Tech Support Forum banner
Cancel

Security toolbar.on xphome os Thank you

Jump to Latest Follow
Status
Not open for further replies.
1 - 4 of 4 Posts
S

· Premium Member
Joined
·
17 Posts
Discussion Starter · #1 ·
What an exhausting mess this one is. I love this site you guys are great.



Deckard's System Scanner v20071014.68
Run by Nikki on 2007-11-16 21:18:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.40GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 254 MiB / 64.79 MiB
Pagefile Memory (total/avail): 620.79 MiB / 361.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.8 MiB

C: is Fixed (NTFS) - 34.36 GiB total, 17.93 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 3 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 34.36 GiB - C:
\PARTITION2 - Unknown - 2.85 GiB

-- Last 5 Restore Point(s) --
89: 2007-11-17 05:18:25 UTC - RP723 - Deckard's System Scanner Restore Point
88: 2007-11-17 01:56:25 UTC - RP722 - Last known good configuration
87: 2007-11-17 01:55:36 UTC - RP721 - System Checkpoint
86: 2007-11-17 01:55:33 UTC - RP720 - System Checkpoint
85: 2007-11-17 01:55:33 UTC - RP719 - System Checkpoint


-- First Restore Point --
1: 2007-11-17 01:54:17 UTC - RP635 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Nikki.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:03 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Nikki\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nikki.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: {b196b0a9-1ce1-ed2a-9914-aa7793ff8da0} - {0ad8ff39-77aa-4199-a2de-1ec19a0b691b} - (no file)
O2 - BHO: (no name) - {337DC2FE-D192-44D9-8954-79017AB2E5CD} - C:\WINDOWS\system32\ssqpo.dll
O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqpmll.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hnkbzmqj.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hnkbzmqj.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [a0a01f7c] rundll32.exe "C:\WINDOWS\system32\apbtmyuc.dll",b
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: hnkbzmqj - hnkbzmqj.dll (file missing)
O20 - Winlogon Notify: ssqpmll - ssqpmll.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 5289 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071116-173325-308 O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hnkbzmqj.dll
backup-20071116-173325-450 O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqpmll.dll
backup-20071116-173326-124 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hnkbzmqj.dll
backup-20071116-173326-467 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
backup-20071116-173326-564 O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
backup-20071116-173326-574 O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
backup-20071116-173326-916 O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
backup-20071116-173327-669 O20 - Winlogon Notify: hnkbzmqj - C:\WINDOWS\SYSTEM32\hnkbzmqj.dll
backup-20071116-173329-366 O20 - Winlogon Notify: ssqpmll - C:\WINDOWS\SYSTEM32\ssqpmll.dll
backup-20071116-173402-576 O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqpmll.dll
backup-20071116-173402-818 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
backup-20071116-173403-639 O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hnkbzmqj.dll
backup-20071116-182543-667 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
backup-20071116-182544-150 O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\ssqpmll.dll
backup-20071116-182544-308 O2 - BHO: {b196b0a9-1ce1-ed2a-9914-aa7793ff8da0} - {0ad8ff39-77aa-4199-a2de-1ec19a0b691b} - C:\WINDOWS\system32\kejshogw.dll (file missing)
backup-20071116-182546-648 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20071116-182546-850 O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
backup-20071116-182546-965 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hnkbzmqj.dll
backup-20071116-182546-967 O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\hnkbzmqj.dll
backup-20071116-182558-730 O20 - Winlogon Notify: hnkbzmqj - C:\WINDOWS\SYSTEM32\hnkbzmqj.dll
backup-20071116-182610-910 O20 - Winlogon Notify: ssqpmll - C:\WINDOWS\SYSTEM32\ssqpmll.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee Security; McAfee Personal Firewall Plus>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
R3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 WMP11V27 (Instant Wireless PCI Card V2.7 Driver) - c:\windows\system32\drivers\wmp11v27.sys <Not Verified; The Linksys Group, Inc; Instant Wireless PCI Card>

S3 catchme - c:\docume~1\nikki\locals~1\temp\catchme.sys (file missing)
S3 DRAWWAN - c:\docume~1\nikki\locals~1\temp\drawwan.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 TnIDriver - c:\docume~1\nikki\locals~1\temp\tni8.tmp (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2007-11-16 21:01:42 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (NIKKI1-Nikki).job
2007-10-10 06:26:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-16 and 2007-11-16 -----------------------------

2007-11-16 21:08:04 0 d-------- C:\ie-spyad_zo
2007-11-16 20:57:53 0 d-------- C:\qrnt
2007-11-16 19:04:16 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-11-16 19:04:06 0 d-------- C:\Program Files\SpywareBlaster
2007-11-16 17:53:49 6684 --ahs---- C:\WINDOWS\system32\opqss.ini2
2007-11-16 17:53:32 320096 --a------ C:\WINDOWS\system32\ssqpo.dll
2007-11-06 13:26:44 1678 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-05 21:38:01 0 d-------- C:\Program Files\Trend Micro
2007-11-05 20:47:29 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-05 19:08:56 0 d-------- C:\Program Files\Lavasoft
2007-11-05 19:08:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-05 19:06:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-05 18:16:15 85568 --a------ C:\WINDOWS\system32\apbtmyuc.dll
2007-11-04 08:52:13 78912 --a------ C:\WINDOWS\system32\lmuqclxt.dll
2007-11-04 08:43:42 340032 --a------ C:\WINDOWS\system32\nwcnuftq.dll
2007-11-03 15:55:42 36352 --a------ C:\WINDOWS\system32\opnopqq.dll
2007-11-03 15:47:44 36352 --a------ C:\WINDOWS\system32\fccabcc.dll
2007-11-03 15:41:11 36352 --a------ C:\WINDOWS\system32\pmnmnom.dll
2007-11-03 15:31:20 36352 --a------ C:\WINDOWS\system32\mljkife.dll
2007-11-03 15:25:08 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-03 15:24:49 36352 --a------ C:\WINDOWS\system32\tuvvuvw.dll
2007-11-03 15:24:49 36352 --a------ C:\WINDOWS\system32\jkkjjgg.dll
2007-11-03 15:07:08 0 d-------- C:\WINDOWS\system32\Mz08r
2007-11-03 15:07:08 0 d-------- C:\Temp
2007-10-28 15:26:56 0 d-------- C:\Documents and Settings\Nikki\Application Data\MySpace
2007-10-28 15:26:50 0 d-------- C:\Program Files\MySpace


-- Find3M Report ---------------------------------------------------------------

2007-11-06 15:24:21 0 d-------- C:\Documents and Settings\Nikki\Application Data\Yahoo!
2007-11-05 20:30:48 0 d-------- C:\Program Files\Google
2007-11-05 19:23:25 0 d-------- C:\Program Files\Common Files
2007-11-05 18:37:08 0 d-------- C:\Program Files\McAfee.com


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ad8ff39-77aa-4199-a2de-1ec19a0b691b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{337DC2FE-D192-44D9-8954-79017AB2E5CD}]
11/16/2007 05:53 PM 320096 --a------ C:\WINDOWS\system32\ssqpo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
C:\WINDOWS\system32\ssqpmll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
C:\WINDOWS\system32\hnkbzmqj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [10/03/2006 10:04 AM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 11:05 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [09/22/2005 05:29 PM]
"a0a01f7c"="C:\WINDOWS\system32\apbtmyuc.dll" [11/05/2007 06:16 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [07/01/2004 03:15 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/17/2004 04:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/11/2007 05:16 PM]

C:\Documents and Settings\Nikki\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]
Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2/26/2005 9:18:31 PM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [10/3/2006 10:04:38 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\ssqpmll.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hnkbzmqj]
hnkbzmqj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpmll]
ssqpmll.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-11-16 21:22:20 ------------

Thank you for your time and expertise! Ill check back often!:pray:
 
Aaflac

· TSF-Enthusiast
Joined
·
923 Posts
#2 ·
Please download the following to the Desktop: VundoFix.exe
* Double-click VundoFix.exe to run it
* Click: Scan for Vundo
* Once done scanning, click: Remove Vundo
* A prompt asking if you want to remove the files appears, click: Yes
* The Desktop goes blank as it starts removing Vundo.
* When completed, a prompt to shutdown the computer appears, click OK
* Turn the computer back on.

A log is created and found in C:\vundofix.txt

~~~~
Also run Dechard's System Scanner (DSS) once again, to obtain a new main.txt

~~~~
Please post the C:\vundofix.txt, as well as a new DSS main.txt in your reply.
 
S

· Premium Member
Joined
·
17 Posts
Discussion Starter · #3 ·
it seems to have worked...I had vundo files in there....
Is it gone? Again you guys rock!


Deckard's System Scanner v20071014.68
Run by Nikki on 2007-11-21 11:20:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Nikki.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:01 AM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\Nikki\Desktop\virusstuff\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Nikki.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {59390F67-B669-4BB2-B88E-47BCE1F7694F} - C:\WINDOWS\system32\ssqpo.dll (file missing)
O2 - BHO: {c7c1aee1-f601-1c58-da44-0705d1f9547c} - {c7459f1d-5070-44ad-85c1-106f1eea1c7c} - C:\WINDOWS\system32\aiyfdpgh.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [a0a01f7c] rundll32.exe "C:\WINDOWS\system32\nnslnswc.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ssqpmll - ssqpmll.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 5324 bytes

-- Files created between 2007-10-21 and 2007-11-21 -----------------------------

2007-11-21 10:59:58 0 d-------- C:\VundoFix Backups
2007-11-20 17:33:01 85056 --a------ C:\WINDOWS\system32\nnslnswc.dll
2007-11-20 17:27:01 84544 --a------ C:\WINDOWS\system32\aiyfdpgh.dll
2007-11-19 14:17:25 83008 --a------ C:\WINDOWS\system32\tfkyfkkp.dll
2007-11-18 11:31:25 79424 --a------ C:\WINDOWS\system32\atymirsp.dll
2007-11-17 11:24:39 82496 --a------ C:\WINDOWS\system32\oiuwkatj.dll
2007-11-16 21:08:04 0 d-------- C:\ie-spyad_zo
2007-11-16 20:57:53 0 d-------- C:\qrnt
2007-11-16 19:04:16 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2007-11-16 19:04:06 0 d-------- C:\Program Files\SpywareBlaster
2007-11-06 13:26:44 1678 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-05 21:38:01 0 d-------- C:\Program Files\Trend Micro
2007-11-05 20:47:29 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-05 19:08:56 0 d-------- C:\Program Files\Lavasoft
2007-11-05 19:08:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-05 19:06:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-05 18:16:15 85568 --a------ C:\WINDOWS\system32\apbtmyuc.dll
2007-11-03 15:25:08 0 d-------- C:\WINDOWS\system32\Mz02r
2007-11-03 15:07:08 0 d-------- C:\WINDOWS\system32\Mz08r
2007-11-03 15:07:08 0 d-------- C:\Temp
2007-10-28 15:26:56 0 d-------- C:\Documents and Settings\Nikki\Application Data\MySpace
2007-10-28 15:26:50 0 d-------- C:\Program Files\MySpace


-- Find3M Report ---------------------------------------------------------------

2007-11-06 15:24:21 0 d-------- C:\Documents and Settings\Nikki\Application Data\Yahoo!
2007-11-05 20:30:48 0 d-------- C:\Program Files\Google
2007-11-05 19:23:25 0 d-------- C:\Program Files\Common Files
2007-11-05 18:37:08 0 d-------- C:\Program Files\McAfee.com


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59390F67-B669-4BB2-B88E-47BCE1F7694F}]
C:\WINDOWS\system32\ssqpo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c7459f1d-5070-44ad-85c1-106f1eea1c7c}]
11/20/2007 05:27 PM 84544 --a------ C:\WINDOWS\system32\aiyfdpgh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"ymetray"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" [10/03/2006 10:04 AM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 11:05 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [09/22/2005 05:29 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [07/01/2004 03:15 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/17/2004 04:55 PM]
"a0a01f7c"="C:\WINDOWS\system32\nnslnswc.dll" [11/20/2007 05:33 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 08:24 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [06/11/2007 05:16 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 04:04 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Nikki\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 11:04:12 AM]
Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2/26/2005 9:18:31 PM]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [10/3/2006 10:04:38 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpmll]
ssqpmll.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-11-21 11:22:07 ------------
 
1 - 4 of 4 Posts
Status
Not open for further replies.
About this Discussion
3 Replies
2 Participants
Last post:
Aaflac
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top