Yscbbmqx.dll[INACTIVE]


Recommended Posts

my Hijack this gives me this line

O4 - HKLM\..\Run: [bMab9a0b17] Rundll32.exe "C:\WINDOWS\system32\yscbbmqx.dll",s

I came blank on web serch for

yscbbmqx.dll

I have been getting recurrent infection, I run Malwarebytes and seems to clear most rederection than it comes back up within few days

can this be a virus and should i take it out?

Thanks

Peter <_<

Link to post
Share on other sites

Hello and Welcome to BT. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

From now on please post a full HJT log!

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

For more information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hi MoNsTeReNeRgY22 :)

as instructed here is the ComboFix log

one of the symptoms is a v. slow internet connection to popular sits like goggle .... it seems like the computer stops for 10-30s w/o loading the page or w/o me being able to stop loading or sometimes to control the window.

I run the combofix and Malwarebytes few days ago and thought it all was fixed as the redirections have disappeared, but within 2 days the total system slow down started... I hope you can help. how are u going about and analyzing the logs, what are u looking for? ( if the subject is not too complex to discuss here)

Thanks Again

Peter

ComboFix_log_03_14_08.txt

hijackthis03_14_08_log.txt

Link to post
Share on other sites
Hello again,

Please ignore the quote box, I had to use it due to a forum glitch.

Step 1

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - {A833239E-EB03-EEA7-5527-EA1BB20212B4} - (no file)

O2 - BHO: (no name) - {2408B62B-6DA1-4B96-88B7-0AC53EAC6537} - \C:\WINDOWS\system32\per6\pon89104.exe.dll (file missing)

O20 - Winlogon Notify: awtstsq - awtstsq.dll (file missing)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Step 2

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system32\WINCTL4.OCX

C:\WINDOWS\system32\WINUTIL5.DLL

C:\WINDOWS\system32\WINLCTL5.DLL

Folder::

C:\WINDOWS\system32\we2

C:\WINDOWS\system32\per6

C:\WINDOWS\system32\oxo4

C:\WINDOWS\system32\nap8

C:\WINDOWS\system32\def4

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

Step 3

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 4

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:

    • Extended (if available otherwise Standard)

    • Scan Options:

    • Scan Archives
      Scan Mail Bases

    [*]Click OK

    [*]Now under select a target to scan:

    • Select My Computer

    [*]This will program will start and scan your system.

    [*]The scan will take a while so be patient and let it run.

    [*]Once the scan is complete it will display if your system has been infected.

    • Now click on the Save as Text button:

    [*]Save the file to your desktop.

    [*]Copy and paste that information in your next post.

Edited by MoNsTeReNeRgY22
Link to post
Share on other sites
Guest
This topic is now closed to further replies.