Sponsored By

Peter66

Members
  • Content Count

    5
  • Joined

  • Last visited

Everything posted by Peter66

  1. I get redirected to different websits also it stalls and turns off my explore.exe Process. I run multiple scan: AVG, NOrton online, Winferno Spyware Scan Powered by McAfee, AdWare SpyWare Removal.. non of those was able to find the coprate so plz help I am running XP SP2 origin of problem ??? here are log files for hijack this and combofix ComboFix 08-02-20.2 - pet 2008-02-20 11:32:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1347 [GMT -8:00] Running from: D:\bit comet DL's\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\fccawuu.dll C:\WINDOWS\system32\vtsqp.dll C:\Program Files\Common Files\{38A93~1 C:\Program Files\Common Files\{38A93~1\toolbardll.lzma C:\Program Files\Common Files\asks~1 C:\Temp\isgTi19 C:\WINDOWS\system32\fccawuu.dll C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\pqstv.ini2 C:\WINDOWS\system32\racle~1 C:\WINDOWS\system32\racle~1\?racle\ C:\WINDOWS\system32\uninstall.exe C:\WINDOWS\system32\unsvchosts.lzma C:\WINDOWS\system32\vtsqp.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CLIENT_IP-IPX -------\Client IP-IPX ((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))) . 2008-02-19 21:24 . 2008-02-19 21:25 <DIR> d-------- C:\Program Files\AdWare SpyWare Removal 2008-02-18 20:40 . 2008-02-18 20:40 <DIR> d-------- C:\WINDOWS\McAfee.com 2008-02-18 20:38 . 2008-02-18 20:38 <DIR> d-------- C:\Program Files\Winferno 2008-02-18 20:38 . 2008-02-18 20:38 <DIR> d-------- C:\Program Files\Common Files\Winferno 2008-02-18 20:38 . 2006-10-09 13:28 835,584 --a------ C:\WINDOWS\system32\WINCTL4.OCX 2008-02-18 20:38 . 2006-10-09 14:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL 2008-02-18 20:38 . 2006-05-17 09:40 393,216 --a------ C:\WINDOWS\system32\WINLCTL5.DLL 2008-02-17 23:37 . 2008-02-17 23:37 <DIR> d-------- C:\Documents and Settings\pet\Application Data\MSN6 2008-02-17 23:37 . 2008-02-17 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6 2008-02-10 02:01 . 2008-02-14 22:25 <DIR> d-------- C:\Program Files\FLT 2008-02-09 19:29 . 2008-02-09 19:29 <DIR> d-------- C:\Documents and Settings\pet\Application Data\Sibelius Software 2008-02-09 19:28 . 2008-02-09 19:28 <DIR> d-------- C:\Program Files\Sibelius Software 2008-02-04 13:16 . 2008-02-04 13:16 <DIR> d-------- C:\Program Files\RAR Password Cracker 2008-01-29 08:30 . 2008-01-29 08:30 <DIR> d-------- C:\Program Files\Encore Software 2008-01-20 17:54 . 2008-01-20 17:54 <DIR> d-------- C:\Program Files\Brighter Child . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-20 19:44 --------- d-----w C:\Documents and Settings\pet\Application Data\AVG7 2008-02-20 17:41 --------- d-----w C:\Program Files\Trend Micro 2008-02-10 17:03 --------- d-----w C:\Documents and Settings\pet\Application Data\dvdcss 2008-02-10 09:54 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-02-03 07:47 --------- d-----w C:\Program Files\Barbie 2008-01-29 16:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-26 03:27 --------- d-----w C:\Program Files\Creative 2008-01-21 00:43 --------- d-----w C:\Program Files\The Learning Company 2008-01-17 07:17 --------- d-----w C:\Program Files\Common Files\LizardTech Shared 2008-01-17 07:05 --------- d-----w C:\Program Files\Common Files\AVSMedia 2008-01-17 07:03 --------- d-----w C:\Documents and Settings\pet\Application Data\AVSMedia 2008-01-14 01:05 --------- d-----w C:\Program Files\Guitar Pro 5 2008-01-13 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative 2008-01-11 06:36 --------- d-----w C:\Documents and Settings\pet\Application Data\Creative 2008-01-11 04:52 --------- d-----w C:\Program Files\Audible 2008-01-11 04:50 --------- d--h--w C:\Program Files\Creative Installation Information 2007-12-25 21:30 --------- d-----w C:\Program Files\BitComet . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2003-04-22 14:43 413775] "Exact Mouse"="C:\Program Files\Exact Mouse\ExactMouse.exe" [2004-02-01 22:05 402432] "SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-04-18 12:27 1724416] "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\monitor.exe" [2005-06-04 21:02 1064448] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328] "NWEReboot"="" [] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2004-03-10 23:26 406016] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 15:56 33280 C:\WINDOWS\system32\rundll32.exe] "PDF4 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" [2006-08-22 19:09 40960] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-19 10:01 579072] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 15:56 33280 C:\WINDOWS\system32\rundll32.exe] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-27 18:33 57344] "MediaFace Integration"="C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe" [2005-03-28 03:45 53248] "SoundMan"="SOUNDMAN.EXE" [2003-02-09 23:59 47104 C:\WINDOWS\SOUNDMAN.EXE] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "WinfernoUpdate"="C:\Program Files\Common Files\Winferno\WSCUpdtr.exe" [2007-03-04 10:47 1482752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 01:42 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-03-07 23:13:28 25214] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 110592] Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-01 07:33:41 118784] Directrec Configuration Tool.lnk - C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe [2007-10-01 07:33:42 122880] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [2006-12-26 22:55:16 323584] S3 PDEXLOCK;PDEXLOCK;C:\WINDOWS\inf\pdexlock.inf [2007-06-24 10:45] . Contents of the 'Scheduled Tasks' folder "2008-02-16 23:05:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-20 19:43:40 C:\WINDOWS\Tasks\SpyScan.job" - C:\Program Files\Winferno\SpywareScan\SpyScan.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-20 11:44:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2894] -> C:\Program Files\Atomic Alarm Clock\Clock.dll . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Olympus\DeviceDetector\DM1Service.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Voicent\Gateway\bin\vgate.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Program Files\Voicent\Gateway\bin\spengine.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\Program Files\MSN Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2008-02-20 11:46:59 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-20 19:46:56 ******************************************************************************** ********************************************************************************* ********************************************************************************* ********************************************************************************* * Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:24 PM, on 2/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Olympus\DeviceDetector\DM1Service.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Voicent\Gateway\bin\vgate.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\Program Files\Voicent\Gateway\bin\spengine.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stockcharts.com/def/servlet/SC.scan R3 - URLSearchHook: (no name) - {A833239E-EB03-EEA7-5527-EA1BB20212B4} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\System32\PSDrvCheck.exe" -CheckReg O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe" O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinfernoUpdate] "C:\Program Files\Common Files\Winferno\WSCUpdtr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Exact Mouse] C:\Program Files\Exact Mouse\ExactMouse.exe O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2005 version 7\monitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe O9 - Extra 'Tools' menuitem: Spyware Scan - {60AFE1CD-9BA1-47AC-929C-484FBA08DF62} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe O9 - Extra button: Spyware Scan - {C7112EF1-D5B6-421D-8F58-8FA63AB144F8} - C:\Program Files\Winferno\SpywareScan\SpyScan.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.69.85.208/mgaxctrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147154014343 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147153990812 O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/4.2.04.18/Control/IRCSharc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...233/mcfscan.cab O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://G:\CDVIEWER\CdViewer.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\System32\ofps.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Voicent Gateway (VoicentGateway) - Voicent Communications, Inc - C:\Program Files\Voicent\Gateway\bin\vgate.exe -- End of file - 13024 bytes
  2. Peter66

