ComboFix 08-04-26.3 - Owner 2008-04-30 17:01:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.120 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\Owner\Application Data\PPPATC~1
C:\lswmv.ini
c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\uninstall information
C:\Program Files\fnts~1
C:\Program Files\SoftwareOnline
C:\Program Files\SoftwareOnline\soproc.exe
C:\Program Files\Unlocker\UnlockerAssistant .exe
C:\Program Files\winupdate
C:\temp\
0b9
C:\temp\
0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\scurit~1
C:\WINDOWS\scurit~1\s?curity\
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\bxtyhjns.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ggfvmakq.ini
C:\WINDOWS\system32\gokekyww.ini
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.exe
C:\WINDOWS\system32\snjhytxb.ini
C:\WINDOWS\system32\sstem~1
C:\WINDOWS\system32\sstem~1\s?stem\
C:\xcrashdump.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.
2008-04-28 19:49 . 2008-04-28 19:49 294 ---hs---- C:\WINDOWS\system32\chuibbgy.ini
2008-04-27 12:50 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-04-27 12:50 . 2003-11-19 13:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-04-27 12:50 . 2004-05-11 09:56 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2008-04-27 12:50 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-04-27 12:50 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-04-27 12:50 . 2001-03-28 22:02 89,088 --a------ C:\WINDOWS\system32\ProgressBar4.ocx
2008-04-27 12:50 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-04-26 14:29 . 2008-04-30 14:23 109,793 --a------ C:\WINDOWS\BM63f23048.xml
2008-04-26 12:15 . 2008-04-26 12:15 25,088 --a------ C:\WINDOWS\system32\Partizan.exe
2008-04-26 08:37 . 2008-04-26 08:37 <DIR> d-------- C:\Documents and Settings\Mei-Ling.YOUR-C8BH3JAGLT\Application Data\Webroot
2008-04-24 06:05 . 2008-04-24 06:05 <DIR> d-------- C:\Documents and Settings\Mei-Ling.YOUR-C8BH3JAGLT\Application Data\Malwarebytes
2008-04-23 09:52 . 2008-04-23 09:52 <DIR> d-------- C:\Documents and Settings\Chih-Pin.YOUR-C8BH3JAGLT\Application Data\Malwarebytes
2008-04-23 08:58 . 2006-08-21 01:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-23 08:58 . 2006-08-21 01:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-23 08:58 . 2006-08-21 04:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-23 08:10 . 2007-07-09 05:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-23 08:05 . 2006-06-14 00:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-04-23 08:05 . 2006-06-14 01:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-04-23 08:05 . 2006-06-14 00:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-04-22 20:25 . 2008-04-22 20:25 0 --a------ C:\Documents and Settings\Administrator.YOUR-C8BH3JAGLT\regsvr32
2008-04-22 19:43 . 2008-04-22 19:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-22 17:58 . 2008-04-26 12:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 17:58 . 2008-04-22 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 17:58 . 2008-04-22 17:58 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-C8BH3JAGLT\Application Data\Malwarebytes
2008-04-22 06:44 . 2008-04-22 06:44 <DIR> d-------- C:\Documents and Settings\Mei-Ling.YOUR-C8BH3JAGLT\Application Data\Sonic
2008-04-21 16:20 . 2008-04-21 16:20 30,946 --a------ C:\WINDOWS\system32\drivers\Partizan.sys
2008-04-21 12:35 . 2008-04-21 12:35 <DIR> d-------- C:\Documents and Settings\Chih-Pin.YOUR-C8BH3JAGLT\Application Data\Sonic
2008-04-20 18:10 . 2008-04-22 19:41 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-C8BH3JAGLT\Application Data\Desktopicon
2008-04-18 09:25 . 2008-04-21 09:11 <DIR> d-------- C:\Documents and Settings\Mei-Ling.YOUR-C8BH3JAGLT\Application Data\AdobeUM
2008-04-14 09:35 . 2008-04-14 09:35 <DIR> d-------- C:\Documents and Settings\Chih-Pin.YOUR-C8BH3JAGLT\Application Data\DivX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 01:27 --------- d-----w C:\Program Files\Unlocker
2008-04-21 20:35 --------- d-----w C:\Program Files\RecordNow!
2008-04-21 20:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-21 00:41 --------- d-----w C:\Program Files\AIM
2008-04-20 21:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-04-19 21:45 --------- d-----w C:\Program Files\Starcraft
2008-04-14 16:52 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-13 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-05 21:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\ImgBurn
2008-04-05 18:53 --------- d-----w C:\Program Files\ImgBurn
2008-04-01 01:31 --------- d-----w C:\Documents and Settings\Christine.YOUR-C8BH3JAGLT\Application Data\AdobeUM
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 17:35 --------- d-----w C:\Program Files\Blaze Media Pro
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-21 18:31 13,195 ----a-w C:\Documents and Settings\Owner\zguicfgw.dat
2006-03-10 02:54 272 ----a-w C:\Documents and Settings\Owner\sfa2dat.dat
.
