trojan/popups/desktop problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
R

ReVo

Thread Starter
Joined
Jul 27, 2005
Messages
18
Hello, I seem to have a problem with my desktop changing and I'm getting lots of popups. And somehow my taskmanager got locked so I can't open it annymore. I used ad aware and spybot and it found some stuff but it still isn't completely fixed. Can somebody help me

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:23, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 216.239.116.23:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [kn8Y4b6gsq] C:\Documents and Settings\All Users.WINDOWS\Application Data\qtwbyxcx\yjilwdkn.exe
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_wi...&exversion=0.4&pass=20U91UA8&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_wi...e&exversion=0.4&pass=20U91UA8&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_wi...xversion=0.4&pass=20U91UA8&id=menu_ie_exclude
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://C:\Program Files\Bejeweled 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168376047500
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Bejeweled 2\Images\armhelper.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5026/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: (no name) - http://www.mafia-game.com/images/walpapers/wallpaper06.jpg
O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5606 bytes
 
R

ReVo

Thread Starter
Joined
Jul 27, 2005
Messages
18
Combofix log:

ComboFix 08-04-13.1 - Tom 2008-04-13 22:42:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.196 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Tom.COMPUTER\Mijn documenten\Set Up ALPHA\comp probs\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Tom.COMPUTER\err.log
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\geBtqNhH.dll
C:\WINDOWS\system32\nnnNfCro.dll
C:\WINDOWS\system32\orCfNnnn.ini
C:\WINDOWS\system32\orCfNnnn.ini2
C:\WINDOWS\system32\pmnmNgGy.dll
C:\WINDOWS\system32\ssqPiiiG.dll
C:\WINDOWS\system32\tnrkukow.ini
C:\WINDOWS\system32\urqPjHyy.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\win\nha-66-66.log
C:\WINDOWS\system32\win\screenshot9.bmp


(((((((((((((((((((( Bestanden Gemaakt van 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))


2008-04-13 21:51 . 2008-04-13 21:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 21:41 . 2008-04-13 22:19 <DIR> dr-h----- C:\Documents and Settings\Tom.COMPUTER\Onlangs geopend
2008-04-13 20:29 . 2008-04-13 21:44 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-13 20:14 . 2008-04-13 20:14 <DIR> d-------- C:\Documents and Settings\Tom.COMPUTER\Application Data\TmpRecentIcons
2008-04-13 19:50 . 2008-04-13 19:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ad Muncher
2008-04-13 18:59 . 2008-04-13 18:59 3,648 --a------ C:\WINDOWS\system32\keyvwulr.dll
2008-04-13 18:55 . 2008-04-13 19:21 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-04-13 18:52 . 2008-04-13 15:08 258,048 --a------ C:\WINDOWS\nslbvxpgrno.dll
2008-04-13 18:52 . 2008-04-13 15:08 151,552 --a------ C:\WINDOWS\sgoblxtm.dll
2008-04-13 18:52 . 2008-04-13 15:08 81,920 --a------ C:\WINDOWS\spnkfwad.exe
2008-04-13 18:51 . 2008-04-13 18:51 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\qtwbyxcx
2008-04-03 01:26 . 2008-04-03 01:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-27 21:49 . 2008-04-02 13:13 <DIR> d-------- C:\Program Files\Shockwave.com
2008-03-19 15:02 . 2008-03-27 21:49 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
2008-03-14 20:12 . 2008-04-11 22:37 <DIR> d-------- C:\Program Files\Xfire
2008-03-14 20:12 . 2008-04-13 18:45 <DIR> d-------- C:\Documents and Settings\Tom.COMPUTER\Application Data\Xfire

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 19:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 19:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-13 17:59 --------- d-----w C:\Program Files\Ad Muncher
2008-04-11 23:12 --------- d-----w C:\Documents and Settings\Tom.COMPUTER\Application Data\DMCache
2008-04-11 09:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-06 22:55 --------- d-----w C:\Program Files\mIRC
2008-04-04 20:43 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-04 12:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-02 18:26 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-31 18:00 --------- d-----w C:\Program Files\QuickTime
2008-03-23 13:51 --------- d-----w C:\Documents and Settings\Tom.COMPUTER\Application Data\uTorrent
2008-03-02 20:11 --------- d-----w C:\Program Files\PowerISO
2008-03-02 19:47 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-02 18:26 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-02 16:18 --------- d-----w C:\Program Files\MagicISO
2008-02-27 21:26 --------- d-----w C:\Documents and Settings\Tom.COMPUTER\Application Data\HLSW
2008-02-24 18:03 --------- d-----w C:\Program Files\Steam
2008-02-17 17:28 --------- d-----w C:\Documents and Settings\Tom.COMPUTER\Application Data\chatlog
2008-02-17 17:24 --------- d-s---w C:\Program Files\HLSW
2008-02-14 00:05 --------- d-----w C:\Program Files\WESTWOOD
2007-11-20 00:42 22,328 ----a-w C:\Documents and Settings\Tom.COMPUTER\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]
"uxmqfens"="C:\WINDOWS\system32\tsdqhabs.exe" [2008-04-13 22:48 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"P17Helper"="P17.dll" [2005-05-03 20:38 64512 C:\WINDOWS\system32\P17.dll]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 13:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"Telemeter 3.0"="C:\Program Files\Telemeter 3.0\telemeter3.exe" [2007-04-16 00:38 1441792]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-04-13 19:59 779776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"kn8Y4b6gsq"= C:\Documents and Settings\All Users.WINDOWS\Application Data\qtwbyxcx\yjilwdkn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBtqNhH]
geBtqNhH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 04:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-09-17 11:43 57344 C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A920]
--a------ 2003-06-02 20:22 270336 C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 15:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2005-05-31 02:04 1415824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"PnkBstrB"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"nHancer"=2 (0x2)
"iPod Service"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 12:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launcher.exe

.
Inhoud van de 'Gedeelde Taken' map
"2008-04-11 21:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 22:48:29
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2008-04-13 22:51:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 20:51:28
Pre-Run: 24,254,373,888 bytes beschikbaar
Post-Run: 24,576,745,472 bytes beschikbaar
.
2008-04-12 14:22:59 --- E O F ---
 
R

ReVo

Thread Starter
Joined
Jul 27, 2005
Messages
18
I still need help, there is this yilwdkn.exe that keeps starting itself up when I start my comp. Is there anyone here who will help me?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Total: 497 (members: 7, guests: 490)
Top