Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • This topic is locked This topic is locked
2 replies to this topic

#1 Ken McAndrew

Ken McAndrew

  • Members
  • 1 posts
  • Local time:09:21 AM

Posted 23 January 2009 - 05:44 PM

I had this virus picked up by my anti virus software. Since then I cannot execute PnkBstrA on startup, nor can I update the file and get it going again using the pb utility file. It just keeps encountering a problem and shutting down. In addition the computer has a service.exe not ending when I shut down. Seems to be running slow on boot up and shut down. I also think it impacted my restore points and security.

I used Ccleaner, SpyDoctor, Ewido which found items to be remove and everything is now clean but it did not fix the problem.

I appreciate your help. Thanks...........Ken

DDS (Ver_09-01-19.01) - NTFSx86
Run by Ken McAndrew at 17:37:47.75 on 23/01/2088
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.983 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Aventail\Connect\as32svc.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ken McAndrew\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.ca/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\docume~1\kenmca~1\locals~1\temp\wowexec.exe","c:\windows\mchost.exe",
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Control Center] "c:\program files\asus\wlan card utilities\Center.exe"
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
mRun: [Lexmark X84-X85 Button Monitor] c:\progra~1\lexmar~1\ACMonitor_X84-X85.exe
mRun: [Lexmark X84-X85 Button Manager] c:\progra~1\lexmar~1\AcBtnMgr_X84-X85.exe
mRun: [nwiz] "nwiz.exe" /install
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [masqform.exe] "h:\program files\pureedge\viewer 6.0\masqform.exe" -UpdateCurrentUser
mRun: [Zboard] "c:\program files\ideazon\zengine\Zboard.exe"
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [wincam] c:\docume~1\kenmca~1\locals~1\temp\rarsfx0\services.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\micros~1\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} - hxxps://secure.dmr.com/postauthI/epi.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134619858421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - h:\program files\ewido anti-spyware 4.0\shellexecutehook.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kenmca~1\applic~1\mozilla\firefox\profiles\dmussht2.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - plugin: c:\documents and settings\ken mcandrew\application data\mozilla\firefox\profiles\dmussht2.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-12-15 24971]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-1-25 109848]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;h:\program files\ewido anti-spyware 4.0\guard.sys [2006-6-16 3968]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-9-13 58464]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]
R3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [2005-12-14 16269]
R3 Astdi;Astdi;c:\program files\aventail\connect\asnttdi.sys [2005-8-19 126917]
R3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2007-10-12 1391040]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-9-13 108480]
R4 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-4-6 3584]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-9-13 102463]
R4 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
R4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
S3 Ascrypto;Ascrypto;c:\program files\aventail\connect\ascrypto.sys [2005-8-19 219299]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-10 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-10 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-10 81288]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\drivers\rcblan.sys [2008-12-31 39704]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-10 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-10 1079176]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [2005-12-14 258560]
S4 AVP;AVP; [x]
S4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;h:\program files\ewido anti-spyware 4.0\guard.exe [2006-6-16 172032]

