1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Kind of serious... please help

Discussion in 'Virus & Other Malware Removal' started by M_R_G, Mar 29, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Hi everyone,

    I am a newbie here, so I apologize if this post isn't perfect. But don't worry, I haven't posted any logs yet.

    I am running Windows XP

    I have had a weird problem for a long time (maybe 6 months). Everytime I open a program, I get a pop up saying

    "C:\Windows\system32\skqncbib.dll" is not a valid image and I need to check my installation disk.

    I just ignored it for a long time. I also had the problem that when I started up my comp. I had to run explorer.exe from the task manager. It wouldn't load on its own.

    So yesterday I decided to try and "fix" the problem...

    I saw a bunch of stuff on combofix. So I tried it and ignored the disclaimers. (I know... I know...)

    Well, it quarantined my explorer.exe file (turned it into explorer.exe.vir)

    How do I get this back and how do I fix those pesky pop-ups and the underlying problem?

    ... and no... I don't have my installation disk.

    Thx in advance
     
  2. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Just in case anyone is curious, I am attaching the combofix.txt log:

    "Mr. G" - 2009-03-28 14:47:58 Service Pack 3
    ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Mr. G\Desktop\"


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    "C:\DOCUME~1\MRC61F~1.G\APPLIC~1.\macromedia\Flash Player\#SharedObjects\9RFHZH99\www.inter-focus.cn\IFFLASHAD_PLAYER.sol"
    "C:\DOCUME~1\MRC61F~1.G\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol"
    "C:\windows\system32\explorer.exe"
    "C:\DOCUME~1\MRC61F~1.G\APPLIC~1.\macromedia\Flash Player\#SharedObjects\9RFHZH99\www.inter-focus.cn"
    "C:\DOCUME~1\MRC61F~1.G\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn"


    ((((((((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-28 ))))))))))))))))))))))))))))))))))


    2009-03-27 20:19 86,016 --a------ C:\WINDOWS\unvise32.exe
    2009-03-27 20:19 <DIR> d-------- C:\Program Files\AxiomX
    2009-03-27 18:01 <DIR> d-------- C:\Program Files\PROGRAMS FROM GABE
    2009-03-25 12:52 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
    2009-03-25 12:52 <DIR> d-------- C:\WINDOWS\PrimoPDF4
    2009-03-25 12:52 <DIR> d-------- C:\Program Files\activePDF
    2009-03-09 15:23 526 --a------ C:\WINDOWS\system32\hppapr04.DAT
    2009-03-09 15:23 241,664 --a------ C:\WINDOWS\system32\hppapr04.DLL


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    2009-03-28 06:42:40 -------- d-----w C:\DOCUME~1\MRC61F~1.G\APPLIC~1\Skype
    2009-03-28 06:03:32 -------- d-----w C:\Program Files\Programs
    2009-03-27 11:13:47 -------- d-----w C:\Program Files\Google
    2009-03-27 10:31:10 -------- d-----w C:\Program Files\Random .exe files
    2009-03-27 10:03:09 -------- d-----w C:\Program Files\Sonic
    2009-03-12 15:03:47 -------- d-----w C:\DOCUME~1\MRC61F~1.G\APPLIC~1\CamfrogWEB
    2009-03-12 04:28:38 -------- d-----w C:\Program Files\ThreatFire
    2009-03-03 19:19:58 39,184 ----a-w C:\WINDOWS\system32\drivers\TfSysMon.sys
    2009-03-03 19:19:56 33,040 ----a-w C:\WINDOWS\system32\drivers\TfNetMon.sys
    2009-03-03 19:19:55 12,560 ----a-w C:\WINDOWS\system32\drivers\TfKbMon.sys
    2009-03-03 19:19:54 51,472 ----a-w C:\WINDOWS\system32\drivers\TfFsMon.sys
    2009-02-20 07:07:49 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2009-02-20 07:07:30 -------- d-----w C:\Program Files\Kainos Software
    2009-02-20 04:20:02 -------- d-----w C:\Program Files\Link
    2009-02-09 11:13:27 1,846,784 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-06-30 10:01:25 254,976 --sh--w C:\WINDOWS\system32\skqncbib.dll
    2004-08-08 10:02:59 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
    2004-08-08 10:01:25 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
    2004-08-08 10:01:14 1,040 --sh--w C:\WINDOWS\system32\erjxakin.sys
    2004-08-08 10:01:03 1,040 --sh--w C:\WINDOWS\system32\spmybapi.sys
    2004-08-08 10:00:57 503,304 --sh--w C:\WINDOWS\system32\zxmsdwin.dll
    2004-08-08 10:00:57 1,040 --sh--w C:\WINDOWS\system32\fzmsbwin.sys
    2004-08-08 10:00:42 520 --sh--w C:\WINDOWS\system32\gpzhatde.sys
    2004-08-08 10:00:30 520 --sh--w C:\WINDOWS\system32\xfztbmsn.sys
    2004-08-08 10:00:27 1,040 --sh--w C:\WINDOWS\system32\spwdbapi.sys
    2004-08-08 10:00:19 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
    2004-08-08 09:59:48 520 --sh--w C:\WINDOWS\system32\smmhbsrv.sys


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {00000000-12C9-4305-82F9-43058F20E8D2}=C:\Program Files\QQ\QQDownload\QQIEHelper01.dll [2007-06-19 16:39]
    {32023698-6984-8541-9654-698745012523}=C:\WINDOWS\system32\skqncbib.dll [2008-06-30 18:01]
    {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 21:20]
    {7A041F13-A111-12A3-B0CF-F99818AA68A7}=C:\WINDOWS\system32\zxmsdwin.dll [2004-08-08 18:00]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}=C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-03-27 19:10]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-23 15:47]
    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}=C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-03-27 19:10]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 08:13]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-06 03:37]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-29 02:41]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 05:48]
    "ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2009-03-04 03:19]
    "RegistryMechanic"="" []
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 05:22]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-13 19:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-06 12:43]
    "SUPERAntiSpyware"="C:\Desktop\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 20:20]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{7A041F13-A111-12A3-B0CF-F99818AA68A7}"="C:\WINDOWS\system32\zxmsdwin.dll" [2004-08-08 18:00]
    "{32023698-6984-8541-9654-698745012523}"="C:\WINDOWS\system32\skqncbib.dll" [2008-06-30 18:01]
    "{189F087F-4378-405F-85FA-37D955AD7A8C}"="C:\WINDOWS\system32\mtewdh.dll" []
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Desktop\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Desktop\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    %SystemRoot%\System32\dimsntfy.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,yzztkmsn.dll,skqncbib.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctorMain.exe]
    Debugger=TASKMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SelfUpdate.exe]
    Debugger=TASKMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    eapsvcs eaphost
    dot3svc dot3svc

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
    napagent


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1010a0f8-8750-11dc-9f01-0016366016ad}]
    play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1010a103-8750-11dc-9f01-0016366016ad}]
    AutoRun\command- G:\tvjhefu.exe
    explore\Command- G:\tvjhefu.exe
    open\Command- G:\tvjhefu.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3082c392-c6fb-11db-9e69-001302a44c12}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85bed2de-c4e3-11dd-9fd9-001302a44c12}]
    AutoRun\command- a.exe
    explore\Command- a.exe
    open\Command- a.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ee08239-265d-11dd-9f44-001302a44c12}]
    play\Command- "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f19bfbd-f5d7-11dc-9f29-001302a44c12}]
    play\command- "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9991db73-b3ed-11dc-9f0d-000000000000}]
    0\command- D:\tool.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tool.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9de57-e9a9-11db-9e82-001302a44c12}]
    AutoRun\command- F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9de58-e9a9-11db-9e82-001302a44c12}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9de5b-e9a9-11db-9e82-001302a44c12}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9de5c-e9a9-11db-9e82-001302a44c12}]
    AutoRun\command- F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9de5d-e9a9-11db-9e82-001302a44c12}]
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf9ed00d-ed32-11dc-9f24-001302a44c12}]
    play\command- "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da767e88-de01-11db-9e7c-001302a44c12}]
    1\Command- F:\.\RECYCLER\RECYCLER\autorun.exe
    2\Command- F:\.\RECYCLER\RECYCLER\autorun.exe
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f875655f-0426-11dc-9e9d-001302a44c12}]
    Auto\command- F:\RavMonE.exe e
    AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e


    Contents of the 'Scheduled Tasks' folder
    2009-02-15 04:46:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2009-03-28 06:48:09 C:\WINDOWS\tasks\Google Software Updater.job

    ********************************************************************

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-28 14:52:57
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0


    ********************************************************************

    Completion time: 2009-03-28 14:55:07
    C:\ComboFix-quarantined-files.txt ... 2009-03-28 14:55

    --- E O F ---
     
  3. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Sorry,

    Bumping
     
  4. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    bump
     
  5. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    bump
     
  6. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Bump
     
  7. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Sorry, still bumping
     
  8. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Bump de bump bump bump
     
  9. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Bumpified!!!
     
  10. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Bumped (and sorry about creating multiple threads!)
     
  11. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
    Bump
     
  12. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
  13. M_R_G

    M_R_G Thread Starter

    Joined:
    Mar 28, 2009
    Messages:
    14
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Kind serious please
  1. Mantas101
    Replies:
    13
    Views:
    829
  2. buttkiss
    Replies:
    12
    Views:
    1,556
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/813971

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice