Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PMLS.DLL Problem [RESOLVED]


  • This topic is locked This topic is locked

#1
Thtkidfred

Thtkidfred

    Member

  • Member
  • PipPip
  • 17 posts
Heya, I did a Prevx CSI scan while trying to remove pmropn.exe, and pmls.dll came up with it. I was able to remove
pmropn.exe with AVG, but can't get rid of pmls.dll.

There has to be something really wrong, I play flash games for 30 mins and the computer just goes extremely slow after, and this computer is only a few months old.

EDIT: Updated HJT Log, and Uninstall list.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:11 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206095937234
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5002 bytes

Uninstall list--

Adobe Bridge 1.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AIM 6
Apple Mobile Device Support
Apple Software Update
AVG Anti-Spyware 7.5
Bonjour
CCleaner (remove only)
CDDRV_Installer
EA Download Manager
EVGA Display Driver
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB935448)
HyperCam 2
ijji Auto Installer
iTunes
Java™ 6 Update 4
JRAID
KhalInstallWrapper
LimeWire 4.16.6
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
NVIDIA Drivers
PaltalkScene
PlayNC Launcher
QuickTime
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Steam
SwiftKit
System Requirements Lab
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Ventrilo Client
Ventrilo Server
Viewpoint Media Player
WarRock
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xfire (remove only)
Yahoo! 工具列
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

Edited by Thtkidfred, 08 April 2008 - 07:45 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\pmai.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\system32\pmai.dll

  • Click Open.
  • Click Post.
Thank you!



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
Thtkidfred

Thtkidfred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hey, Thanks for responding. Here are the HJT Log and the Combofix log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:14 AM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206095937234
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4095 bytes

Combo Fix log --

ComboFix 08-04-08.10 - Fred 2008-04-09 11:19:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1711 [GMT -4:00]
Running from: C:\Documents and Settings\Fred\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 21:51 . 2008-04-08 21:51 <DIR> d-------- C:\Program Files\SpywareGuard
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 21:49 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-04-08 21:31 . 2008-04-08 21:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 21:09 . 2008-04-08 21:09 <DIR> d-------- C:\Program Files\InCode Solutions
2008-04-07 13:28 . 2008-04-07 13:28 <DIR> d-------- C:\Program Files\iPod
2008-04-07 13:22 . 2008-04-09 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 13:22 . 2008-04-07 13:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 04:35 . 2008-04-08 21:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 04:35 . 2008-04-08 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 02:55 . 2008-04-03 02:55 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Grisoft
2008-04-03 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 02:54 . 2008-04-03 02:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 02:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 02:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-03 02:38 . 2008-04-08 21:29 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 02:38 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
2008-04-03 02:38 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2008-04-03 02:38 . 2006-02-28 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-04-03 02:02 . 2008-04-03 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-03 01:57 . 2008-04-03 03:07 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-03 01:53 . 2008-04-03 01:53 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-03 01:53 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-03 01:28 . 2008-04-03 01:28 164 --a------ C:\install.dat
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-02 06:46 . 2008-04-02 06:46 286,720 --a------ C:\WINDOWS\system32\pmxf.dll
2008-04-02 06:38 . 2008-04-02 06:38 712,704 --a------ C:\WINDOWS\system32\pmph.dll
2008-04-01 15:19 . 2008-04-01 15:19 118,784 --a------ C:\WINDOWS\system32\pmai.dll
2008-04-01 03:48 . 2008-04-02 03:12 368,640 --a------ C:\WINDOWS\system32\pmls.dll
2008-04-01 03:48 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-03-31 01:04 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Yahoo!
2008-03-29 22:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-29 22:57 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 18:35 . 2008-03-27 18:35 268 --ah----- C:\sqmdata02.sqm
2008-03-27 18:35 . 2008-03-27 18:35 244 --ah----- C:\sqmnoopt02.sqm
2008-03-25 19:39 . 2006-02-28 08:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-03-25 19:37 . 2008-03-25 19:37 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\NPLUTO Corporation
2008-03-25 19:32 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-03-25 18:19 . 2008-04-03 01:15 <DIR> d-------- C:\Program Files\DriftCity
2008-03-24 20:46 . 2008-03-24 20:46 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-03-24 18:22 . 2008-03-24 18:22 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-24 18:22 . 2003-07-17 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-24 18:22 . 2004-12-31 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-24 15:38 . 2008-03-24 15:38 <DIR> d-------- C:\ijji
2008-03-24 15:38 . 2008-03-25 10:32 <DIR> d--h----- C:\Documents and Settings\Fred\Application Data\ijjigame
2008-03-23 15:57 . 2008-03-23 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-23 15:56 . 2008-03-29 22:43 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-23 15:56 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-23 15:56 . 2008-03-23 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-20 10:40 . 2008-03-20 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-19 16:47 . 2008-03-19 16:47 <DIR> d-------- C:\Program Files\CCleaner
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-12 20:58 . 2008-03-12 20:58 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Paltalk
2008-03-11 13:04 . 2008-03-11 13:04 268 --ah----- C:\sqmdata01.sqm
2008-03-11 13:04 . 2008-03-11 13:04 244 --ah----- C:\sqmnoopt01.sqm
2008-03-10 14:38 . 2008-03-10 14:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-10 14:35 . 2008-03-10 14:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-10 14:35 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-03-10 14:29 . 2008-03-10 14:29 268 --ah----- C:\sqmdata00.sqm
2008-03-10 14:29 . 2008-03-10 14:29 244 --ah----- C:\sqmnoopt00.sqm
2008-03-09 23:16 . 2008-03-09 23:16 <DIR> d-------- C:\Documents and Settings\Fred\Contacts
2008-03-09 23:13 . 2008-03-09 23:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-09 23:12 . 2008-03-09 23:15 <DIR> d-------- C:\Program Files\Windows Live
2008-03-09 23:12 . 2008-03-09 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 23:08 . 2008-03-09 23:08 1,024 --a------ C:\.rnd
2008-03-09 21:13 . 2008-04-09 11:02 <DIR> d-------- C:\Program Files\Xfire
2008-03-09 21:13 . 2008-04-09 11:17 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Xfire
2008-03-09 19:23 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\NCSoft
2008-03-09 18:21 . 2008-03-09 19:21 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 15:03 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-09 15:03 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-09 14:04 --------- d-----w C:\Program Files\SwiftKit
2008-04-09 02:36 --------- d-----w C:\Program Files\Electronic Arts
2008-04-09 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 22:38 --------- d-----w C:\Program Files\WarRock

Thanks for the help in advance.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\pmai.dll
C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\pmxf.dll
C:\WINDOWS\system32\pmph.dll
C:\WINDOWS\system32\pmai.dll
C:\WINDOWS\system32\pmls.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#5
Thtkidfred

Thtkidfred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I had to restart after combofix was completed, So I ran it again after restart to produce a log, also posting a new HJT log. Thanks a bunch for the help.

HJT--

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:03 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206095937234
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3892 bytes