=============== Created Last 30 ================

2088-01-23 13:20 388,608 a------- c:\windows\system32\cmd.execf
2088-01-23 13:10 107,888 a------- c:\windows\system32\CmdLineExt.dll
2088-01-22 20:04 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2088-01-22 20:04 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2088-01-22 20:04 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2088-01-22 20:04 17,408 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2088-01-22 20:04 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2088-01-22 20:04 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2088-01-22 20:04 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2088-01-22 20:04 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2088-01-22 20:02 64,605 ac------ c:\windows\system32\dllcache\vvoice.sys
2088-01-22 20:01 172,768 ac------ c:\windows\system32\dllcache\t2r4disp.dll
2088-01-22 20:00 28,160 ac------ c:\windows\system32\dllcache\sm91w.dll
2088-01-22 19:59 30,720 ac------ c:\windows\system32\dllcache\rthwcls.sys
2088-01-22 19:58 5,504 ac------ c:\windows\system32\dllcache\perc2hib.sys
2088-01-22 19:57 60,480 ac------ c:\windows\system32\dllcache\neo20xx.dll
2088-01-22 19:56 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2088-01-22 19:55 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2088-01-22 19:54 45,056 ac------ c:\windows\system32\dllcache\icam5com.dll
2088-01-22 19:53 455,296 ac------ c:\windows\system32\dllcache\fusbbase.sys
2088-01-22 19:53 92,160 ac------ c:\windows\system32\dllcache\fuusd.dll
2088-01-22 19:53 455,680 ac------ c:\windows\system32\dllcache\fus2base.sys
2088-01-22 19:53 442,240 ac------ c:\windows\system32\dllcache\fpnpbase.sys
2088-01-22 19:53 444,416 ac------ c:\windows\system32\dllcache\fpcibase.sys
2088-01-22 19:53 441,728 ac------ c:\windows\system32\dllcache\fpcmbase.sys
2088-01-22 19:53 34,173 ac------ c:\windows\system32\dllcache\forehe.sys
2088-01-22 19:53 71,680 ac------ c:\windows\system32\dllcache\fnfilter.dll
2088-01-22 19:53 27,165 ac------ c:\windows\system32\dllcache\fetnd5.sys
2088-01-22 19:53 22,090 ac------ c:\windows\system32\dllcache\fem556n5.sys
2088-01-22 19:51 29,696 ac------ c:\windows\system32\dllcache\dm9pci5.sys
2088-01-22 19:50 111,232 ac------ c:\windows\system32\dllcache\cl5465.dll
2088-01-22 19:49 41,472 ac------ c:\windows\system32\dllcache\brmfusb.dll
2088-01-22 19:48 36,224 ac------ c:\windows\system32\dllcache\an983.sys
2088-01-22 19:48 6,272 ac------ c:\windows\system32\dllcache\apmbatt.sys
2088-01-22 19:48 12,032 ac------ c:\windows\system32\dllcache\amsint.sys
2088-01-22 19:48 16,969 ac------ c:\windows\system32\dllcache\amb8002.sys
2088-01-22 19:48 5,248 ac------ c:\windows\system32\dllcache\aliide.sys
2088-01-22 19:48 27,678 ac------ c:\windows\system32\dllcache\ali5261.sys
2088-01-22 19:48 26,624 ac------ c:\windows\system32\dllcache\alifir.sys
2088-01-22 19:48 56,960 ac------ c:\windows\system32\dllcache\aic78xx.sys
2088-01-22 19:48 55,168 ac------ c:\windows\system32\dllcache\aic78u2.sys
2088-01-22 19:48 12,800 ac------ c:\windows\system32\dllcache\aha154x.sys
2088-01-22 19:48 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2088-01-22 17:59 66,872 a------- c:\windows\system32\PnkBstrAa.exe
2088-01-22 17:59 66,872 a------- c:\windows\system32\PnkBstrA.exe
2088-01-22 17:06 <DIR> --d----- c:\docume~1\kenmca~1\applic~1\Malwarebytes
2088-01-22 17:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2088-01-22 17:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2088-01-22 17:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2088-01-22 17:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2088-01-22 15:50 <DIR> --d----- c:\docume~1\kenmca~1\applic~1\Uniblue
2088-01-21 18:59 20 a------- c:\windows\ACMonitor_X84-X85.ini

==================== Find3M ====================

2088-01-23 13:54 0 ac------ c:\windows\system32\drivers\lvuvc.hs
2006-12-03 20:28 2,714 a------- c:\docume~1\kenmca~1\applic~1\SAS7_000.DAT
2007-09-13 15:16 105,627,680 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2007-09-13 15:16 371,744 ac-sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 17:38:12.48 ===============

forgot to mention I have a popup adultfriendfinder window that shows up for a few minutes and then disappears...........thanks Ken

I also just noticed that my clock change to the year 2088 on the 22 Jan. My win.ini and system.ini were change on jan 22 2088

Attached Files

  • Attached File  DDS.txt   14.66KB   2 downloads

Edited by Ken McAndrew, 24 January 2009 - 01:27 PM.

BC AdBot (Login to Remove)


#2 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:21 AM

Posted 04 February 2009 - 03:01 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:10:21 AM

Posted 09 February 2009 - 02:47 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users