13:55 . 2008-06-29 13:55 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\J River
2008-06-29 13:37 . 2008-06-29 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrium
2008-06-29 10:01 . 2008-07-02 07:07 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\MiniDm
2008-06-29 09:43 . 2008-06-29 09:44 <DIR> d-------- C:\Program Files\aTunes
2008-06-29 08:27 . 2008-06-29 08:27 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\HouseCall 6.6
2008-06-27 15:46 . 2008-06-27 15:46 <DIR> d-------- C:\WINDOWS\PCMFULLCAB
2008-06-27 08:07 . 2008-07-02 09:57 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-26 20:04 . 2008-06-27 15:46 <DIR> d-------- C:\WINDOWS\PCMFULLCAB(2)
2008-06-26 09:28 . 2008-06-29 22:57 <DIR> d-------- C:\Documents and Settings\All Media Files
2008-06-25 19:43 . 2008-06-25 20:33 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\VersionTracker Pro(2)
2008-06-25 19:19 . 2008-06-25 19:19 <DIR> d-------- C:\Program Files\TechTracker
2008-06-25 06:00 . 2008-06-25 06:00 <DIR> d-------- C:\Program Files\IObit
2008-06-25 06:00 . 2008-06-26 19:00 125 --a------ C:\Documents and Settings\IObit Freeware.url
2008-06-23 06:51 . 2008-07-04 09:43 110,366 --a------ C:\WINDOWS\BMdbd9c0fb.xml
2008-06-22 18:16 . 2008-06-22 19:44 <DIR> d-------- C:\Documents and Settings\AceBackup\Reports
2008-06-22 17:36 . 2008-06-22 19:44 <DIR> d-------- C:\Documents and Settings\AceBackup\Projects
2008-06-22 17:36 . 2008-06-23 06:29 <DIR> d-------- C:\Documents and Settings\AceBackup
2008-06-22 17:36 . 2006-01-27 16:10 2,044 --a------ C:\Documents and Settings\AceBackup\ab_tips_en.dat
2008-06-22 17:17 . 2008-06-22 17:17 4 --a------ C:\WINDOWSRegDefrag.dat
2008-06-22 08:52 . 2008-06-22 08:52 <DIR> d-------- C:\WINDOWS\system32\mir
2008-06-22 08:52 . 2008-06-22 10:32 <DIR> d-------- C:\WINDOWS\system32\jdam
2008-06-22 08:51 . 2008-06-22 08:51 <DIR> d-------- C:\WINDOWS\system32\modtrux05
2008-06-22 08:51 . 2008-06-22 08:52 <DIR> d-------- C:\WINDOWS\system32\49a
2008-06-22 08:51 . 2008-06-22 08:51 <DIR> d-------- C:\Temp\syschk3
2008-06-22 08:51 . 2008-07-04 17:53 <DIR> d-------- C:\Temp
2008-06-22 08:51 . 2008-06-22 08:51 44,544 --a------ C:\WINDOWS\system32\pmnlkHYs.dll
2008-06-22 08:11 . 2008-06-22 08:11 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\Qtrax2
2008-06-22 08:10 . 2008-06-25 20:58 <DIR> d-------- C:\Program Files\Qtrax
2008-06-21 04:35 . 2008-06-21 04:35 870,128 --a------ C:\WINDOWS\system32\mcs.rma
2008-06-21 04:35 . 2008-06-21 04:35 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2008-06-21 04:35 . 2008-06-21 04:35 4 --a------ C:\WINDOWS\system32\9B37EB
2008-06-16 19:42 . 2008-06-16 19:42 <DIR> d-------- C:\Program Files\Macrium