ComboFix Log--

ComboFix 08-04-08.10 - Fred 2008-04-09 14:11:05.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1718 [GMT -4:00]
Running from: C:\Documents and Settings\Fred\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\pmai.dll
C:\WINDOWS\system32\pmls.dll
C:\WINDOWS\system32\pmph.dll
C:\WINDOWS\system32\pmxf.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 21:51 . 2008-04-08 21:51 <DIR> d-------- C:\Program Files\SpywareGuard
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 21:49 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-04-08 21:31 . 2008-04-08 21:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 21:09 . 2008-04-08 21:09 <DIR> d-------- C:\Program Files\InCode Solutions
2008-04-07 13:28 . 2008-04-07 13:28 <DIR> d-------- C:\Program Files\iPod
2008-04-07 13:22 . 2008-04-09 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 13:22 . 2008-04-07 13:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 04:35 . 2008-04-08 21:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 04:35 . 2008-04-08 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 02:55 . 2008-04-03 02:55 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Grisoft
2008-04-03 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 02:54 . 2008-04-03 02:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 02:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 02:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-03 02:38 . 2008-04-08 21:29 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 02:38 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
2008-04-03 02:38 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2008-04-03 02:38 . 2006-02-28 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-04-03 02:02 . 2008-04-03 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-03 01:57 . 2008-04-03 03:07 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-03 01:53 . 2008-04-03 01:53 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-03 01:53 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-03 01:28 . 2008-04-03 01:28 164 --a------ C:\install.dat
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-01 03:48 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-03-31 01:04 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Yahoo!
2008-03-29 22:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-29 22:57 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 18:35 . 2008-03-27 18:35 268 --ah----- C:\sqmdata02.sqm
2008-03-27 18:35 . 2008-03-27 18:35 244 --ah----- C:\sqmnoopt02.sqm
2008-03-25 19:39 . 2006-02-28 08:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-03-25 19:37 . 2008-03-25 19:37 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\NPLUTO Corporation
2008-03-25 19:32 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-03-25 18:19 . 2008-04-03 01:15 <DIR> d-------- C:\Program Files\DriftCity
2008-03-24 20:46 . 2008-03-24 20:46 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-03-24 18:22 . 2008-03-24 18:22 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-24 18:22 . 2003-07-17 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-24 18:22 . 2004-12-31 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-24 15:38 . 2008-03-24 15:38 <DIR> d-------- C:\ijji
2008-03-24 15:38 . 2008-03-25 10:32 <DIR> d--h----- C:\Documents and Settings\Fred\Application Data\ijjigame
2008-03-23 15:57 . 2008-03-23 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-23 15:56 . 2008-03-29 22:43 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-23 15:56 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-23 15:56 . 2008-03-23 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-20 10:40 . 2008-03-20 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-19 16:47 . 2008-03-19 16:47 <DIR> d-------- C:\Program Files\CCleaner
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-12 20:58 . 2008-03-12 20:58 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Paltalk
2008-03-11 13:04 . 2008-03-11 13:04 268 --ah----- C:\sqmdata01.sqm
2008-03-11 13:04 . 2008-03-11 13:04 244 --ah----- C:\sqmnoopt01.sqm
2008-03-10 14:38 . 2008-03-10 14:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-10 14:35 . 2008-03-10 14:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-10 14:35 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-03-10 14:29 . 2008-03-10 14:29 268 --ah----- C:\sqmdata00.sqm
2008-03-10 14:29 . 2008-03-10 14:29 244 --ah----- C:\sqmnoopt00.sqm
2008-03-09 23:16 . 2008-03-09 23:16 <DIR> d-------- C:\Documents and Settings\Fred\Contacts
2008-03-09 23:13 . 2008-03-09 23:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-09 23:12 . 2008-03-09 23:15 <DIR> d-------- C:\Program Files\Windows Live
2008-03-09 23:12 . 2008-03-09 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 23:08 . 2008-03-09 23:08 1,024 --a------ C:\.rnd
