Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dll and BHO that will not go away


  • This topic is locked This topic is locked
2 replies to this topic

#1 neelhow

neelhow

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 05 May 2009 - 03:21 PM

I had an issue with a rogue AV program. I ran malwarebytes and it seems to have cleaned it up for the most part. However, it keeps finding the same dll uscyjax.dll and BHOs. I have searched in the location that MB says that it exist but can find no such file.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jodie Faircloth at 16:05:52.19 on Tue 05/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.572 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Jodie Faircloth\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: : {04d53fde-ba41-45a2-8be4-070fdab006bb} - c:\windows\system32\uscyjax.dll
BHO: {04D53FDE-BA41-45A2-8BE4-070FDAB006BB}000 - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 uovwqqql;uovwqqql;c:\windows\system32\drivers\uovwqqql.sys [2005-8-16 23424]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-2 124832]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2009-05-05 10:29 <DIR> --d----- c:\windows\pss
2009-05-05 09:18 0 a------- C:\20090505131827015.loc
2009-05-04 17:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-04 17:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-04 17:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-04 15:18 0 a------- C:\20090504191832859.loc
2009-05-04 13:33 0 a------- C:\20090504173350890.loc
2009-05-04 09:22 0 a------- C:\20090504132207078.loc
2009-04-29 15:14 0 a------- C:\20090429191425046.loc
2009-04-29 15:13 0 a------- C:\20090429191356843.loc
2009-04-29 15:13 0 a------- C:\20090429191325843.loc
2009-04-29 15:11 0 a------- C:\20090429191123625.loc
2009-04-29 14:54 <DIR> --dsh--- C:\!Submit
2009-04-29 14:20 0 a------- C:\20090429182005046.loc
2009-04-29 12:30 0 a------- C:\20090429163017000.loc
2009-04-29 09:36 <DIR> --d----- c:\docume~1\jodief~1\applic~1\gydtwkpe
2009-04-17 20:00 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-17 20:00 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-17 20:00 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-17 20:00 401,408 a------- c:\windows\system32\SET2DB.tmp
2009-04-17 20:00 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-17 20:00 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-17 20:00 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 20:00 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-17 20:00 617,984 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-17 20:00 715,264 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-17 19:59 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 19:59 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-03-21 10:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:00 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 18:31 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 06:19 1,846,272 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 06:01 728,576 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:01 617,984 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:01 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:01 728,576 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 06:01 715,264 a------- c:\windows\system32\ntdll.dll
2009-02-06 06:32 2,186,112 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 06:29 2,142,720 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:29 2,142,720 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 06:22 110,592 a------- c:\windows\system32\services.exe
2009-02-06 05:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 05:49 2,020,864 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 05:49 2,020,864 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 05:49 2,062,976 -------- c:\windows\system32\dllcache\ntkrnlpa.exe

============= FINISH: 16:06:26.41 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 neelhow

neelhow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 08 May 2009 - 09:46 AM

Solved.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:21 PM

Posted 14 May 2009 - 10:21 PM

Thank you for letting us know. This topic shall now be closed. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users