<pre>
----a-w 307,200 2008-04-26 16:34:34 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 748,032 2008-04-29 01:37:49 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 67,160 2008-04-21 00:41:18 C:\Program Files\AIM\aim .exe
----a-w 110,592 2008-04-30 23:39:14 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 57,344 2008-01-08 22:40:20 C:\Program Files\Lexmark X6100 Series\lxbfbmgr .exe
----a-w 1,175,160 2008-04-26 20:25:20 C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
----a-w 1,694,208 2008-04-29 01:37:50 C:\Program Files\Messenger\msmsgs .exe
----a-w 365,568 2008-04-30 21:46:49 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-30 04:03:59 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-30 01:07:36 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-29 22:44:18 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-29 17:37:37 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-29 03:49:18 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-28 17:21:26 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-28 04:56:43 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-28 01:30:23 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-27 23:41:28 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-27 23:18:11 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-27 20:30:10 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-27 18:02:08 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-27 16:22:16 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-27 15:25:26 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 22:29:14 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 20:37:05 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 20:24:36 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 20:09:38 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 19:44:03 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 15:50:29 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 06:00:54 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 05:55:10 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 05:45:07 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 05:40:12 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 05:02:27 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 04:52:52 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 04:38:32 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-26 03:54:43 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-25 17:49:35 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-25 14:48:13 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-25 05:53:12 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-25 03:54:47 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-25 03:30:37 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-25 01:50:07 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-24 17:48:37 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-24 01:20:20 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-23 23:29:26 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-23 17:44:41 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-23 05:54:50 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-23 04:29:58 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-23 03:54:31 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-23 03:43:27 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-22 16:59:53 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-22 14:44:27 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-22 03:36:22 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-22 01:07:02 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-21 23:56:39 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-21 22:49:52 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-21 18:09:14 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-21 03:01:58 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 365,568 2008-04-21 02:52:53 C:\Program Files\Unlocker\UnlockerAssistant .exe
----a-w 3,096,576 2008-04-29 22:44:28 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-29 22:44:16 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-29 17:37:35 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-28 17:21:25 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-27 16:22:13 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-26 15:50:26 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-25 20:25:34 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-24 17:48:37 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-23 17:44:39 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-23 05:54:49 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-22 16:59:52 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,479,552 2008-04-21 18:09:13 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,096,576 2008-04-26 16:37:28 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 158,208 2008-01-10 23:12:31 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 15,360 2008-01-21 06:55:28 C:\WINDOWS\system32\ctfmon .exe
----a-w 174,592 2008-01-21 06:55:21 C:\WINDOWS\system32\lexpps .exe
</pre>
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0f69bbef-119f-41ca-a2e3-860f206c8df0}]
C:\WINDOWS\system32\vjpmdedr.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [ ]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant .exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"BM63f23048"="C:\WINDOWS\system32\iyxjcluf.dll" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0086076]
C:\WINDOWS\system32\__c0086076.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00B7BEF]
C:\WINDOWS\system32\__c00B7BEF.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00BC67B]
C:\WINDOWS\system32\__c00BC67B.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Compaq Organize.lnk
backup=C:\WINDOWS\pss\Compaq Organize.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMStart.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk
backup=C:\WINDOWS\pss\IMStart.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\60c103d4]
C:\WINDOWS\system32\nhtnvkly.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-01-16 19:34 88363 C:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2008-01-08 14:40 441856 C:\Program Files\AIM\aim.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brxv]
C:\Documents and Settings\Owner\My Documents\W?nSxS\m?iexec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2003-08-15 00:59 70816 c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 21:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-01-16 19:16 229376 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 19:02 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
--a------ 2008-01-08 14:40 417280 C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-02-12 13:12 59392 C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
--a------ 2003-08-15 18:24 124096 c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
C:\WINDOWS\system32\SSTEM~1\services.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-02-11 20:08 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-02-11 20:08 455168 C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 19:13 98304 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
C:\Program Files\QdrModule\QdrModule11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-13 20:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-17 23:31 118784 C:\Windows\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2004-04-02 00:49 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-04-02 01:43 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tndzcg]
C:\Program Files\Common Files\?racle\?canregw.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [2008-04-21 16:20]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 02:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 16:52:24 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-04-26 04:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- c:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2004-04-03 08:05:51 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-30 17:45:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 32
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-30 18:16:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-01 02:15:17
Pre-Run: 78,093,807,616 bytes free
Post-Run: 78,672,683,008 bytes free
329 --- E O F --- 2008-04-24 21:41:33
HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:23 PM, on 4/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\gearsec.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant .exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/micr...?1190412252843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/micr...?1190412236609
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
My system seems clear so far, pmkjh.dll has not regenerated itself
But on my laptop I have the same problem but instead of pmkjh.dll its jkkii.dll and even with ComboFix, jkkii.dll regenerated itself. But my desktop computer is much more important and it appears to function properly! Thanks for the help guys =)
I will post another HJT log tomorrow and I will also check if the stubborn .dll managed to regenerate itself. *crosses fingers*
Unsolved 
Offline 