2008-03-09 21:13 . 2008-04-09 11:02 <DIR> d-------- C:\Program Files\Xfire
2008-03-09 21:13 . 2008-04-09 14:07 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Xfire
2008-03-09 19:23 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\NCSoft
2008-03-09 18:21 . 2008-03-09 19:21 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 16:38 --------- d-----w C:\Program Files\SwiftKit
2008-04-09 15:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-09 15:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-09 02:36 --------- d-----w C:\Program Files\Electronic Arts
2008-04-09 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 22:38 --------- d-----w C:\Program Files\WarRock
2008-04-07 17:28 --------- d-----w C:\Program Files\iTunes
2008-04-07 17:27 --------- d-----w C:\Program Files\QuickTime
2008-04-05 00:27 --------- d-----w C:\Documents and Settings\Fred\Application Data\LimeWire
2008-04-03 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 05:14 --------- d-----w C:\Documents and Settings\Fred\Application Data\Apple Computer
2008-03-30 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 19:56 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:03 --------- d-----w C:\Program Files\Steam
2008-03-06 16:59 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-06 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-06 15:15 --------- d-----w C:\Documents and Settings\Fred\Application Data\InstallShield
2008-03-05 00:58 --------- d-----w C:\Program Files\Midway Home Entertainment
2008-02-27 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 19:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-21 19:45 --------- d--h--r C:\Documents and Settings\Fred\Application Data\SecuROM
2008-02-21 19:45 --------- d-----w C:\Program Files\GameSpy
2008-02-21 19:41 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-02-21 19:41 22,328 ----a-w C:\Documents and Settings\Fred\Application Data\PnkBstrK.sys
2008-02-21 07:20 --------- d-----w C:\Program Files\Disney
2008-02-21 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-21 07:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\acccore
2008-02-21 06:55 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-21 06:55 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-20 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-20 23:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-20 23:34 --------- d-----w C:\Documents and Settings\Fred\Application Data\SystemRequirementsLab
2008-02-20 22:28 --------- d-----w C:\Program Files\Realtek
2008-02-20 22:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 22:02 --------- d-----w C:\Documents and Settings\Fred\Application Data\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-02-20 21:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-20 21:58 --------- d-----w C:\Program Files\VentSrv
2008-02-20 21:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-20 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-20 21:57 --------- d-----w C:\Program Files\LimeWire
2008-02-20 21:57 --------- d-----w C:\Program Files\Java
2008-02-20 21:55 --------- d-----w C:\Program Files\Common Files\Java
2008-02-20 21:54 --------- d-----w C:\Documents and Settings\Fred\Application Data\Logitech
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-20 21:52 --------- d-----w C:\Program Files\Logitech
2008-02-20 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-20 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-20 21:36 --------- d-----w C:\Program Files\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-20 21:36 --------- d-----w C:\Program Files\AIM6
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PremierOpinion]
C:\WINDOWS\system32\pmls.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\pmai.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-24 22:52 385024 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
c:\windows\system32\pmropn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Program Files\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 02:54 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-05 22:13 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys [2006-02-12 22:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 12:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 14:12:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 14:12:42
ComboFix-quarantined-files.txt 2008-04-09 18:12:38
ComboFix2.txt 2008-04-09 15:21:15
Pre-Run: 139,778,408,448 bytes free
Post-Run: 139,765,993,472 bytes free
.
2008-04-04 04:25:03 --- E O F ---
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O20 - AppInit_DLLs: C:\WINDOWS\system32\pmai.dll
O20 - Winlogon Notify: PremierOpinion - C:\WINDOWS\system32\pmls.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\pmai.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Reboot and post a new HijackThis log
  • 0