2008-06-14 21:11 . 2008-06-14 21:11 <DIR> d-------- C:\Documents and Settings\StartupBackup
2008-06-14 19:09 . 2008-07-04 07:07 <DIR> d-------- C:\Program Files\Z-Cron
2008-06-14 19:09 . 2008-06-14 19:09 74,240 --------- C:\WINDOWS\AKDeInstall.exe
2008-06-14 18:45 . 2008-06-14 18:45 0 --ah----- C:\Documents and Settings\Default.rdp
2008-06-14 16:03 . 2008-06-25 20:35 <DIR> d-------- C:\Program Files\MP3ext
2008-06-14 16:00 . 2008-06-14 16:16 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\GrabPro
2008-06-14 15:54 . 2008-06-14 15:54 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-14 15:37 . 2008-06-14 15:37 <DIR> d-------- C:\Documents and Settings\My Snapfire Shows
2008-06-14 08:48 . 2008-06-14 08:48 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-13 09:02 . 2008-06-08 13:27 392 --ah----- C:\Documents and Settings\$$JetTHM$$.cache
2008-06-13 08:06 . 2008-06-13 08:10 <DIR> d-------- C:\Documents and Settings\Xcel Hold
2008-06-11 20:52 . 2008-06-27 06:42 <DIR> d-------- C:\Documents and Settings\My Music
2008-06-11 01:37 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:37 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 20:06 . 2008-06-09 20:06 <DIR> d-------- C:\Documents and Settings\Rick Basham\Application Data\Citeknet
2008-06-08 21:22 . 2008-06-11 13:58 <DIR> d-------- C:\Program Files\Cobian Backup 9
2008-06-08 21:19 . 2008-06-11 02:56 24,576 --a------ C:\conf.dat
2008-06-08 21:19 . 2008-06-08 21:19 15,360 --a------ C:\data.db
2008-06-08 20:01 . 2008-06-08 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zenturi
2008-06-08 08:19 . 2008-06-08 10:26 <DIR> d-------- C:\Program Files\Conduit
2008-06-07 07:04 . 2008-06-07 07:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-06-07 07:03 . 2008-06-07 07:03 <DIR> d-------- C:\Program Files\IncrediMail
2008-06-07 07:03 . 2008-06-07 07:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-06-06 22:51 . 2008-06-06 22:51 <DIR> d-------- C:\Program Files\Fractis
2008-06-06 21:48 . 2008-06-06 21:48 <DIR> d-------- C:\Program Files\UltiDev
2008-06-06 21:48 . 2008-06-06 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UltiDev
2008-06-06 21:38 . 2008-06-06 21:38 <DIR> d-------- C:\Program Files\IcebergSetupX
2008-06-06 20:17 . 2008-06-06 20:17 <DIR> d-------- C:\Reimage
2008-06-06 18:27 . 2008-06-06 18:27 <DIR> d-------- C:\Reimage(2)
2008-06-06 08:33 . 2008-06-06 20:17 83 --a------ C:\rei.trk
2008-06-06 07:22 . 2008-06-06 20:17 <DIR> d-------- C:\rei
2008-06-06 07:22 . 2008-06-06 20:17 220 --a------ C:\WINDOWS\reimage.ini
2008-06-04 19:20 . 2008-06-04 20:57 <DIR> d-------- C:\Program Files\MP3Gain

