Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Downloader/trojan.metajuan/trojan.vundo


  • This topic is locked This topic is locked
2 replies to this topic

#1 red hydra222

red hydra222

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 24 April 2008 - 09:32 PM

A couple days I go, I got infected by a trojan.vundo (I think). Now all these pop ups and misleading applications appear randomly, even if i have my pop up blocker on and the windows firewall. My symantec norton anti virus blocked and managed to get rid of it but in the end, the virus, bug, or whatever it is keeps on comming back. And after I scanned my computer, the pop ups still appear (not sure if they are even pop ups since the "advertisement" opens up on another internet explorer browser). I'm beginning to have trouble loading websites and such, even though my internet is working fine; I'm having trouble posting here and loading the page too =\

Any help would be appreciated. Thanks.
Posted Image


Deckard's System Scanner v20071014.68
Run by admin on 2008-04-24 16:58:37
Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-04-24 23:59:01 UTC - RP351 - Deckard's System Scanner Restore Point
60: 2008-04-24 04:43:44 UTC - RP350 - Last known good configuration
59: 2008-04-24 04:43:38 UTC - RP349 - Removed Adobe Photoshop CS2
58: 2008-04-24 04:43:38 UTC - RP348 - Last known good configuration
57: 2008-04-24 04:43:38 UTC - RP347 - Last known good configuration


-- First Restore Point --
1: 2008-04-24 04:43:35 UTC - RP291 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-24 17:06:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LexmarkX73\ACMonitor_X73.exe
C:\Program Files\LexmarkX73\AcBtnMgr_X73.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\USB Sharing\usbshare.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\USBSW\usbsw_eng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Norton AntiVirus\Navw32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\17PHolmes572.exe
C:\Program Files\Svconr\Svconr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\admin\Desktop\dss.exe
C:\WINDOWS\system32\igfxsrvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {3C2F964B-6E8A-4D69-8262-543DDDE18211} - C:\WINDOWS\system32\ddcYsPhI.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {eef4fa6a-d3f5-031a-bcc4-41c7612ff7c6} - {6c7ff216-7c14-4ccb-a130-5f3da6af4fee} - C:\WINDOWS\system32\aleaonps.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\ssqnkif.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {E1822020-1D85-4F51-B65F-ACBF7B18CD35} - C:\WINDOWS\system32\ddaba.dll (file missing)
O2 - BHO: (no name) - {E74A1F14-B6F3-412D-8933-B2ED3D4F740B} - C:\WINDOWS\system32\geBststS.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\ssqOHYrQ.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AT&T Yahoo! Dial Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
O4 - HKLM\..\Run: [BM0f1cc387] Rundll32.exe "C:\WINDOWS\system32\ytdcapqf.dll",s
O4 - HKLM\..\Run: [0c2ff01b] rundll32.exe "C:\WINDOWS\system32\wwmgokfg.dll",b
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - Startup: USB Switch Control.lnk = ?
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = ?
O4 - Global Startup: USB Sharing.lnk = C:\Program Files\USB Sharing\usbshare.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm047YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} (SESSearchCtrl Class) - file://D:\search\ses_ocx\sessearch.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: ssqnkif - C:\WINDOWS\system32\ssqnkif.dll (file missing)
O20 - Winlogon Notify: ssqOHYrQ - C:\WINDOWS\system32\ssqOHYrQ.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dkab_device - Dell - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPcservice.exe


--
End of file - 13724 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S2 LXARScan (Lexmark X73 MFP Scanner) - c:\windows\system32\drivers\lxarscan.sys <Not Verified; ; USB Scanner Driver>
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R3 dkab_device - c:\windows\system32\dkabcoms.exe -service <Not Verified; Dell; Dell Communication System>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-24 17:00:26 438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-21 20:00:06 572 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - admin.job
2008-03-28 13:40:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-05-02 18:45:59 372 --a------ C:\WINDOWS\Tasks\RegCure.job


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2100-02-23 14:35:34 768 --a------ C:\WINDOWS\x73_lut.dat
2100-02-23 14:35:34 768 --a------ C:\Program Files\x73_lut.dat
2100-02-08 16:03:54 53248 --a------ C:\Program Files\ACMonitor_X73.exe <Not Verified; Silitek Corp.; ACMonitor>
2008-04-24 16:38:05 0 d-------- C:\Program Files\Svconr
2008-04-24 16:38:04 0 d-------- C:\Program Files\Temporary
2008-04-24 16:33:07 37888 --a------ C:\WINDOWS\system32\nnnmmmJB.dll
2008-04-24 16:29:05 0 d-------- C:\WINDOWS\system32\pnVes01
2008-04-24 16:29:01 37888 --a------ C:\WINDOWS\system32\khfEUoNh.dll
2008-04-23 23:04:24 89152 --a------ C:\WINDOWS\system32\wwmgokfg.dll
2008-04-23 23:01:20 93248 --a------ C:\WINDOWS\system32\aleaonps.dll
2008-04-23 22:59:09 95808 --a------ C:\WINDOWS\system32\ytdcapqf.dll
2008-04-23 21:46:28 89152 -----n--- C:\WINDOWS\system32\xtxsjorq.dll
2008-04-23 21:44:25 93248 --a------ C:\WINDOWS\system32\knjeeldv.dll
2008-04-23 21:44:18 95808 --a------ C:\WINDOWS\system32\yuhcipbd.dll
2008-04-23 21:43:21 272384 -----n--- C:\WINDOWS\system32\qoMfgDVO.dll
2008-04-23 19:57:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBC Yahoo!
2008-04-23 19:31:33 89152 -----n--- C:\WINDOWS\system32\eatjvgwk.dll
2008-04-23 19:28:41 93248 --a------ C:\WINDOWS\system32\wepaggfj.dll
2008-04-23 19:28:34 95808 --a------ C:\WINDOWS\system32\hrevygxd.dll
2008-04-23 18:54:24 93248 --a------ C:\WINDOWS\system32\yslkdgqk.dll
2008-04-23 18:52:46 95808 --a------ C:\WINDOWS\system32\rppvbehv.dll
2008-04-22 21:16:56 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-04-22 19:43:59 97856 --a------ C:\WINDOWS\system32\mknbqoln.dll
2008-04-22 19:42:33 423997 --ahs---- C:\WINDOWS\system32\IhPsYcdd.ini2
2008-04-22 19:42:23 272384 --a------ C:\WINDOWS\system32\ddcYsPhI.dll
2008-04-22 19:28:10 97856 --a------ C:\WINDOWS\system32\mbitpkrd.dll
2008-04-22 19:26:02 419551 --ahs---- C:\WINDOWS\system32\StstsBeg.ini2
2008-04-22 19:25:50 272384 --a------ C:\WINDOWS\system32\geBststS.dll
2008-04-22 19:05:45 97856 --a------ C:\WINDOWS\system32\eeriirqo.dll
2008-04-21 18:57:25 272896 -----n--- C:\WINDOWS\system32\hgGaaAPi.dll
2008-04-21 18:57:13 39936 --a------ C:\WINDOWS\system32\wvUNDUkl.dll
2008-04-21 18:52:46 37376 --a------ C:\WINDOWS\mrofinu572.exe
2008-04-21 18:52:18 0 d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 18:52:15 39936 --a------ C:\WINDOWS\system32\ssqOHYrQ.dll


