Jump to content


Photo

.dll files proving very difficult to get rid of.


  • This topic is locked This topic is locked
9 replies to this topic

#1 RealChinoC

RealChinoC

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 22 May 2007 - 10:06 PM

I use firefox to browse the web, and recently received a pop-up in an IE window, when I was looking at google. Thinking something was wrong, I ran Ad-Aware (which thought everything was fine) and also used Windows search to look for any files recently created (as the problem had never shown before).

Right enough, there were two .dll files with unusual names that had appeared in my system32 folder. I have been running HJT and Killbox and using their functions to delete the files (including at reboot), but after every restart the files have returned, seemingly unscathed!

The two files are ssqqqnl.dll and awtqp.dll. I've highlighted them in the log below, hopefully you'll find it convenient.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 04:03:34, on 23/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nate\Desktop\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {27784E9B-66F4-47EE-A7BF-F80994BF4CDB} - C:\WINDOWS\system32\ssqqqnl.dll
O2 - BHO: (no name) - {814F094B-496F-413B-BC1A-80B62A287FD9} - C:\WINDOWS\system32\awtqp.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9402C02-8816-46B6-B343-C6F03E3A70FB}: NameServer = 62.31.64.39,62.31.64.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtqp - C:\WINDOWS\system32\awtqp.dll
O20 - Winlogon Notify: ssqqqnl - C:\WINDOWS\SYSTEM32\ssqqqnl.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4693 bytes

I would much appreciate any help that I could be given. The pop-ups keep directing me to loan websites and I'm afraid I might do something I'll regret!

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 25 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 29 May 2007 - 09:23 AM

Hello,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 RealChinoC

RealChinoC

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 29 May 2007 - 10:50 AM

Thanks for helping!

Combofix.txt below:


"Nate" - 2007-05-29 16:32:52 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Nate\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ajuqpgwq.dll
C:\WINDOWS\system32\bokdarte.dll
C:\WINDOWS\system32\clisexmm.dll
C:\WINDOWS\system32\gofoyyrt.dll
C:\WINDOWS\system32\jjjhdmxb.dll
C:\WINDOWS\system32\rcymtyvr.dll
C:\WINDOWS\system32\vyhtmlia.dll
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\mmxesilc.ini
C:\WINDOWS\system32\rvytmycr.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.bak2
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\awtqp.dll
C:\WINDOWS\system32\ssqqqnl.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 ))))))))))))))))))))))))))))))))))


2007-05-23 03:08 <DIR> d-------- C:\!KillBox
2007-05-23 02:43 <DIR> d-------- C:\WINDOWS\pss
2007-05-23 02:10 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-05-23 02:07 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-23 02:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-23 02:07 <DIR> d-------- C:\DOCUME~1\Nate\APPLIC~1\Lavasoft
2007-05-22 23:11 <DIR> d-------- C:\DOCUME~1\Nate\APPLIC~1\WinRAR
2007-05-21 02:51 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-05-14 20:13 82,774 --a------ C:\WINDOWS\Uninstall Jade Empire.exe
2007-05-14 19:39 <DIR> d-------- C:\Program Files\Jade Empire
2007-05-01 04:39 <DIR> d-------- C:\DOCUME~1\Nate\APPLIC~1\Help
2007-04-30 13:44 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-04-30 13:43 <DIR> d-------- C:\Unreal Anthology


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-29 15:35:10 24 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000007-00001102-00000004-00511102}.dat
2007-05-29 15:35:10 24 ----a-w C:\WINDOWS\system32\DVCState-{00000005-00000000-00000007-00001102-00000004-00511102}.dat
2007-05-23 19:54:07 -------- d-----w C:\DOCUME~1\Nate\APPLIC~1\Skype
2007-05-23 04:21:59 -------- d-----w C:\Program Files\World of Warcraft
2007-05-04 14:05:00 -------- d-----w C:\Program Files\PokerStars
2007-04-30 12:43:52 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 16:13:11 -------- d-----w C:\Program Files\City of Heroes
2007-04-27 00:17:01 -------- d-----w C:\Program Files\Skype
2007-04-27 00:17:01 -------- d-----w C:\Program Files\Common Files\Skype
2007-04-27 00:04:12 -------- d-----w C:\Program Files\Teamspeak2_RC2
2007-04-27 00:04:12 -------- d-----w C:\DOCUME~1\Nate\APPLIC~1\teamspeak2
2007-04-19 18:41:22 -------- d-----w C:\Program Files\Yahoo!
2007-04-19 13:22:59 -------- d-----w C:\DOCUME~1\Nate\APPLIC~1\Ventrilo
2007-04-19 13:20:13 -------- d-----w C:\Program Files\Ventrilo
2007-04-18 23:38:32 0 ----a-r C:\logwmemory.bin
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 23:23:48 -------- d-----w C:\DOCUME~1\Nate\APPLIC~1\Apple Computer
2007-04-13 23:23:44 -------- d-----w C:\Program Files\iTunes
2007-04-13 23:23:41 -------- d-----w C:\Program Files\iPod
2007-04-13 23:23:31 -------- d-----w C:\Program Files\QuickTime
2007-03-30 17:57:27 -------- d-----w C:\DOCUME~1\Nate\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-03-30 17:30:14 -------- d-----w C:\Program Files\Electronic Arts
2007-03-29 00:32:40 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-29 00:14:46 -------- d-----w C:\Program Files\DAEMON Tools
2007-03-29 00:13:29 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-28 23:57:00 -------- d--h--r C:\DOCUME~1\Nate\APPLIC~1\SecuROM
2007-03-28 18:03:05 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-03-28 17:42:19 -------- d-----w C:\Program Files\Common Files\Logitech
2007-03-28 17:42:05 -------- d-----w C:\Program Files\Logitech
2007-03-24 18:55:59 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll
2007-03-22 16:56:01 1,168 ----a-w C:\WINDOWS\mozver.dat
2007-03-22 16:42:29 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-22 15:42:45 0 --sha-r C:\MSDOS.SYS
2007-03-22 15:42:45 0 --sha-r C:\IO.SYS
2007-03-22 15:42:45 0 ----a-w C:\CONFIG.SYS
2007-03-22 15:42:45 0 ----a-w C:\AUTOEXEC.BAT
2007-03-22 15:40:17 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 C:\WINDOWS\system32\CTHELPER.EXE]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 02:00]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-19 11:45]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-19 11:39]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fdf4036-d880-11db-b3f3-806d6172696f}]
AutoRun\command- E:\ASUSACPI.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 16:36:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2???A~??A~????????\???\???????????U?A~??A~\???\???????`|`??????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-29 16:36:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-29 16:36

--- E O F ---

...and the new HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:47:24, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Nate\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9402C02-8816-46B6-B343-C6F03E3A70FB}: NameServer = 62.31.64.39,62.31.64.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4311 bytes


Quickly looking at that myself, I think you've cracked it, but before I get excited I'll let you check it over.

Thanks again for your help!

#5 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 29 May 2007 - 12:18 PM

Hi,

Yes, your logs look clean again. :)

Delete the C:\Qoobox - folder.

And, most important of all, I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!! :)

Avira, AVG OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Comodo OR Kerio are FREE firewalls.

Understanding and using firewalls

Let me know in your next reply how things are now..
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 lnhiv

lnhiv

    Member

  • New Member
  • Pip
  • 1 posts

Posted 30 May 2007 - 02:26 AM

I just wanted to say thank you to miekiemoes for the help he gave to RealChinoC, and thanks to RealChinoC for posting this.

I had this exact same issue, and sure enough, I had the same bad dll's, along with one more: bxxohlwm.dll and its reverse name.

These dll's managed to avoid every program out there except combofix. The worst part is that these dll's showed up after I installed AVG. Those popups were quite maddening.

Thanks again for your knowledge.

Edited by lnhiv, 30 May 2007 - 02:29 AM.


#7 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 30 May 2007 - 03:38 AM

Hi Inhiv,

If you need help with your log, please start a new thread with it. Don't post in someone elses thread, because this is confusing :)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#8 RealChinoC

RealChinoC

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 05 June 2007 - 05:24 AM

Hey Inhiv, glad to hear you got your problem fixed too. Looks like miekiemoes is multi-talented!

In other news, everything's working perfectly now, thanks very much! :D

#9 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 05 June 2007 - 06:09 AM

Glad to hear it solved your problem :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#10 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 06 June 2007 - 05:51 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button