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 22:04 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\Orbit
2008-07-04 18:17 --------- d-----w C:\Program Files\DirUtils
2008-07-04 17:11 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\StumbleUpon
2008-07-04 16:50 --------- d-----w C:\Program Files\Real
2008-07-04 16:42 --------- d-----w C:\Program Files\Orbitdownloader
2008-07-01 15:04 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\IEPro
2008-06-30 23:58 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\Move Networks
2008-06-30 10:05 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\Sonic
2008-06-29 23:02 --------- d-----w C:\Program Files\FileJoiner
2008-06-29 23:00 --------- d-----w C:\Program Files\FlashGet
2008-06-29 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-06-29 18:49 --------- d-----w C:\Program Files\LimeWire
2008-06-29 17:57 --------- d-----w C:\Program Files\J River
2008-06-29 17:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-29 17:48 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\COWON
2008-06-29 02:26 --------- d-----w C:\Program Files\FrostWire
2008-06-26 23:44 --------- d-----w C:\Program Files\zabkat
2008-06-26 14:12 --------- d-----w C:\Program Files\Incomplete
2008-06-26 14:11 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\LimeWire
2008-06-25 11:47 103,608 ----a-w C:\Documents and Settings\Quicken\Quicken112007OFXLOG.DAT
2008-06-22 21:14 --------- d-----w C:\Program Files\RGB
2008-06-22 15:00 --------- d-----w C:\Program Files\Citeknet
2008-06-22 12:10 --------- d-----w C:\Program Files\Qtrax_20080125
2008-06-15 10:46 --------- d-----w C:\Program Files\Google
2008-06-15 01:34 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-15 01:05 --------- d-----w C:\Program Files\MemTurbo 4
2008-06-14 23:47 --------- d-----w C:\Program Files\Quicken2008
2008-06-14 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-14 19:56 --------- d-----w C:\Program Files\QuickTime
2008-06-14 19:41 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\Corel
2008-06-14 19:37 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-14 19:18 --------- d-----w C:\Program Files\Modem Helper
2008-06-14 12:48 --------- d-----w C:\Program Files\Common Files\Real
2008-06-13 10:50 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\OpenOffice.org2
2008-06-11 14:53 --------- d-----w C:\Program Files\Songbird
2008-06-11 09:14 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\dvdcss
2008-06-10 12:05 --------- d-----w C:\Program Files\Creative
2008-06-10 08:46 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\Smith Micro
2008-06-09 01:50 --------- d-----w C:\Program Files\AudioMoves
2008-06-09 01:44 --------- d-----w C:\Program Files\Bonjour
2008-06-09 01:19 --------- d-----w C:\Program Files\Tobu
2008-06-09 01:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-08 23:42 --------- d-----w C:\Program Files\Dell
2008-06-08 20:08 --------- d-----w C:\Program Files\foobar2000
2008-06-08 18:30 --------- d-----w C:\Program Files\Free Music Zilla
2008-06-07 01:47 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-07 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-06 08:46 518,552 ----a-w C:\Documents and Settings\Quicken\Quicken112007OFXOLD.DAT
2008-06-02 19:18 31,712 ----a-w C:\WINDOWS\system32\drivers\psmounter.sys
2008-06-02 09:50 --------- d-----w C:\Program Files\SpiralFrog
2008-06-02 00:11 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\AudioMoves
2008-06-01 21:53 --------- d-----w C:\Program Files\PicLensIE
2008-06-01 19:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-01 19:22 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-05-31 12:20 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\Windows Live Writer
2008-05-31 10:07 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Citeknet
2008-05-30 18:40 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-30 18:00 --------- d-----w C:\Program Files\SmartFTP Client
2008-05-30 18:00 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\SmartFTP
2008-05-24 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-22 01:48 --------- d-----w C:\Program Files\Verizon Wireless
2008-05-21 00:24 --------- d-----w C:\Program Files\Microsoft Easy Assist
2008-05-20 13:32 15,328 ----a-w C:\WINDOWS\system32\drivers\pssnap.sys
2008-05-19 04:42 8 ----a-w C:\Documents and Settings\SysTweak Backup Manager\schedules.dat
2008-05-19 04:39 119,781 ----a-w C:\Documents and Settings\SysTweak Backup Manager\jobs.dat
2008-05-14 00:11 --------- d-----w C:\Program Files\PHP
2008-05-13 02:14 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\MSNInstaller
2008-05-13 01:07 --------- d-----w C:\Program Files\Surf Canyon
2008-05-12 01:34 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\FMZilla
2008-05-12 01:09 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-05-12 01:09 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-11 23:47 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-05-11 23:43 --------- d-----w C:\Program Files\Java
2008-05-11 22:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 13:36 --------- d-----w C:\Program Files\RegToy
2008-05-10 20:52 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-10 02:26 --------- d-----w C:\Documents and Settings\Rick Basham\Application Data\Qtrax1
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-05 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spiralfrog
2008-05-05 03:43 --------- d-----w C:\Program Files\DiscInsert
2008-05-04 05:49 --------- d-----w C:\Program Files\VS Revo Group
2008-05-02 02:47 780,694 ----a-w C:\Documents and Settings\CCleaner Backup Registry\cc_20080501_2246.reg
2008-04-14 00:12 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
2008-04-14 00:12 39,424 ----a-w C:\WINDOWS\system32\sensesl.dll
2008-04-14 00:12 20,480 ----a-w C:\WINDOWS\system32\mssockdz.dll
2008-04-06 00:30 61,440 ----a-w C:\WINDOWS\system32\RBKA460.tmp
2008-03-02 02:54 1,622 ----a-w C:\Program Files\SpeedBit Video Accelerator.lnk
2007-11-23 15:14 483,080 ----a-w C:\Documents and Settings\Quicken\QDATAOFXLOG.DAT
2007-11-08 16:00 60,968 ------w C:\Documents and Settings\Rick Basham\GoToAssistDownloadHelper.exe
2007-10-15 09:27 517,544 ----a-w C:\Documents and Settings\Quicken\QDATAOFXOLD.DAT
2007-02-15 08:08 108 --sha-r C:\WINDOWS\neoqaz2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E06327D-0415-475F-898B-6ACFB316073E}]
2008-06-22 08:51 44544 --a------ C:\WINDOWS\system32\pmnlkHYs.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Program Files\Orbitdownloader\GrabPro.dll" [2008-06-10 10:47 457848]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-19 18:36 1267040]
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"= "C:\Program Files\Orbitdownloader\GrabPro.dll" [2008-06-10 10:47 457848]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\clsid\{c55bbcd6-41ad-48ad-9953-3609c48eacc7}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}]
[HKEY_CLASSES_ROOT\GrabPro.FindBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-14 08:47 185896]

C:\Documents and Settings\Rick Basham\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\MemTurbo 4\MemTurbo.exe [2008-03-01 11:54:38 3181568]
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-05-21 21:48:06 1738032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-04-05 23:52:26 1690824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GeneralTab"= 0 (0x0)
"SecurityTab"= 0 (0x0)
"ContentTab"= 0 (0x0)
"ConnectionsTab"= 0 (0x0)
"ProgramsTab"= 0 (0x0)
"AdvancedTab"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 05:56 303616]
"{4E06327D-0415-475F-898B-6ACFB316073E}"= "C:\WINDOWS\system32\pmnlkHYs.dll" [2008-06-22 08:51 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-08 12:00 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlkHYs]
2008-06-22 08:51 44544 C:\WINDOWS\system32\pmnlkHYs.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLNRNote
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 12:51 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 07:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-14 01:45 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-14 01:44 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-05-02 18:16 184320 C:\Program Files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--------- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--------- 2004-12-22 13:40 24576 C:\WINDOWS\MIDIDEF.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\lxcfcoms.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\WINDOWS\\system32\\wupdmgr.exe"=
"C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009


.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 23:44:22 C:\WINDOWS\Tasks\BCK2.job"
- C:\Program Files\AceBIT\AceBackup 2\AceBackup.exeZ -update
"2008-07-03 12:48:51 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{0340F8E4-2FFF-414E-BFB6-817DB04D1457} - C:\WINDOWS\system32\ljJCuRKD.dll
BHO-{21F8B895-0F28-48C8-871A-8535BD3E60E6} - C:\WINDOWS\system32\ddcYqpNd.dll
BHO-{4B5368EE-1BD6-4B3D-B28B-6835D5DEDEB0} - C:\WINDOWS\system32\ljJYSjii.dll
BHO-{58e97cb0-26b1-4700-a502-bb8dd9d2b6d2} - C:\WINDOWS\system32\inylds.dll
BHO-{7330D4FA-48BB-4B90-B242-330DB7404B89} - C:\WINDOWS\system32\opnMggfE.dll
BHO-{B3CA67F0-BAA2-4462-B0AB-020713951999} - C:\WINDOWS\system32\vtUmJYQH.dll
HKLM-Run-BMdbd9c0fb - C:\WINDOWS\system32\wfrsxmuu.dll
Notify-dimsntfy - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 18:03:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\pmnlkHYs.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Completion time: 2008-07-04 18:11:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-04 22:11:34

Pre-Run: 101,618,958,336 bytes free
Post-Run: 102,309,371,904 bytes free

370 --- E O F --- 2008-07-04 22:11:29

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:41 AM

Posted 05 July 2008 - 09:30 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff/Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users