Thread: cannot remove pmnooli.dll, vundo file
View Single Post
Old 06-29-2007, 05:00 PM   #10 (permalink)
tristan_m43
Registered User
 
Join Date: Jun 2007
Location: KC
Posts: 13
OS: xp


Re: cannot remove pmnooli.dll, vundo file
Here is the combofix with combofix-do log:

""zane" - 2007-06-29 17:49:56 - ComboFix 07-06-28.2 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\zane\My Documents\temp\combofix-do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\haley\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv55.jar-13af7ed2-422418f7.zip
C:\Documents and Settings\haley\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loadertraff.jar-428149e2-628101e6.zip
C:\Documents and Settings\zane\My Documents\temp\hijackthis\backups
C:\Program Files\ComPlus Applications\hoke83122.dll
C:\WINDOWS\notepad.exe.tmp
C:\WINDOWS\SYSTEM32\IPXMONPR.dll
C:\WINDOWS\winmain.exe


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-29 )))))))))))))))))))))))))))))))


2007-06-28 17:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-28 10:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2007-06-28 10:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-27 17:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-22 14:13 <DIR> d-------- C:\VundoFix Backups
2007-06-13 11:22 7,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\motccgpfl.sys
2007-06-13 11:22 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\motswch.sys
2007-06-13 11:22 21,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\motport.sys
2007-06-13 11:22 21,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\motmodem.sys
2007-06-13 11:22 17,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\motccgp.sys
2007-06-13 11:22 1,419,232 --a------ C:\WINDOWS\SYSTEM32\wdfcoinstaller01005.dll
2007-06-13 11:21 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE
2007-06-13 11:21 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-29 22:54:02 16,118 ----a-w C:\WINDOWS\system32\tablet.dat
2007-06-29 22:52:57 3,821 ----a-w C:\WINDOWS\system32\fxst3pd.dat
2007-06-29 22:52:57 2,438,030 ----a-w C:\WINDOWS\system32\nvrsnkpq.dat
2007-06-29 22:52:57 1,079 ----a-w C:\WINDOWS\system32\wmdmloa.dat
2007-06-29 02:28:32 15,678 ----a-w C:\WINDOWS\system32\mydocef.dat
2007-06-28 15:16:17 24 ----a-w C:\WINDOWS\system32\docpsop2.dat
2007-06-28 15:16:17 24 ----a-w C:\WINDOWS\system32\activedy.dat
2007-06-22 16:29:15 -------- d-----w C:\Program Files\Windows NT
2007-06-13 16:23:32 -------- d-----w C:\Program Files\Motorola Phone Tools
2007-05-28 14:25:51 -------- d-----w C:\DOCUME~1\zane\APPLIC~1\Azureus
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-28 18:54:31 -------- d-----w C:\Program Files\Kodak Digital Science
2007-04-28 18:54:31 -------- d-----w C:\Program Files\Common Files\Kodak
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 14:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]
C:\WINDOWS\p_981116.exe /Q:A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-29 17:54:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-29 17:55:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-29 17:55
C:\ComboFix2.txt ... 2007-06-28 10:16
C:\ComboFix3.txt ... 2007-06-27 18:04

--- E O F ---"
tristan_m43 is offline