#7
Thtkidfred

Thtkidfred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for the fast response :)

Here is the new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:01 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206095937234
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3758 bytes
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No problem

Go ahead with CFScript there
  • 0

#9
Thtkidfred

Thtkidfred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Sorry, didn't understand you. What did you want me to do?

Edited by Thtkidfred, 09 April 2008 - 12:38 PM.

  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\pmai.dll


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

Advertisements


#11
Thtkidfred

Thtkidfred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the log that it produced.

ComboFix 08-04-08.10 - Fred 2008-04-09 15:49:26.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1715 [GMT -4:00]
Running from: C:\Documents and Settings\Fred\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fred\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\pmai.dll
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-08 21:51 . 2008-04-08 21:51 <DIR> d-------- C:\Program Files\SpywareGuard
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-08 21:49 . 2008-04-09 10:04 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 21:49 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-04-08 21:31 . 2008-04-08 21:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 21:09 . 2008-04-08 21:09 <DIR> d-------- C:\Program Files\InCode Solutions
2008-04-07 13:28 . 2008-04-07 13:28 <DIR> d-------- C:\Program Files\iPod
2008-04-07 13:22 . 2008-04-09 11:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 13:22 . 2008-04-07 13:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-03 04:35 . 2008-04-08 21:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 04:35 . 2008-04-08 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 02:55 . 2008-04-03 02:55 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Grisoft
2008-04-03 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 02:54 . 2008-04-03 02:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 02:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 02:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-03 02:38 . 2008-04-08 21:29 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 02:38 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
2008-04-03 02:38 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2008-04-03 02:38 . 2006-02-28 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-04-03 02:02 . 2008-04-03 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-03 01:57 . 2008-04-03 03:07 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-03 01:53 . 2008-04-03 01:53 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-03 01:53 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-03 01:28 . 2008-04-03 01:28 164 --a------ C:\install.dat
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-01 03:48 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-03-31 01:04 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Yahoo!
2008-03-29 22:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-29 22:57 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 18:35 . 2008-03-27 18:35 268 --ah----- C:\sqmdata02.sqm
2008-03-27 18:35 . 2008-03-27 18:35 244 --ah----- C:\sqmnoopt02.sqm
2008-03-25 19:39 . 2006-02-28 08:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-03-25 19:37 . 2008-03-25 19:37 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\NPLUTO Corporation
2008-03-25 19:32 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-03-25 18:19 . 2008-04-03 01:15 <DIR> d-------- C:\Program Files\DriftCity
2008-03-24 20:46 . 2008-03-24 20:46 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-03-24 18:22 . 2008-03-24 18:22 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-24 18:22 . 2003-07-17 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-24 18:22 . 2004-12-31 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-24 15:38 . 2008-03-24 15:38 <DIR> d-------- C:\ijji
2008-03-24 15:38 . 2008-03-25 10:32 <DIR> d--h----- C:\Documents and Settings\Fred\Application Data\ijjigame
2008-03-23 15:57 . 2008-03-23 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-23 15:56 . 2008-03-29 22:43 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-23 15:56 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-23 15:56 . 2008-03-23 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-20 10:40 . 2008-03-20 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-19 16:47 . 2008-03-19 16:47 <DIR> d-------- C:\Program Files\CCleaner
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-12 20:58 . 2008-03-12 20:58 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Paltalk
2008-03-11 13:04 . 2008-03-11 13:04 268 --ah----- C:\sqmdata01.sqm
2008-03-11 13:04 . 2008-03-11 13:04 244 --ah----- C:\sqmnoopt01.sqm
2008-03-10 14:38 . 2008-03-10 14:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-10 14:35 . 2008-03-10 14:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-10 14:35 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-03-10 14:29 . 2008-03-10 14:29 268 --ah----- C:\sqmdata00.sqm
2008-03-10 14:29 . 2008-03-10 14:29 244 --ah----- C:\sqmnoopt00.sqm
2008-03-09 23:16 . 2008-03-09 23:16 <DIR> d-------- C:\Documents and Settings\Fred\Contacts
2008-03-09 23:13 . 2008-03-09 23:15 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-09 23:12 . 2008-03-09 23:15 <DIR> d-------- C:\Program Files\Windows Live
2008-03-09 23:12 . 2008-03-09 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 23:08 . 2008-03-09 23:08 1,024 --a------ C:\.rnd
2008-03-09 21:13 . 2008-04-09 11:02 <DIR> d-------- C:\Program Files\Xfire
2008-03-09 21:13 . 2008-04-09 14:07 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Xfire
2008-03-09 19:23 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\NCSoft
2008-03-09 18:21 . 2008-03-09 19:21 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 18:53 --------- d-----w C:\Program Files\SwiftKit
2008-04-09 15:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-09 15:25 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-09 02:36 --------- d-----w C:\Program Files\Electronic Arts
2008-04-09 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 22:38 --------- d-----w C:\Program Files\WarRock
2008-04-07 17:28 --------- d-----w C:\Program Files\iTunes
2008-04-07 17:27 --------- d-----w C:\Program Files\QuickTime
2008-04-05 00:27 --------- d-----w C:\Documents and Settings\Fred\Application Data\LimeWire
2008-04-03 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 05:14 --------- d-----w C:\Documents and Settings\Fred\Application Data\Apple Computer
2008-03-30 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 19:56 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:03 --------- d-----w C:\Program Files\Steam
2008-03-06 16:59 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-06 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-06 15:15 --------- d-----w C:\Documents and Settings\Fred\Application Data\InstallShield
2008-03-05 00:58 --------- d-----w C:\Program Files\Midway Home Entertainment
2008-02-27 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 19:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-21 19:45 --------- d--h--r C:\Documents and Settings\Fred\Application Data\SecuROM
2008-02-21 19:45 --------- d-----w C:\Program Files\GameSpy
2008-02-21 19:41 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-02-21 19:41 22,328 ----a-w C:\Documents and Settings\Fred\Application Data\PnkBstrK.sys
2008-02-21 07:20 --------- d-----w C:\Program Files\Disney
2008-02-21 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-21 07:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\acccore
2008-02-21 06:55 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-21 06:55 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-20 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-20 23:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-20 23:34 --------- d-----w C:\Documents and Settings\Fred\Application Data\SystemRequirementsLab
2008-02-20 22:28 --------- d-----w C:\Program Files\Realtek
2008-02-20 22:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 22:02 --------- d-----w C:\Documents and Settings\Fred\Application Data\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-02-20 21:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-20 21:58 --------- d-----w C:\Program Files\VentSrv
2008-02-20 21:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-20 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-20 21:57 --------- d-----w C:\Program Files\LimeWire
2008-02-20 21:57 --------- d-----w C:\Program Files\Java
2008-02-20 21:55 --------- d-----w C:\Program Files\Common Files\Java
2008-02-20 21:54 --------- d-----w C:\Documents and Settings\Fred\Application Data\Logitech
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-20 21:52 --------- d-----w C:\Program Files\Logitech
2008-02-20 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-20 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-20 21:36 --------- d-----w C:\Program Files\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-20 21:36 --------- d-----w C:\Program Files\AIM6
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-24 22:52 385024 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
c:\windows\system32\pmropn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Program Files\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 02:54 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-05 22:13 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys [2006-02-12 22:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 12:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 15:50:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 15:50:49
ComboFix-quarantined-files.txt 2008-04-09 19:50:46
ComboFix2.txt 2008-04-09 18:25:54
ComboFix3.txt 2008-04-09 18:12:43
ComboFix4.txt 2008-04-09 15:21:15
Pre-Run: 139,731,230,720 bytes free
Post-Run: 139,720,400,896 bytes free
.
2008-04-04 04:25:03 --- E O F ---

Thanks again.
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\pmropn.exe

Folder::
C:\Program Files\Seekmo

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log
  • 0

#13
Thtkidfred

Thtkidfred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:18 PM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206095937234
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3760 bytes
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok post the ComboFix log and do this

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#15
Thtkidfred

Thtkidfred

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the Malware Bytes Log.

Malwarebytes' Anti-Malware 1.11
Database version: 606

Scan type: Full Scan (C:\|)
Objects scanned: 89034
Time elapsed: 10 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the ComboFix Log.

ComboFix 08-04-08.10 - Fred 2008-04-10 12:21:37.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1644 [GMT -4:00]
Running from: C:\Documents and Settings\Fred\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fred\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\pmropn.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 00:17 . 2008-04-10 00:17 <DIR> d-------- C:\VivoxLogs
2008-04-08 21:51 . 2008-04-09 16:02 <DIR> d-------- C:\Program Files\SpywareGuard
2008-04-08 21:49 . 2008-04-09 16:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-08 21:49 . 2008-04-09 16:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 21:49 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-04-08 21:31 . 2008-04-08 21:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Malwarebytes
2008-04-08 21:14 . 2008-04-08 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-08 21:09 . 2008-04-08 21:09 <DIR> d-------- C:\Program Files\InCode Solutions
2008-04-07 13:28 . 2008-04-07 13:28 <DIR> d-------- C:\Program Files\iPod
2008-04-03 04:35 . 2008-04-08 21:27 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-03 04:35 . 2008-04-08 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 02:55 . 2008-04-03 02:55 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Grisoft
2008-04-03 02:55 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-03 02:54 . 2008-04-03 02:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-03 02:49 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 02:49 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-03 02:38 . 2008-04-08 21:29 <DIR> d-------- C:\Program Files\Comodo
2008-04-03 02:38 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
2008-04-03 02:38 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2008-04-03 02:38 . 2006-02-28 08:00 22,528 --a------ C:\WINDOWS\system32\wsock32.dlb
2008-04-03 02:02 . 2008-04-03 02:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-03 01:57 . 2008-04-03 03:07 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-04-03 01:53 . 2008-04-03 01:53 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-03 01:53 . 2003-03-18 16:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-03 01:28 . 2008-04-03 01:28 164 --a------ C:\install.dat
2008-04-02 19:26 . 2008-04-02 19:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-01 03:48 . 2003-05-07 13:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-03-31 01:04 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Yahoo!
2008-03-29 22:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-29 22:57 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 90,624 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\vidcap.ax
2008-03-29 22:43 . 2004-08-04 00:56 28,672 --a--c--- C:\WINDOWS\system32\dllcache\vidcap.ax
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 18:35 . 2008-03-27 18:35 268 --ah----- C:\sqmdata02.sqm
2008-03-27 18:35 . 2008-03-27 18:35 244 --ah----- C:\sqmnoopt02.sqm
2008-03-25 19:39 . 2006-02-28 08:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2008-03-25 19:37 . 2008-03-25 19:37 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\NPLUTO Corporation
2008-03-25 19:32 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-03-25 18:19 . 2008-04-03 01:15 <DIR> d-------- C:\Program Files\DriftCity
2008-03-24 20:46 . 2008-03-24 20:46 31 --a------ C:\WINDOWS\GunzLauncher.INI
2008-03-24 18:22 . 2008-03-24 18:22 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-24 18:22 . 2003-07-17 05:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-24 18:22 . 2004-12-31 20:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-24 15:38 . 2008-03-24 15:38 <DIR> d-------- C:\ijji
2008-03-24 15:38 . 2008-03-25 10:32 <DIR> d--h----- C:\Documents and Settings\Fred\Application Data\ijjigame
2008-03-23 15:57 . 2008-03-23 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-03-23 15:56 . 2008-03-29 22:43 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-23 15:56 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-03-23 15:56 . 2008-03-23 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-20 10:40 . 2008-03-20 10:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-19 16:47 . 2008-03-19 16:47 <DIR> d-------- C:\Program Files\CCleaner
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-13 19:12 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-12 20:58 . 2008-03-12 20:58 <DIR> d-------- C:\WINDOWS\PaltalkScene
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Program Files\Paltalk Messenger
2008-03-12 20:58 . 2008-04-08 22:34 <DIR> d-------- C:\Documents and Settings\Fred\Application Data\Paltalk
2008-03-11 13:04 . 2008-03-11 13:04 268 --ah----- C:\sqmdata01.sqm
2008-03-11 13:04 . 2008-03-11 13:04 244 --ah----- C:\sqmnoopt01.sqm
2008-03-10 14:38 . 2008-03-10 14:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-03-10 14:35 . 2008-03-10 14:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-10 14:35 . 2008-01-18 03:36 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-03-10 14:29 . 2008-03-10 14:29 268 --ah----- C:\sqmdata00.sqm