    Yscbbmqx.dll[INACTIVE]

    my Hijack this gives me this line O4 - HKLM\..\Run: [bMab9a0b17] Rundll32.exe "C:\WINDOWS\system32\yscbbmqx.dll",s I came blank on web serch for yscbbmqx.dll I have been getting recurrent infection, I run Malwarebytes and seems to clear most rederection than it comes back up within few days can this be a virus and should i take it out? Thanks Peter
  3. Peter66

    Yscbbmqx.dll[INACTIVE]

    Hi MoNsTeReNeRgY22 as instructed here is the ComboFix log one of the symptoms is a v. slow internet connection to popular sits like goggle .... it seems like the computer stops for 10-30s w/o loading the page or w/o me being able to stop loading or sometimes to control the window. I run the combofix and Malwarebytes few days ago and thought it all was fixed as the redirections have disappeared, but within 2 days the total system slow down started... I hope you can help. how are u going about and analyzing the logs, what are u looking for? ( if the subject is not too complex to discuss here) Thanks Again Peter ComboFix_log_03_14_08.txt hijackthis03_14_08_log.txt
  4. Peter66

    I Have Been Hijacked[RESOLVED]

    Hi Ryan Sorry for the delay, I had a repeat of the previous issue, but after running the process again all seems to run fine Thank you Again for your help and thank you all the Techs for spending your time making our life easier Peter
  5. Peter66

    I Have Been Hijacked[RESOLVED]

    Hi Ryan Thank you for help. here is the log ps After I run the COmbofix prog first time ( just b4 my first post) the re-directions/popups have virtualy disapeared... just thought that might be important bit of info for you anyway here is the log from a minute ago WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons