Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1 (Edited)
I get constant popups with fake virus detections, sometimes strange downloads starting (luckily, never finishing), a "balloon" blinking in the right corner of the screen saying my computer is infested. I've had these sorts of problems before and mostly i've been able to fix it with the help from forums just like yours, but now I'm stuck, there has been no improvement so far. Here are the logs from Deckard's and ComboFix:

Deckard's System Scanner v20071014.68
Run by Bo Jemstedt on 2007-11-17 21:29:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Bo Jemstedt.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-17 21:30:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program\Intel\Intel Application Accelerator\IAANTmon.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\SYSTEM32\wuauclt.exe
C:\Program\Windows Live\Messenger\usnsvc.exe
C:\Download\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spray.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O1 - Hosts: 216.239.37.101 www.k-lite.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
O2 - BHO: (no name) - {60E2746A-9C2E-45A2-85CE-7E1A8A890961} - C:\WINDOWS\SYSTEM32\nnnolml.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D1F7D02-2F61-44DD-BFA7-8E9D13744988} - C:\WINDOWS\SYSTEM32\pmkhe.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\SYSTEM32\pguvcmjf.dll
O2 - BHO: {a04a9fe1-e910-e729-34e4-f3bac40b6ecf} - {fce6b04c-ab3f-4e43-927e-019e1ef9a40a} - C:\WINDOWS\SYSTEM32\rosysnkb.dll
O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\pguvcmjf.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lwrhwdyg] C:\konrwdux.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Policies\Explorer\Run: [{102FBDBA-0C78-1053-0316-05110904002e}] "C:\Program\Delade filer\{102FBDBA-0C78-1053-0316-05110904002e}\Update.exe" mc-110-12-0000228
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O15 - Trusted Zone: https://www.lu.se (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://se.photobox.com/clients/uploader_v2.2.0.6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553548000} () - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B20DE.dat
O20 - Winlogon Notify: nnnolml - C:\WINDOWS\system32\nnnolml.dll
O20 - Winlogon Notify: pguvcmjf - C:\WINDOWS\system32\pguvcmjf.dll
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\system32\winxtx32.dll
O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program\Intel\Intel Application Accelerator\IAANTmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Security Center (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe -k netsvcs


--
End of file - 8400 bytes

-- Files created between 2007-10-17 and 2007-11-17 -----------------------------

2007-11-16 23:48:04 84545 --a------ C:\WINDOWS\system32\hiihruik.dll
2007-11-16 23:45:27 81984 --a------ C:\WINDOWS\system32\rosysnkb.dll
2007-11-16 23:45:26 145774 --a------ C:\WINDOWS\system32\pguvcmjf.dll
2007-11-16 23:45:04 145774 --a------ C:\WINDOWS\system32\jdfnnyht.dll
2007-11-16 18:56:47 36352 --a------ C:\WINDOWS\system32\awtsqrp.dll
2007-11-16 18:55:05 104960 --a------ C:\WINDOWS\system32\drvcel.dll
2007-11-16 12:18:00 0 d-------- C:\WINDOWS\system32\sv-se
2007-11-16 12:15:12 0 d-------- C:\WINDOWS\network diagnostic
2007-11-16 11:40:17 126121 --ahs---- C:\WINDOWS\system32\ehkmp.ini2
2007-11-16 11:40:12 320096 --a------ C:\WINDOWS\system32\pmkhe.dll
2007-11-16 11:35:08 36352 --a------ C:\WINDOWS\system32\nnnolml.dll
2007-11-15 22:54:20 114688 --a------ C:\Documents and Settings\All Users\Application Data\zqxkbazw.dll
2007-11-15 10:54:14 114688 --a------ C:\Documents and Settings\All Users\Application Data\alcdovkv.dll
2007-11-14 09:10:17 0 d-------- C:\WINDOWS\system32\fibagbia
2007-11-14 09:10:16 114688 --a------ C:\Documents and Settings\All Users\Application Data\mnyvupcz.dll
2007-11-13 09:30:14 0 d-------- C:\Program\Microsoft CAPICOM 2.1.0.2
2007-11-12 13:34:54 0 d-------- C:\Program\Windows Journal Viewer
2007-11-12 13:21:01 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller
2007-11-12 13:20:43 0 d-------- C:\Program\Windows Live
2007-11-12 13:20:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-27 22:57:12 29322 --a------ C:\WINDOWS\DIIUnin.dat
2007-10-27 22:57:10 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-10-27 22:57:10 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-10-26 12:34:31 83008 --a------ C:\WINDOWS\system32\kmsbbcbi.dll
2007-10-26 08:39:05 120172 ---hs---- C:\WINDOWS\system32\yycdd.ini2
2007-10-25 02:53:49 104168 ---hs---- C:\WINDOWS\system32\yycdd.bak2
2007-10-24 14:10:57 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-10-24 14:10:57 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-10-24 13:59:46 0 d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\Sunbelt Software
2007-10-23 08:51:46 0 d-------- C:\WINDOWS\solcache
2007-10-23 08:51:08 0 d-------- C:\SIERRA
2007-10-23 08:51:08 0 d-------- C:\Program\Sierra On-Line
2007-10-23 08:47:21 2829 --a------ C:\WINDOWS\DiabUnin.pif
2007-10-23 08:47:20 9629 --a------ C:\WINDOWS\DiabUnin.dat
2007-10-22 18:19:15 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-22 14:53:11 120115 ---hs---- C:\WINDOWS\system32\yycdd.bak1
2007-10-22 14:47:43 44054 --a------ C:\WINDOWS\system32\ddcbcdd.dll
2007-10-22 14:47:31 22016 --a------ C:\WINDOWS\system32\winxtx32.dll
2007-10-22 14:31:33 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-22 13:14:08 0 d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\dvdcss


-- Find3M Report ---------------------------------------------------------------

2007-11-14 23:43:15 0 d-------- C:\Program\Ventrilo
2007-11-14 23:42:58 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-11-14 13:14:08 0 d-------- C:\Program\Delade filer\Symantec Shared
2007-11-12 15:33:18 73885 --a------ C:\WINDOWS\War3Unin.dat
2007-11-12 13:21:01 0 d-------- C:\Program\Delade filer
2007-11-12 13:17:33 0 d-------- C:\Program\MSN Messenger
2007-10-29 18:15:44 0 d-------- C:\Program\Winamp
2007-10-28 09:42:26 405314 --a------ C:\WINDOWS\system32\perfh01D.dat
2007-10-28 09:42:26 74494 --a------ C:\WINDOWS\system32\perfc01D.dat
2007-10-27 23:08:22 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-10-27 23:08:22 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-10-27 23:08:22 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-10-22 17:47:37 0 d-------- C:\Program\Windows Media Connect 2
2007-10-22 17:47:37 0 d-------- C:\Program\Nordnet Deklaration
2007-10-22 17:47:36 0 d-------- C:\Program\xvid
2007-10-22 17:47:34 0 d-------- C:\Program\UniUploader
2007-10-22 17:47:34 0 d-------- C:\Program\Sony Ericsson
2007-10-22 17:47:33 0 d-------- C:\Program\Microsoft Works
2007-10-22 17:47:32 0 d-------- C:\Program\Messenger
2007-10-22 17:47:31 0 d-------- C:\Program\GameSpy Arcade
2007-10-17 10:17:57 0 d-------- C:\Program\Delade filer\Adobe
2007-10-16 14:51:24 0 d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\Personal
2007-10-16 14:51:22 0 d-------- C:\Program\Personal
2007-10-16 14:51:22 0 d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\Netscape
2007-10-16 14:51:22 0 d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\Mozilla
2007-10-07 12:11:26 0 d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\vlc
2007-10-07 12:06:51 0 d-------- C:\Program\VideoLAN
2007-10-07 10:06:31 0 d--h----- C:\Program\InstallShield Installation Information
2007-10-05 12:21:28 0 d-------- C:\Program\Kazaa
2007-10-04 13:25:41 0 d-------- C:\Program\Laccess USB audio
2007-10-03 22:14:58 0 d-------- C:\Program\Symantec
2007-09-17 21:13:04 0 d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\Skype
2007-08-22 10:45:12 266240 --a------ C:\WINDOWS\Cmi108Uninstall.exe <Not Verified; C-Media Corporation; CmiUSBUninstall Application>
2007-08-22 10:42:34 274432 --a------ C:\WINDOWS\system32\CM108rm.exe <Not Verified; C-Media; CmiRemoveDriver Application>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- End of Deckard's System Scanner: finished at 2007-11-17 21:30:47 ------------