2008-03-10 14:29 . 2008-03-10 14:29 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 16:20 --------- d-----w C:\Documents and Settings\Fred\Application Data\Xfire
2008-04-10 14:32 --------- d-----w C:\Program Files\SwiftKit
2008-04-10 04:17 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-10 04:17 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-10 02:20 --------- d-----w C:\Program Files\Xfire
2008-04-09 22:35 --------- d-----w C:\Documents and Settings\Fred\Application Data\LimeWire
2008-04-09 02:36 --------- d-----w C:\Program Files\Electronic Arts
2008-04-09 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 02:34 --------- d-----w C:\Program Files\NCSoft
2008-04-07 22:38 --------- d-----w C:\Program Files\WarRock
2008-04-07 17:28 --------- d-----w C:\Program Files\iTunes
2008-04-07 17:27 --------- d-----w C:\Program Files\QuickTime
2008-04-03 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-03 05:14 --------- d-----w C:\Documents and Settings\Fred\Application Data\Apple Computer
2008-03-30 18:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-23 19:56 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-11 17:03 --------- d-----w C:\Program Files\Steam
2008-03-10 03:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-10 03:15 --------- d-----w C:\Program Files\Windows Live
2008-03-10 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 23:21 --------- d-----w C:\Documents and Settings\Fred\Application Data\GetRightToGo
2008-03-06 16:59 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-03-06 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-06 15:15 --------- d-----w C:\Documents and Settings\Fred\Application Data\InstallShield
2008-03-05 00:58 --------- d-----w C:\Program Files\Midway Home Entertainment
2008-02-27 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-21 19:45 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-21 19:45 --------- d--h--r C:\Documents and Settings\Fred\Application Data\SecuROM
2008-02-21 19:45 --------- d-----w C:\Program Files\GameSpy
2008-02-21 19:41 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-02-21 19:41 22,328 ----a-w C:\Documents and Settings\Fred\Application Data\PnkBstrK.sys
2008-02-21 07:20 --------- d-----w C:\Program Files\Disney
2008-02-21 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-21 07:00 --------- d-----w C:\Documents and Settings\Fred\Application Data\acccore
2008-02-21 06:55 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-02-21 06:55 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-02-20 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-20 23:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-20 23:34 --------- d-----w C:\Documents and Settings\Fred\Application Data\SystemRequirementsLab
2008-02-20 22:28 --------- d-----w C:\Program Files\Realtek
2008-02-20 22:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-20 22:02 --------- d-----w C:\Documents and Settings\Fred\Application Data\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Ventrilo
2008-02-20 22:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-20 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SwiftKit
2008-02-20 21:59 --------- d-----w C:\Program Files\Apple Software Update
2008-02-20 21:58 --------- d-----w C:\Program Files\VentSrv
2008-02-20 21:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-20 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-20 21:57 --------- d-----w C:\Program Files\LimeWire
2008-02-20 21:57 --------- d-----w C:\Program Files\Java
2008-02-20 21:55 --------- d-----w C:\Program Files\Common Files\Java
2008-02-20 21:54 --------- d-----w C:\Documents and Settings\Fred\Application Data\Logitech
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-20 21:53 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-20 21:52 --------- d-----w C:\Program Files\Logitech
2008-02-20 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-20 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-20 21:36 --------- d-----w C:\Program Files\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-20 21:36 --------- d-----w C:\Program Files\AIM6
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-20 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-20 21:25 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-29 16:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Fred\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 06:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-04-24 22:52 385024 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayNC Launcher]
C:\program files\ncsoft\launcher\NCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
C:\Program Files\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoveIT Pro XT]
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 02:54 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 06:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-05 22:13 1266936 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 04:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\WarRock\\WRLauncher.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\WarRock\\System\\WarRock.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 AGR1310_51;Agere Systems ET-13xx PCI-E Ethernet Adapter XP Driver;C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys [2006-02-12 22:15]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-02 12:26:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 12:22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-10 12:22:22
ComboFix-quarantined-files.txt 2008-04-10 16:22:12
ComboFix2.txt 2008-04-09 19:50:50
ComboFix3.txt 2008-04-09 18:25:54
ComboFix4.txt 2008-04-09 18:12:43
ComboFix5.txt 2008-04-09 15:21:15
Pre-Run: 139,719,589,888 bytes free
Post-Run: 139,708,022,784 bytes free
.
2008-04-04 04:25:03 --- E O F ---

My computer seems to be running much better compared to before, thanks for the help. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP