Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Not sure .....

  • This topic is locked This topic is locked
2 replies to this topic

#1 Satomi


  • Members
  • 1 posts
  • Local time:07:40 PM

Posted 15 May 2009 - 09:19 AM

not sure what it is, but it come up with a " -bad image C:\window\system32\dunuhobu.dll is not a valid windows image. Please check this against your installation diskette. " when i search up google you guys came up also there post in www.microsoft.com too.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Erika at 0:07:26.68 on Sat 05/16/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2066 [GMT 10:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CometBird\CometBird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\MpcStar\mpcstar.exe
C:\Documents and Settings\Erika\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/m/
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: {2745e410-518b-408a-8446-35e6d0a66ea1} - c:\windows\system32\waguroho.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [<NO NAME>]
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Flashget] c:\program files\flashget\flashget.exe /min
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [gemolodule] Rundll32.exe "c:\windows\system32\yadebene.dll",s
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\erika\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\erika\startm~1\programs\startup\needfo~1.lnk - c:\program files\ea games\need for speed undercover\support\EAregister.exe
StartupFolder: c:\docume~1\erika\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\erika\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.1.15.dll/206
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223443585609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223461120281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer =,
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\dunuhobu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\dunuhobu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\erika\applic~1\mozilla\firefox\profiles\wrwzpcb0.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/m/
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\erika\application data\mozilla\firefox\profiles\wrwzpcb0.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\mpcstar\codecs\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-3-25 33824]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-17 55152]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-10-7 3712]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-5-5 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-1-24 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-1-24 54608]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-5-5 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-5-5 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-5-5 171400]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-9-29 83008]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva212;XDva212;\??\c:\windows\system32\xdva212.sys --> c:\windows\system32\XDva212.sys [?]
S3 XDva215;XDva215;\??\c:\windows\system32\xdva215.sys --> c:\windows\system32\XDva215.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\xdva259.sys --> c:\windows\system32\XDva259.sys [?]

=============== Created Last 30 ================

2009-05-15 19:03 <DIR> --d----- C:\swsetup
2009-05-15 18:34 244,232 a------- c:\windows\system32\WmJoyFrc.dll
2009-05-15 18:34 49,160 a------- c:\windows\system32\drivers\WmXlCore.sys
2009-05-15 18:34 31,240 a------- c:\windows\system32\drivers\WmHidLo.sys
2009-05-15 18:34 29,192 a------- c:\windows\system32\drivers\WmFilter.sys
2009-05-15 18:34 19,336 a------- c:\windows\system32\drivers\WmBEnum.sys
2009-05-15 18:34 14,728 a------- c:\windows\system32\drivers\WmVirHid.sys
2009-05-15 18:03 <DIR> --d----- c:\program files\EA Games
2009-05-12 22:35 <DIR> --d----- c:\docume~1\erika\applic~1\LimeWire
2009-05-12 22:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 22:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 22:33 <DIR> --d----- c:\program files\LimeWire
2009-05-12 21:44 <DIR> --d----- c:\program files\VLC
2009-05-05 09:19 <DIR> --d----- c:\windows\35C03C043F1F42C2A989A757EE691F65.TMP
2009-05-05 09:18 <DIR> --d----- c:\program files\McAfee 8.5i Installer
2009-05-05 07:52 1,495,552 a------- c:\windows\system32\epoPGPsdk.dll
2009-05-05 07:52 280 a------- c:\windows\system32\epoPGPsdk.dll.sig
2009-05-05 07:52 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-05-05 07:52 64,232 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-05-05 07:52 33,960 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-05 07:52 171,400 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-05 07:52 72,936 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-05 07:52 52,104 a------- c:\windows\system32\drivers\mfetdik.sys
2009-05-05 07:51 <DIR> --d----- c:\program files\McAfee
2009-05-05 07:51 <DIR> --d----- c:\program files\common files\McAfee
2009-05-05 07:43 <DIR> --d----- C:\QUARANTINE
2009-05-05 07:41 512 a------- c:\windows\randseed.rnd
2009-05-05 07:30 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-05-05 07:29 <DIR> --d----- c:\windows\Internet Logs
2009-05-05 07:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Network Associates
2009-05-05 07:27 <DIR> --d----- c:\program files\common files\Network Associates
2009-05-05 07:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2009-05-04 20:57 4 a------- c:\windows\system32\gxvxccounter
2009-04-30 07:19 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-27 18:53 <DIR> --d----- c:\program files\SocksCapV2
2009-04-27 18:53 299,520 a------- c:\windows\uninst.exe
2009-04-27 18:52 <DIR> --d----- c:\documents and settings\erika\WINDOWS
2009-04-27 18:30 <DIR> --d----- c:\docume~1\erika\applic~1\FreeCap
2009-04-23 01:56 <DIR> --d----- c:\program files\Curse
2009-04-23 01:53 480 a------- c:\windows\system32\mstmpxmlenv.xml

==================== Find3M ====================

2009-05-15 18:43 138,184 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 18:42 183,112 a------- c:\windows\system32\PnkBstrB.exe
2009-05-12 17:37 716,800 a------- c:\windows\system32\SkinFeature.dll
2009-05-05 07:35 90,112 a------- c:\windows\DUMP5fc3.tmp
2009-04-20 03:37 73,728 a------- c:\windows\system32\imcomm.dll
2009-04-14 19:02 22,328 a------- c:\docume~1\erika\applic~1\PnkBstrK.sys
2009-04-14 19:02 682,280 a------- c:\windows\system32\pbsvc.exe
2009-04-14 19:02 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-04-13 19:01 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-25 17:56 33,824 a------- c:\windows\system32\drivers\oreans32.sys
2009-03-23 11:10 78,203 a------- c:\windows\War3Unin.dat
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll

============= FINISH: 0:09:09.90 ===============


DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2008 12:37:33 PM
System Uptime: 5/15/2009 11:29:27 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | StrikerExtreme
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 122 GiB total, 16.161 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 35.289 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 0.091 GiB free.
F: is FIXED (NTFS) - 111 GiB total, 39.65 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP208: 4/30/2009 4:32:39 PM - System Checkpoint
RP209: 4/30/2009 9:33:08 PM - System Checkpoint
RP210: 5/1/2009 9:55:29 PM - System Checkpoint
RP211: 5/3/2009 2:18:06 AM - System Checkpoint
RP212: 5/15/2009 7:03:16 PM - Removed Battlefield 2142
RP213: 5/15/2009 11:30:59 PM - Restore Operation
RP214: 5/15/2009 11:45:45 PM - Installed Windows Defender
RP215: 5/15/2009 11:47:02 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BitComet 1.09
Choice Guard
Combined Community Codec Pack 2008-09-21 16:18
CometBird (3.0.10)
Curse Client
High Definition Audio Driver Package - KB888111
Highlight Viewer (Windows Live Toolbar)
Hotfix for Windows XP (KB954708)
Java™ 6 Update 11
Junk Mail filter update
Lexmark X215 - TWAIN
LimeWire 5.1.2
Logitech Desktop Messenger
Logitech SetPoint
Map Button (Windows Live Toolbar)
McAfee VirusScan Enterprise
Mega Manager
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (3.0.10)
MpcStar 3.4
Nero 6 Ultra Edition
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX v8.09.04
OtsTurntables Free 1.00.027
Pando Media Booster
PunkBuster Services
Segoe UI
Skype™ 4.0
Smart Menus (Windows Live Toolbar)
SocksCap V2
Team Fortress 2
TeamSpeak 2 RC2
Ventrilo Client
Veoh Web Player Beta
VLC media player 0.9.9
Warcraft III: All Products
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
WolfTeam International
World of Warcraft
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

5/15/2009 9:25:23 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
5/15/2009 9:25:23 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
5/15/2009 9:22:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ForceWare IP service service to connect.
5/15/2009 9:22:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ForceWare Intelligent Application Manager (IAM) service to connect.
5/15/2009 9:22:43 PM, error: Service Control Manager [7000] - The ForceWare IP service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/15/2009 9:22:43 PM, error: Service Control Manager [7000] - The ForceWare Intelligent Application Manager (IAM) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/15/2009 6:57:01 PM, error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).
5/15/2009 11:48:22 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 2 time(s).
5/15/2009 11:37:10 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
5/14/2009 4:19:33 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume5'. It has stopped monitoring the volume.

==== End Of File ===========================

Attached Files

Edited by Satomi, 15 May 2009 - 09:20 AM.

BC AdBot (Login to Remove)


#2 SifuMike


    malware expert

  • Members
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:40 AM

Posted 24 May 2009 - 04:22 PM

Hello Satomi,

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 13.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java™ 6 Update 11
    Java 2 Runtime Environment, SE v1.4.2
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 6
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

Please download Malwarebytes' Anti-Malware from one of these places:

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike


    malware expert

  • Members
  • 15,385 posts
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:40 AM

Posted 30 May 2009 - 01:51 PM

This thread will now be closed due to lack of feedback.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users