ComboFix 07-11-08.3 - Bo Jemstedt 2007-11-17 23:05:40.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.779 [GMT 1:00]
Running from: C:\Documents and Settings\Bo Jemstedt\Skrivbord\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start-meny\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start-meny\Online Security Guide.lnk
C:\Documents and Settings\Bo Jemstedt\Favoriter\Online Security Guide.lnk
C:\Documents and Settings\Bo Jemstedt\Skrivbord\Live Safety Center.lnk
C:\Documents and Settings\Bo Jemstedt\Skrivbord\Online Security Guide.lnk
C:\WINDOWS\SYSTEM32\ehkmp.ini
C:\WINDOWS\SYSTEM32\ehkmp.ini2
C:\WINDOWS\system32\pguvcmjf.dllbox
C:\WINDOWS\system32\pmkhe.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data.\alcdovkv.dll
C:\Documents and Settings\All Users\Application Data.\mnyvupcz.dll
C:\Documents and Settings\All Users\Application Data.\zqxkbazw.dll
C:\Documents and Settings\All Users\Start-meny\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start-meny\Online Security Guide.lnk
C:\Documents and Settings\Bo Jemstedt\Application Data\CROSOF~1.NET
C:\Documents and Settings\Bo Jemstedt\Application Data\ICROSO~1
C:\Documents and Settings\Bo Jemstedt\Application Data\macromedia\Flash Player\#SharedObjects\H8PLYL7Z\www.broadcaster.com
C:\Documents and Settings\Bo Jemstedt\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Bo Jemstedt\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Bo Jemstedt\Application Data\PPATCH~1
C:\Documents and Settings\Bo Jemstedt\Application Data\YSTEM3~1
C:\Documents and Settings\Bo Jemstedt\Favoriter\Online Security Guide.lnk
C:\Documents and Settings\Bo Jemstedt\Mina dokument\FNTS~1
C:\Documents and Settings\Bo Jemstedt\Mina dokument\SKS~1
C:\Documents and Settings\Bo Jemstedt\Skrivbord\Live Safety Center.lnk
C:\Documents and Settings\Bo Jemstedt\Skrivbord\Online Security Guide.lnk
C:\Program\Delade filer\{102FB~1
C:\Program\icroso~1.net
C:\WINDOWS\cookies.ini
C:\WINDOWS\ecurit~1
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\ddcbcdd.dll
C:\WINDOWS\SYSTEM32\ehkmp.ini
C:\WINDOWS\SYSTEM32\ehkmp.ini2
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\SYSTEM32\ibcbbsmk.ini
C:\WINDOWS\system32\kmsbbcbi.dll
C:\WINDOWS\system32\pguvcmjf.dllbox
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\winxtx32.dll
C:\WINDOWS\system32\wnstssu.exe
C:\WINDOWS\SYSTEM32\yycdd.bak1
C:\WINDOWS\SYSTEM32\yycdd.bak2
C:\WINDOWS\SYSTEM32\yycdd.ini
C:\WINDOWS\SYSTEM32\yycdd.ini2
C:\WINDOWS\SYSTEM32\yycdd.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR




((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 23:03 2,150 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-17 22:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 10:59 <KAT> d-------- C:\Deckard
2007-11-16 23:48 84,545 --a------ C:\WINDOWS\SYSTEM32\hiihruik.dll
2007-11-16 23:45 145,774 --a------ C:\WINDOWS\SYSTEM32\pguvcmjf.dll
2007-11-16 23:45 145,774 --a------ C:\WINDOWS\SYSTEM32\jdfnnyht.dll
2007-11-16 23:45 81,984 --a------ C:\WINDOWS\SYSTEM32\rosysnkb.dll
2007-11-16 18:56 36,352 --a------ C:\WINDOWS\SYSTEM32\awtsqrp.dll
2007-11-16 18:55 104,960 --a------ C:\WINDOWS\SYSTEM32\drvcel.dll
2007-11-16 11:35 36,352 --a------ C:\WINDOWS\SYSTEM32\nnnolml.dll
2007-11-13 09:30 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2
2007-11-13 08:00 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-11-13 08:00 207,736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-11-12 13:34 <KAT> d-------- C:\Program\Windows Journal Viewer
2007-11-12 13:21 <KAT> d--hsc--- C:\Program\Delade filer\WindowsLiveInstaller
2007-11-12 13:20 <KAT> d-------- C:\Program\Windows Live
2007-11-12 13:20 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-27 22:57 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2007-10-27 22:57 29,322 --a------ C:\WINDOWS\DIIUnin.dat
2007-10-27 22:57 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2007-10-24 14:10 0 --a------ C:\WINDOWS\SYSTEM32\SBRC.dat
2007-10-24 14:10 0 --a------ C:\WINDOWS\SYSTEM32\SBFC.dat
2007-10-24 13:59 <KAT> d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\Sunbelt Software
2007-10-23 08:51 <KAT> d-------- C:\WINDOWS\solcache
2007-10-23 08:51 <KAT> d-------- C:\SIERRA
2007-10-23 08:51 <KAT> d-------- C:\Program\Sierra On-Line
2007-10-23 08:47 9,629 --a------ C:\WINDOWS\DiabUnin.dat
2007-10-23 08:47 2,829 --a------ C:\WINDOWS\DiabUnin.pif
2007-10-22 19:30 462,848 --a------ C:\WINDOWS\SYSTEM32\ltkrn13n.dll
2007-10-22 19:30 450,560 --a------ C:\WINDOWS\SYSTEM32\ltimg13n.dll
2007-10-22 19:30 401,408 --a------ C:\WINDOWS\SYSTEM32\lfcmp13n.dll
2007-10-22 19:30 299,008 --a------ C:\WINDOWS\SYSTEM32\ltdis13n.dll
2007-10-22 19:30 206,336 --a------ C:\WINDOWS\SYSTEM32\ltefx13n.dll
2007-10-22 19:30 163,840 --a------ C:\WINDOWS\SYSTEM32\ltfil13n.dll
2007-10-22 19:30 69,632 --a------ C:\WINDOWS\SYSTEM32\lfgif13n.dll
2007-10-22 19:30 57,344 --a------ C:\WINDOWS\SYSTEM32\lfbmp13n.dll
2007-10-22 18:19 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-10-22 14:31 43,520 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-10-22 13:14 <KAT> d-------- C:\Documents and Settings\Bo Jemstedt\Application Data\dvdcss
2007-10-18 11:31 51,224 --a------ C:\WINDOWS\SYSTEM32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-14 22:43 --------- d-----w C:\Program\Ventrilo
2007-11-14 22:42 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard
2007-11-14 12:14 --------- d-----w C:\Program\Delade filer\Symantec Shared
2007-11-12 12:17 --------- d-----w C:\Program\MSN Messenger
2007-10-29 17:15 --------- d-----w C:\Program\Winamp
2007-10-22 16:47 --------- d-----w C:\Program\xvid
2007-10-22 16:47 --------- d-----w C:\Program\Windows Media Connect 2
2007-10-22 16:47 --------- d-----w C:\Program\UniUploader
2007-10-22 16:47 --------- d-----w C:\Program\Sony Ericsson
2007-10-22 16:47 --------- d-----w C:\Program\Nordnet Deklaration
2007-10-22 16:47 --------- d-----w C:\Program\Microsoft Works
2007-10-22 16:47 --------- d-----w C:\Program\GameSpy Arcade
2007-10-22 16:22 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-10-17 09:17 --------- d-----w C:\Program\Delade filer\Adobe
2007-10-16 13:51 --------- d-----w C:\Program\Personal
2007-10-16 13:51 --------- d-----w C:\Documents and Settings\Bo Jemstedt\Application Data\Personal
2007-10-16 13:51 --------- d-----w C:\Documents and Settings\Bo Jemstedt\Application Data\Netscape
2007-10-07 11:11 --------- d-----w C:\Documents and Settings\Bo Jemstedt\Application Data\vlc
2007-10-07 11:06 --------- d-----w C:\Program\VideoLAN
2007-10-07 09:06 --------- d--h--w C:\Program\InstallShield Installation Information
2007-10-05 11:21 --------- d-----w C:\Program\Kazaa
2007-10-04 12:25 --------- d-----w C:\Program\Laccess USB audio
2007-10-03 21:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 21:14 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 21:14 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 21:14 --------- d-----w C:\Program\Symantec
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-17 20:13 --------- d-----w C:\Documents and Settings\Bo Jemstedt\Application Data\Skype
2007-08-22 09:45 266,240 ----a-w C:\WINDOWS\Cmi108Uninstall.exe
2006-05-31 14:45 1,255,536 ----a-w C:\Program\Ventrilo.rar
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
2007-11-16 11:35 36352 --a------ C:\WINDOWS\system32\nnnolml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-16 23:45 145774 --a------ C:\WINDOWS\system32\pguvcmjf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fce6b04c-ab3f-4e43-927e-019e1ef9a40a}]
2007-11-16 23:45 81984 --a------ C:\WINDOWS\system32\rosysnkb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pguvcmjf.dll [2007-11-16 23:45 145774]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2005-06-23 14:25]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"Symantec PIF AlertEng"="C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"lwrhwdyg"="C:\konrwdux.bat" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"igndlm.exe"="C:\Program\IGN\Download Manager\DLM.exe" [2007-03-05 12:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"= C:\WINDOWS\system32\nnnolml.dll [2007-11-16 11:35 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnolml]
nnnolml.dll 2007-11-16 11:35 36352 C:\WINDOWS\SYSTEM32\nnnolml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pguvcmjf]
pguvcmjf.dll 2007-11-16 23:45 145774 C:\WINDOWS\SYSTEM32\pguvcmjf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhe.dll

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys
S3 NVoyager;SPACE Virtual xDSL Adapter;C:\WINDOWS\system32\DRIVERS\NVoyager.SYS
S3 USBPNPA;USB PnP Sound Device Interface;C:\WINDOWS\system32\drivers\CM108.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 07:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
"2007-11-17 22:01:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 23:09:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 23:10:16 - machine was rebooted
.
--- E O F ---



I hope you can help me!
 

·
Registered
Joined
·
3,025 Posts
Hi Kapul,

Please do not run ComboFix, as it is only meant to be used under supervision of those who are trained properly in malware removal.

------------------------------------------------------------------

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please run Deckard's System Scanner again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce two log for you (main.txt & extra.txt)

Please post main.txt, and attach extra.txt in your next reply.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top