|
| ||
| HijackThis Log help, Terrible Virus/Malware Explanation first. Ok so I have this problem my computer runs uber slow and when I check my proccesses I have tracert.exe running a lot. Also Getting a ton of pop ups, but'm pretty sure those are just extraneous problems because whenever I delete spyware using spyware doctor tey go away. When I try to delete the Big bad one in SD however it says something about a high level threat need to rebootto delete. I do it restarts and SD runs agan right when I log on before even the start menu comes up... It finds nothin.. strt bar and Icons load...problems reappear...and If I run SD again it finds the problems again after windows has loaded. I deleted a suspicious looking program called "HP Boot Optimizer" from the wizard. it sped up my computer, but I had pop ups still tillI deleted the spyware...but after restart it came back again, except now i never shows under programs, but I can findit a C:\Program Files\ Hewlett-Packard\HP Boot Optimizer... here is the HijackThislog. ps: SD always finds the same # of infections every restart, its soewhere between like 122-168 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 5:19:11 PM, on 1/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\GameSpot\DownloadManager_Win32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\ehome\McrdSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor .exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Common Files\Real\Update_OB\realsched .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe C:\Program Files\Router\Router.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe C:\Program Files\Spyware Doctor\swdoctor .exe C:\PROGRA~1\Sony\SONICS~1\SsAAD .exe C:\WINDOWS\system32\ctfmon .exe C:\Program Files\AIM6\aim6 .exe C:\Program Files\Dot1XCfg\Dot1XCfg .exe C:\Program Files\Router\Router .exe C:\Program Files\GameSpot\GDM_TrayApp.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\mrofinu.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Dot1XCfg\Dot1XCfg.exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Desktop\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrq.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LiveSearchClubToolbarBhoApp Class - {3D266504-0FBC-4d3f-9E7C-4077A77C7DC4} - C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {90AAA931-19A3-3F5A-DC2B-30E674F20C91} - C:\WINDOWS\system32\zqhyd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\iifdcya.dll O2 - BHO: (no name) - {CF230C03-BA29-4790-911F-A934C1069190} - C:\WINDOWS\system32\ssqrq.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F546CAC59B6 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor .exe" /Q O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Amhgr] "C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe" O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user') O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...?noreloadredir O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133305996812 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: iifdcya - C:\WINDOWS\SYSTEM32\iifdcya.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 12996 bytes Thanks in advancefor any help PPS: I put red around what I think might b unusual due to my investigation...I may be wrong as this i my first time using HijackThis... and I'm not having the tracert.exe running all the time after I delete the HP Boot Optimizer so I'm pretty sure thats all bad. |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware Hi and welcome to Daniweb forums :). Please download the latest version of hijackthis; http://www.daniweb.com/forums/thread83821.html == Please download ComboFix by sUBs from HERE or HERE
Do not mouse-click combofix's window while it is running. That may cause it to stall. * Re-enable all the programs that were disabled prior to the running of ComboFix. * Post the following logs/Reports:
|
| ||
| Re: HijackThis Log help, Terrible Virus/Malware K so I tried that but that application "failed to save" the restore pointand then after it sad it could take 10 or more min I waited a half hour and came back, the wndow had faded behind the icons on my desktop so I hit Ctrl-Alt-Delete to see if it was running, It said no programs running, I moved an Icon and the window disapeared. Went to run Hijackthis to look and see if anything changed but I kept getting "Insufficient system resources to complete the requested service" Tried to repeat your instructions but got the same ssage but at the top it said nircmd.com... no I was not connected to net, router completely removed from comp... restarted and now it runs slower than ever, takes about 10min to get windows to do something, 5-6min to open Internet Explorer, and the same time to go from one page to anoter, excruciatingly frustrating. Here's my new hijackthis log... combofix never made one because it always froze. Plus after Restart Im now getting Icons on my desktop that lead to advertisments online... I don't know if my log changed but it takes a long time to scroll sI'll probably look at it after I post. I'll red anying I see thats suspicious to me but like I said Im inexperienced with it. Sorry for spelling the slownes is cutting out letters. Thanks a lot again in advance. oh and the optimzer thing isnt coming back anymore but its still running slow. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:13, on 2008-01-16 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\GameSpot\DownloadManager_Win32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\ehome\McrdSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor .exe C:\Program Files\AIM6\aim6.exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe C:\Program Files\Dot1XCfg\Dot1XCfg.exe C:\Program Files\AIM6\aim6 .exe C:\Program Files\Dot1XCfg\Dot1XCfg .exe C:\Program Files\Spyware Doctor\swdoctor .exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\GameSpot\GDM_TrayApp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\program files\aim6\anotify.exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Desktop\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\ECURIT~1\tracert.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrq.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LiveSearchClubToolbarBhoApp Class - {3D266504-0FBC-4d3f-9E7C-4077A77C7DC4} - C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {90AAA931-19A3-3F5A-DC2B-30E674F20C91} - C:\WINDOWS\system32\zqhyd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: (no name) - {AC9A9D6F-A3AB-4808-8BC4-9FC6699ED154} - C:\WINDOWS\system32\ssqrq.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\iifdcya.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /runO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DBE80DC744B6CDE3F546CAC59B6 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor .exe" /Q O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Amhgr] "C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe" O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user') O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...?noreloadredir O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133305996812 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O20 - Winlogon Notify: iifdcya - C:\WINDOWS\SYSTEM32\iifdcya.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 12597 bytes |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware Also note that the Powereg Scheduler.exe and Powerreg Scheduler V3. exe that are represented like 30 times. all of them except the last ones have a space before the .exe making them look the same, but they aedifferent files, oooh, sneaky. |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware Quote:
Try running combofix in safe mode please. == Please download VundoFix.exe to your desktop.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware Ran VundoFix, came up with about 12-16files, reboot to delete, came up with 4, reboot to delete again, came up with none. Immediately rebooted in safe made and ran ComboFix, seemed to do wonders, after reboot everything running 3000% better, got a popup on the way to this site, but I'me sure I can remove that with spyware doctor like I did before, it just came back after every reboot. Thank You so much for your time. here is the VundoFix, ComboFix, and HijackThis logs, in that order seperated by a line of o's. Thanks so much again this was far worse than any infection I've evr ran into. ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo VundoFix V6.7.7 Checking Java version... Java version is 1.5.0.4 Old versions of java are exploitable and should be removed. Scan started at 19:59:11 2008-01-17 Listing files found while scanning.... C:\WINDOWS\system32\ezSP_Px.exe C:\WINDOWS\system32\geebc.exe C:\WINDOWS\system32\iifdcya.dll C:\WINDOWS\system32\NCTAudioCDGrabber2.dll C:\WINDOWS\system32\NCTAudioFile2.dll C:\WINDOWS\system32\NCTAudioPlayer2.dll C:\WINDOWS\system32\NCTAudioRecord2.dll C:\WINDOWS\system32\NCTAVIFile.dll C:\WINDOWS\system32\NCTQuickTimeFile.dll C:\WINDOWS\system32\NCTVideoCoreM.dll C:\WINDOWS\system32\NCTWMAFile2.dll C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\qrqss.ini2 C:\WINDOWS\system32\ssqrq.dll C:\WINDOWS\system32\ssqrq.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\ezSP_Px.exe C:\WINDOWS\system32\ezSP_Px.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\geebc.exe C:\WINDOWS\system32\geebc.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\iifdcya.dll C:\WINDOWS\system32\iifdcya.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\NCTAudioCDGrabber2.dll C:\WINDOWS\system32\NCTAudioCDGrabber2.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\NCTAudioFile2.dll C:\WINDOWS\system32\NCTAudioFile2.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\NCTAudioPlayer2.dll C:\WINDOWS\system32\NCTAudioPlayer2.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\NCTAudioRecord2.dll C:\WINDOWS\system32\NCTAudioRecord2.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\NCTAVIFile.dll C:\WINDOWS\system32\NCTAVIFile.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\NCTQuickTimeFile.dll C:\WINDOWS\system32\NCTQuickTimeFile.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\NCTVideoCoreM.dll C:\WINDOWS\system32\NCTVideoCoreM.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\NCTWMAFile2.dll C:\WINDOWS\system32\NCTWMAFile2.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\qrqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qrqss.ini2 C:\WINDOWS\system32\qrqss.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqrq.dll C:\WINDOWS\system32\ssqrq.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ssqrq.exe C:\WINDOWS\system32\ssqrq.exe Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\iifdcya.dll C:\WINDOWS\system32\iifdcya.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\qrqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\qrqss.ini2 C:\WINDOWS\system32\qrqss.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqrq.dll C:\WINDOWS\system32\ssqrq.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo ComboFix 08-01-16.4 - Seth 2008-01-17 22:23:44.1 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.332 [GMT -5:00] Running from: C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\ASEMBL~1 C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\ASEMBL~1\r?gedit.exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Common Files\download C:\Program Files\Common Files\Real\Update_OB\realsched .exe C:\Program Files\Common Files\windows C:\Program Files\Common Files\windows\ack.html C:\Program Files\Common Files\windows\AutoIt3.exe C:\Program Files\Common Files\windows\autoitscript.au3 C:\Program Files\Common Files\windows\psapi.dll C:\Program Files\Common Files\windows\request.html C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Dot1XCfg\Dot1XCfg.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe C:\Program Files\Messenger\msmsgs .exe C:\Program Files\PowerISO\PWRISOVM .EXE C:\Program Files\QdrDrive C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\SlySoft\AnyDVD\AnyDVD .exe C:\Program Files\Sony\SonicStage\SsAAD .exe C:\Program Files\Spyware Doctor\swdoctor .exe C:\Program Files\Spyware Doctor\swdoctor .exe C:\Program Files\Spyware Doctor\swdoctor .exe C:\Program Files\Temporary C:\Program Files\winupdate C:\WINDOWS\b.exe C:\WINDOWS\b103.exe C:\WINDOWS\b122.exe C:\WINDOWS\b128.exe C:\WINDOWS\b138.exe C:\WINDOWS\b151.exe C:\WINDOWS\mrofinu72.exe C:\WINDOWS\system32\000080.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\ecurit~1 C:\WINDOWS\system32\ecurit~1\?ecurity\ C:\WINDOWS\system32\ecurit~1\tracert .exe C:\WINDOWS\system32\ecurit~1\tracert.exe C:\WINDOWS\system32\iifdcya.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\qrqss.ini2 C:\WINDOWS\system32\RCX89.tmp C:\WINDOWS\system32\ssqrq.dll C:\WINDOWS\system32\ssqrq.exe C:\WINDOWS\system32\wintsvcc32.exe C:\WINDOWS\system32\zqhyd.dll D:\Autorun.inf <pre>. . ((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))) . 2008-01-17 19:59 . 2008-01-17 22:03 <DIR> d-------- C:\VundoFix Backups 2008-01-16 16:59 . 2008-01-16 16:59 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico 2008-01-16 13:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 18:36 . 2008-01-14 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-13 14:28 . 2008-01-15 19:25 389,120 --a------ C:\WINDOWS\system32\ezSP_Px .exe 2008-01-13 13:33 . 2008-01-17 22:39 <DIR> d-------- C:\Program Files\Dot1XCfg 2008-01-13 13:29 . 2008-01-15 16:58 39,936 --a------ C:\WINDOWS\mrofinu72.exe.tmp 2008-01-12 14:56 . 2008-01-12 14:56 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\CrystalSpace 2008-01-12 14:56 . 2008-01-12 14:56 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\CrystalApp 2008-01-01 15:45 . 2008-01-01 15:45 <DIR> d-------- C:\Program Files\7-Zip 2007-12-30 17:41 . 2007-12-30 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent 2007-12-30 17:40 . 2007-12-30 17:40 <DIR> d-------- C:\Program Files\HP Games 2007-12-30 04:31 . 2007-12-30 04:31 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-30 04:30 . 2008-01-12 12:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-29 14:43 . 2007-12-29 15:10 <DIR> d-------- C:\PICTURES 2007-12-22 23:17 . 2007-12-22 23:17 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\InstallShield 2007-12-18 16:39 . 2007-12-18 16:39 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\vlc 2007-12-18 16:37 . 2007-12-18 16:37 <DIR> d-------- C:\Program Files\VideoLAN . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-18 03:39 --------- d-----w C:\Program Files\Spyware Doctor 2008-01-18 03:39 --------- d-----w C:\Program Files\DAEMON Tools 2008-01-18 03:39 --------- d-----w C:\Program Files\AIM6 2008-01-18 03:33 --------- d-----w C:\Program Files\QuickTime 2008-01-18 03:33 --------- d-----w C:\Program Files\PowerISO 2008-01-18 03:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-15 22:24 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-12 17:44 --------- d-----w C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\uTorrent 2008-01-01 23:10 --------- d-----w C:\Program Files\AIRFLO 2007-12-27 20:35 --------- d-----w C:\Program Files\LimeWire 2007-12-23 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 11:30 --------- d-----w C:\Program Files\JoWooD 2007-12-16 23:11 --------- d-----w C:\Program Files\DOSBox-0.65 2007-11-30 15:23 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys 2007-11-24 23:25 --------- d-----w C:\Program Files\Coupons 2007-11-23 23:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-23 22:24 --------- d-----w C:\Program Files\Atari 2007-11-20 01:53 --------- d-----w C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\Free Download Manager 2005-12-24 22:15 251 ----a-w C:\Program Files\wt3d.ini 2005-09-25 22:24 12,800 ----a-w C:\Documents and Settings\Brenda\a.exe . <pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D266504-0FBC-4d3f-9E7C-4077A77C7DC4}] 2007-08-10 02:00 217088 --a------ C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E81A936-E5C3-4BC1-9853-35736D1822DE}] 2008-01-17 22:41 336384 --a------ C:\WINDOWS\system32\ssqrq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {719D74AB-1AF9-43A1-8C62-D8750628D93E} [HKEY_CLASSES_ROOT\clsid\{719d74ab-1af9-43a1-8c62-d8750628d93e}] [HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{7507B80F-C1DE-4b0a-A0BA-120C64075F11}] [HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-15 19:25 2226688] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor .exe" [ ] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-17 22:41 412160] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-17 22:41 520192] "Amhgr"="C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe" [ ] "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-17 22:41 401408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ] "ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px .exe" [2008-01-15 19:25 389120] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 20:07 7110656] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 19:25 521216] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-15 19:25 448512] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2008-01-15 19:25 452096] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-15 19:25 476672] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-15 19:25 559104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" [] C:\Documents and Settings\Seth\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2005-07-23 12:35:10] C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\ GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [2007-08-28 12:23:00] PowerReg Scheduler .exe [2008-01-17 22:41:25] PowerReg Scheduler V3 .exe [2008-01-17 22:41:26] PowerReg Scheduler V3.exe [2008-01-17 22:41:28] PowerReg Scheduler.exe [2008-01-17 22:41:29] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 04:28:24] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=C:\WINDOWS\system32\ssqrq.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqrq R2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe [2007-08-28 12:33] R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55] R3 USB_RNDIS_XP;Westell USB Network Interface;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 07:00] S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00] S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2004-07-14 12:51] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE . Contents of the 'Scheduled Tasks' folder "2007-12-26 15:48:30 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 22:40:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ssqrq.exe 339968 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180] -> C:\WINDOWS\system32\ssqrq.dll . Completion time: 2008-01-17 22:46:10 - machine was rebooted [Seth] ComboFix-quarantined-files.txt 2008-01-18 03:46:05 ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:11 PM, on 1/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\GameSpot\DownloadManager_Win32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\ehome\McrdSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Dot1XCfg\Dot1XCfg.exe C:\Program Files\GameSpot\GDM_TrayApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aim6 .exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Desktop\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrq.exe O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor .exe" /Q O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Amhgr] "C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe" O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user') O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe O4 - Startup: PowerReg Scheduler .exe O4 - Startup: PowerReg Scheduler V3 .exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...?noreloadredir O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133305996812 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 9370 bytes ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Thanks so Much yet again!:) |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware Yeah, Ran Spyware Doctor and had 64 infections including a trojan, but they were alleasily remove and upon restart my computer is finally back to normal:icon_cheesygrin: |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware 1 Attachment(s) Can you please rename hijackthis.exe to analysethis before running another scan. ========A. Please RUN HijackThis
Quote:
3. Save the above as CFScript.txt 4. Physically disconnect from the internet. 5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. 6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:
== Stay away from key generators and cracks! |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware Great, everything you told me to get rid of appears to be fone except that .ini file, no matter how many times I tell Hijackthis it, it doesn't go away. ComboFix log ooooooooooo Hijackthis Log ooooooooooo ComboFix 08-01-16.4 - Seth 2008-01-18 14:49:35.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.186 [GMT -5:00] Running from: C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\ssqrq.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\VundoFix Backups\ezSP_Px.exe.bad C:\VundoFix Backups\geebc.exe.bad C:\VundoFix Backups\iifdcya.dll.bad C:\VundoFix Backups\NCTAudioCDGrabber2.dll.bad C:\VundoFix Backups\NCTAudioFile2.dll.bad C:\VundoFix Backups\NCTAudioPlayer2.dll.bad C:\VundoFix Backups\NCTAudioRecord2.dll.bad C:\VundoFix Backups\NCTAVIFile.dll.bad C:\VundoFix Backups\NCTQuickTimeFile.dll.bad C:\VundoFix Backups\NCTVideoCoreM.dll.bad C:\VundoFix Backups\NCTWMAFile2.dll.bad C:\VundoFix Backups\qrqss.ini.bad C:\VundoFix Backups\qrqss.ini2.bad C:\VundoFix Backups\ssqrq.dll.bad C:\VundoFix Backups\ssqrq.exe.bad C:\WINDOWS\system32\qrqss.ini C:\WINDOWS\system32\qrqss.ini2 C:\WINDOWS\system32\ssqrq.dll C:\WINDOWS\system32\ssqrq.exe . ((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))) . 2008-01-18 09:33 . 2008-01-18 14:50 389,120 --a------ C:\WINDOWS\system32\ezSP_Px .exe 2008-01-18 09:32 . 2008-01-18 09:32 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Incomplete 2008-01-16 16:59 . 2008-01-16 16:59 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico 2008-01-16 13:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-13 18:36 . 2008-01-14 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-13 14:28 . 2008-01-15 19:25 389,120 --a------ C:\WINDOWS\system32\ezSP_Px .exe 2008-01-13 13:33 . 2008-01-18 14:50 <DIR> d-------- C:\Program Files\Dot1XCfg 2008-01-13 13:29 . 2008-01-15 16:58 39,936 --a------ C:\WINDOWS\mrofinu72.exe.tmp 2008-01-12 14:56 . 2008-01-12 14:56 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\CrystalSpace 2008-01-12 14:56 . 2008-01-12 14:56 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\CrystalApp 2008-01-01 15:45 . 2008-01-01 15:45 <DIR> d-------- C:\Program Files\7-Zip 2007-12-30 17:41 . 2007-12-30 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent 2007-12-30 17:40 . 2007-12-30 17:40 <DIR> d-------- C:\Program Files\HP Games 2007-12-30 04:31 . 2007-12-30 04:31 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-30 04:30 . 2008-01-12 12:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-29 14:43 . 2007-12-29 15:10 <DIR> d-------- C:\PICTURES 2007-12-22 23:17 . 2007-12-22 23:17 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\InstallShield 2007-12-18 16:39 . 2007-12-18 16:39 <DIR> d-------- C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\vlc 2007-12-18 16:37 . 2007-12-18 16:37 <DIR> d-------- C:\Program Files\VideoLAN . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-18 19:50 --------- d-----w C:\Program Files\Spyware Doctor 2008-01-18 19:50 --------- d-----w C:\Program Files\QuickTime 2008-01-18 19:50 --------- d-----w C:\Program Files\PowerISO 2008-01-18 19:50 --------- d-----w C:\Program Files\DAEMON Tools 2008-01-18 19:50 --------- d-----w C:\Program Files\AIM6 2008-01-18 18:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-15 22:24 --------- d-----w C:\Program Files\Hewlett-Packard 2008-01-12 17:44 --------- d-----w C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\uTorrent 2008-01-01 23:10 --------- d-----w C:\Program Files\AIRFLO 2007-12-27 20:35 --------- d-----w C:\Program Files\LimeWire 2007-12-23 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-17 11:30 --------- d-----w C:\Program Files\JoWooD 2007-12-16 23:11 --------- d-----w C:\Program Files\DOSBox-0.65 2007-11-30 15:23 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys 2007-11-24 23:25 --------- d-----w C:\Program Files\Coupons 2007-11-23 23:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-23 22:24 --------- d-----w C:\Program Files\Atari 2007-11-20 01:53 --------- d-----w C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Application Data\Free Download Manager 2005-12-24 22:15 251 ----a-w C:\Program Files\wt3d.ini 2005-09-25 22:24 12,800 ----a-w C:\Documents and Settings\Brenda\a.exe . <pre> ((((((((((((((((((((((((((((( snapshot@2008-01-17_22.45.39.07 ))))))))))))))))))))))))))))))))))))))))) . + 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2008-01-18 19:48:36 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-18 19:48:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-18 19:48:36 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-18 19:48:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-18 19:48:36 8,974,336 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat + 2008-01-18 19:48:36 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-18 19:48:36 8,679,424 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\ntuser.dat + 2008-01-18 19:48:36 159,744 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000008\UsrClass.dat + 2008-01-18 20:08:45 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_60c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D266504-0FBC-4d3f-9E7C-4077A77C7DC4}] 2007-08-10 02:00 217088 --a------ C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F72F2D89-4A45-46F7-83A4-B45C5838806C}] 2008-01-18 15:09 336384 --a------ C:\WINDOWS\system32\ssqrq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {719D74AB-1AF9-43A1-8C62-D8750628D93E} [HKEY_CLASSES_ROOT\clsid\{719d74ab-1af9-43a1-8c62-d8750628d93e}] [HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{7507B80F-C1DE-4b0a-A0BA-120C64075F11}] [HKEY_CLASSES_ROOT\LiveToolbar.LiveToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-18 14:50 2226688] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor .exe" [ ] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-18 14:50 412160] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-18 14:50 520192] "Amhgr"="C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe" [ ] "Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-17 22:41 401408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ] "ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px .exe" [2008-01-18 14:50 389120] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 20:07 7110656] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-15 19:25 521216] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2008-01-18 14:50 448512] "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2008-01-15 19:25 452096] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-15 19:25 476672] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-15 19:25 559104] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Spyware Doctor"="" [] C:\Documents and Settings\Seth\Start Menu\Programs\Startup\ PowerReg Scheduler.exe [2005-07-23 12:35:10] C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Start Menu\Programs\Startup\ GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GDM_TrayApp.exe [2007-08-28 12:23:00] PowerReg Scheduler .exe [2008-01-18 15:10:11] PowerReg Scheduler V3 .exe [2008-01-18 15:10:14] PowerReg Scheduler V3 .exe [2008-01-18 14:50:22] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 04:28:24] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 16:23:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows] "load"=C:\WINDOWS\system32\ssqrq.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqrq R2 DNADownloader;DNADownloader;C:\Program Files\GameSpot\DownloadManager_Win32.exe [2007-08-28 12:33] R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55] S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 07:00] S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2004-07-14 12:51] S3 USB_RNDIS_XP;Westell USB Network Interface;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 07:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] QWAVE REG_MULTI_SZ QWAVE . Contents of the 'Scheduled Tasks' folder "2007-12-26 15:48:30 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-18 15:09:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ssqrq.exe 339968 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180] -> C:\WINDOWS\system32\ssqrq.dll . Completion time: 2008-01-18 15:15:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-18 20:15:05 ComboFix2.txt 2008-01-18 03:46:10 ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:20:06 PM, on 1/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\GameSpot\DownloadManager_Win32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\RMSvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\ehome\McrdSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Dot1XCfg\Dot1XCfg.exe C:\Program Files\Dot1XCfg\Dot1XCfg .exe C:\Program Files\GameSpot\GDM_TrayApp.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aim6 .exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\Desktop\analysethis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrq.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LiveSearchClubToolbarBhoApp Class - {3D266504-0FBC-4d3f-9E7C-4077A77C7DC4} - C:\Program Files\Live Search Club Toolbar\LiveSearchClubToolbarBho.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: (no name) - {F72F2D89-4A45-46F7-83A4-B45C5838806C} - C:\WINDOWS\system32\ssqrq.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px .exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor .exe" /Q O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Amhgr] "C:\Documents and Settings\Seth.YOUR-55E5F9E3D2.000\My Documents\a?sembly\r?gedit.exe" O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user') O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...?noreloadredir O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133305996812 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 9911 bytes ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo |
| ||
| Re: HijackThis Log help, Terrible Virus/Malware Please boot into safe mode. A. Please RUN HijackThis
Quote:
3. Save the above as CFScript.txt 4. Physically disconnect from the internet. 5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. 6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. http://i5.photobucket.com/albums/y15...1/CFScript.gif 7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:
|
| All times are GMT -4. The time now is 1:08 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC