Peter66
-
Content Count
5 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Peter66
-
-
my Hijack this gives me this line
O4 - HKLM\..\Run: [bMab9a0b17] Rundll32.exe "C:\WINDOWS\system32\yscbbmqx.dll",s
I came blank on web serch for
yscbbmqx.dll
I have been getting recurrent infection, I run Malwarebytes and seems to clear most rederection than it comes back up within few days
can this be a virus and should i take it out?
Thanks
Peter
-
That's good. Run MBAM as I posted before, and let's see if it picks anything up.
-Ryan
Hi Ryan
Sorry for the delay, I had a repeat of the previous issue, but after running the process again all seems to run fine
Thank you Again for your help
and thank you all the Techs for spending your time making our life easier
Peter
-
Welcome to BestTechie! I'm Ryan, and I'll be helping you clean your computer.
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.
Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
-Ryan
Hi Ryan
Thank you for help. here is the log
ps After I run the COmbofix prog first time ( just b4 my first post) the re-directions/popups have virtualy disapeared... just thought that might be important bit of info for you
anyway here is the log from a minute ago
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
-
I get redirected to different websits also it stalls and turns off my explore.exe Process. I run multiple scan: AVG, NOrton online, Winferno Spyware Scan Powered by McAfee, AdWare SpyWare Removal.. non of those was able to find the coprate
so plz help
I am running XP SP2
origin of problem ???
here are log files for hijack this and combofix
ComboFix 08-02-20.2 - pet 2008-02-20 11:32:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1347 [GMT -8:00]
Running from: D:\bit comet DL's\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\fccawuu.dll
C:\WINDOWS\system32\vtsqp.dll
C:\Program Files\Common Files\{38A93~1
C:\Program Files\Common Files\{38A93~1\toolbardll.lzma
C:\Program Files\Common Files\asks~1
C:\Temp\isgTi19
C:\WINDOWS\system32\fccawuu.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\pqstv.ini2
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\?racle\
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\vtsqp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CLIENT_IP-IPX
-------\Client IP-IPX
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.
2008-02-19 21:24 . 2008-02-19 21:25 <DIR> d-------- C:\Program Files\AdWare SpyWare Removal
2008-02-18 20:40 . 2008-02-18 20:40 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-18 20:38 . 2008-02-18 20:38 <DIR> d-------- C:\Program Files\Winferno
2008-02-18 20:38 . 2008-02-18 20:38 <DIR> d-------- C:\Program Files\Common Files\Winferno
2008-02-18 20:38 . 2006-10-09 13:28 835,584 --a------ C:\WINDOWS\system32\WINCTL4.OCX
2008-02-18 20:38 . 2006-10-09 14:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL
2008-02-18 20:38 . 2006-05-17 09:40 393,216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL
2008-02-17 23:37 . 2008-02-17 23:37 <DIR> d-------- C:\Documents and Settings\pet\Application Data\MSN6
2008-02-17 23:37 . 2008-02-17 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-10 02:01 . 2008-02-14 22:25 <DIR> d-------- C:\Program Files\FLT
2008-02-09 19:29 . 2008-02-09 19:29 <DIR> d-------- C:\Documents and Settings\pet\Application Data\Sibelius Software
2008-02-09 19:28 . 2008-02-09 19:28 <DIR> d-------- C:\Program Files\Sibelius Software
2008-02-04 13:16 . 2008-02-04 13:16 <DIR> d-------- C:\Program Files\RAR Password Cracker
2008-01-29 08:30 . 2008-01-29 08:30 <DIR> d-------- C:\Program Files\Encore Software
2008-01-20 17:54 . 2008-01-20 17:54 <DIR> d-------- C:\Program Files\Brighter Child
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 19:44 --------- d-----w C:\Documents and Settings\pet\Application Data\AVG7
2008-02-20 17:41 --------- d-----w C:\Program Files\Trend Micro
2008-02-10 17:03 --------- d-----w C:\Documents and Settings\pet\Application Data\dvdcss
2008-02-10 09:54 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-03 07:47 --------- d-----w C:\Program Files\Barbie
2008-01-29 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 03:27 --------- d-----w C:\Program Files\Creative
2008-01-21 00:43 --------- d-----w C:\Program Files\The Learning Company
2008-01-17 07:17 --------- d-----w C:\Program Files\Common Files\LizardTech Shared
2008-01-17 07:05 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-17 07:03 --------- d-----w C:\Documents and Settings\pet\Application Data\AVSMedia
2008-01-14 01:05 --------- d-----w C:\Program Files\Guitar Pro 5
2008-01-13 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-11 06:36 --------- d-----w C:\Documents and Settings\pet\Application Data\Creative
2008-01-11 04:52 --------- d-----w C:\Program Files\Audible
2008-01-11 04:50 --------- d--h--w C:\Program Files\Creative Installation Information
2007-12-25 21:30 --------- d-----w C:\Program Files\BitComet
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 14:43 413775]
"Exact Mouse"="C:\Program Files\Exact Mouse\ExactMouse.exe" [2004-02-01 22:05 402432]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-04-18 12:27 1724416]
"Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\monitor.exe" [2005-06-04 21:02 1064448]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"NWEReboot"="" []
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 23:26 406016]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 15:56 33280 C:\WINDOWS\system32\rundll32.exe]
"PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 19:09 40960]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-19 10:01 579072]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 15:56 33280 C:\WINDOWS\system32\rundll32.exe]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-27 18:33 57344]
"MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 03:45 53248]
"SoundMan"="SOUNDMAN.EXE" [2003-02-09 23:59 47104 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"WinfernoUpdate"="C:\Program Files\Common Files\Winferno\WSCUpdtr.exe" [2007-03-04 10:47 1482752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 01:42 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-03-07 23:13:28 25214]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 110592]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-01 07:33:41 118784]
Directrec Configuration Tool.lnk - C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe [2007-10-01 07:33:42 122880]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [2006-12-26 22:55:16 323584]
S3 PDEXLOCK;PDEXLOCK;C:\WINDOWS\inf\pdexlock.inf [2007-06-24 10:45]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-16 23:05:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-20 19:43:40 C:\WINDOWS\Tasks\SpyScan.job"
- C:\Program Files\Winferno\SpywareScan\SpyScan.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 11:44:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2894]
-> C:\Program Files\Atomic Alarm Clock\Clock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Voicent\Gateway\bin\vgate.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Voicent\Gateway\bin\spengine.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-02-20 11:46:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 19:46:56
********************************************************************************
*********************************************************************************
*********************************************************************************
*********************************************************************************
*
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:24 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Voicent\Gateway\bin\vgate.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\Program Files\Voicent\Gateway\bin\spengine.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stockcharts.com/def/servlet/SC.scan
R3 - URLSearchHook: (no name) - {A833239E-EB03-EEA7-5527-EA1BB20212B4} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe
O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinfernoUpdate] "C:\Program Files\Common Files\Winferno\WSCUpdtr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Exact Mouse] C:\Program Files\Exact Mouse\ExactMouse.exe
O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\monitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe
O9 - Extra 'Tools' menuitem: Spyware Scan - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe
O9 - Extra button: Spyware Scan - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147154014343
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147153990812
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/4.2.04.18/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...233/mcfscan.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://G:\CDVIEWER\CdViewer.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\System32\ofps.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Voicent Gateway (VoicentGateway) - Voicent Communications, Inc - C:\Program Files\Voicent\Gateway\bin\vgate.exe
--
End of file - 13024 bytes
Yscbbmqx.dll[INACTIVE]
in Malware Removal
Posted
Hi MoNsTeReNeRgY22
as instructed here is the ComboFix log
one of the symptoms is a v. slow internet connection to popular sits like goggle .... it seems like the computer stops for 10-30s w/o loading the page or w/o me being able to stop loading or sometimes to control the window.
I run the combofix and Malwarebytes few days ago and thought it all was fixed as the redirections have disappeared, but within 2 days the total system slow down started... I hope you can help. how are u going about and analyzing the logs, what are u looking for? ( if the subject is not too complex to discuss here)
Thanks Again
Peter
ComboFix_log_03_14_08.txt
hijackthis03_14_08_log.txt