-- Find3M Report ---------------------------------------------------------------

2008-04-23 22:45:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-23 19:39:33 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-04-23 19:39:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-22 21:16:57 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-22 21:16:52 0 d-------- C:\Program Files\Yahoo!
2008-03-30 20:05:34 0 d-------- C:\Documents and Settings\admin\Application Data\Yahoo!
2008-03-30 16:55:32 0 d-------- C:\Documents and Settings\admin\Application Data\AdobeUM
2008-03-11 20:40:09 0 d-------- C:\Documents and Settings\admin\Application Data\Opera
2008-03-08 23:31:10 0 d-------- C:\Program Files\Common Files
2008-03-08 23:31:10 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c7ff216-7c14-4ccb-a130-5f3da6af4fee}]
04/23/2008 11:01 PM 93248 --a------ C:\WINDOWS\system32\aleaonps.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}]
C:\WINDOWS\system32\ssqnkif.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A026C707-23B4-4A3F-818D-CEDA83350C06}]
04/22/2008 07:42 PM 272384 --a------ C:\WINDOWS\system32\ddcYsPhI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1822020-1D85-4F51-B65F-ACBF7B18CD35}]
C:\WINDOWS\system32\ddaba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E74A1F14-B6F3-412D-8933-B2ED3D4F740B}]
04/22/2008 07:25 PM 272384 --a------ C:\WINDOWS\system32\geBststS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
04/21/2008 06:52 PM 39936 --a------ C:\WINDOWS\system32\ssqOHYrQ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 05:20 PM C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [07/26/2006 04:03 AM]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [05/16/2006 06:50 PM]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" [04/19/2007 03:17 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [04/19/2007 03:17 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [01/14/2007 12:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"Lexmark X73 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe" [10/08/2001 04:21 PM]
"Lexmark X73 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe" [07/11/2001 12:08 PM]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [10/12/2001 12:42 AM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [12/10/2003 04:52 AM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [06/26/2007 01:48 PM]
"YPC"="C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe" [02/11/2005 06:14 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 08:51 PM]
"AT&T Yahoo! Dial Connection Manager"="C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [05/11/2007 01:07 PM]
"BM0f1cc387"="C:\WINDOWS\system32\ytdcapqf.dll" [04/23/2008 10:59 PM]
"0c2ff01b"="C:\WINDOWS\system32\wwmgokfg.dll" [04/23/2008 11:04 PM]
"runner1"="C:\WINDOWS\mrofinu572.exe" [04/24/2008 04:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [05/16/2006 06:51 PM]
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" [04/19/2007 03:17 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/26/2007 01:29 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [04/24/2008 04:38 PM]

C:\Documents and Settings\admin\Start Menu\Programs\Startup\
USB Switch Control.lnk - C:\Documents and Settings\admin\Application Data\Microsoft\Installer\{0051A2E7-C384-42E9-97D0-F0BF8579ED94}\_4595F6D7726F_4956_9B2C_996CBE5A31B5.exe [5/6/2007 2:59:05 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [9/13/2007 9:09:43 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [11/26/2007 1:29:16 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12/15/2005 1:00:54 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/25/2006 9:34:21 AM]
USB Sharing.lnk - C:\Program Files\USB Sharing\usbshare.exe [10/20/2006 9:08:48 AM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [8/17/2007 1:20:06 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}"= C:\WINDOWS\system32\ssqnkif.dll [ ]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\ssqOHYrQ.dll [04/21/2008 06:52 PM 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnkif]
ssqnkif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOHYrQ]
ssqOHYrQ.dll 04/21/2008 06:52 PM 39936 C:\WINDOWS\system32\ssqOHYrQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcYsPhI




-- End of Deckard's System Scanner: finished at 2008-04-24 17:08:32 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: IntelŪ PentiumŪ 4 CPU 3.00GHz
CPU 1: IntelŪ PentiumŪ 4 CPU 3.00GHz
Percentage of Memory in Use: 85%
Physical Memory (total/avail): 502.07 MiB / 72.92 MiB
Pagefile Memory (total/avail): 1227.32 MiB / 409.87 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.53 MiB

C: is Fixed (NTFS) - 74.47 GiB total, 56.44 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST3808110AS - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:

Edited by red hydra222, 24 April 2008 - 09:51 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 25 April 2008 - 12:31 PM

Hi,

Please uninstall MyWebSearch via software > add & remove programs.

Reboot afterwards.

After reboot, * Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 03 May 2008 - 12:40 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users