Here is my HiJackthis log and SuperAnti SpyWare log. After a re-start, this Trojan still remains.
----------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:54 PM, on 1/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
C:\Program Files (x86)\Razer\Copperhead\razerhid .exe
C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?
LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?
LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?
LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?
LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)
\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)
\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)
\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free
Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)
\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0
\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\VistaCodecPack\QT\QTTask .exe" -
atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\jim\AppData\Local\Temp\sstqp.dll,#1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User
'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma
Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)
\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files
(x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)
\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free
Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)
\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files (x86)\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
- C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplane...C_2.3.6.108.cabO16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) -
http://media.labs.li...osynthVista.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx...owserPlugin.cabO16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -
http://lyrancommonwe...nPUplden-us.cabO16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -
http://fdl.msn.com/p.../v13/ticker.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{F0B35AE6-6E54-4C21-903A-7DE9A69DBA21}: NameServer =
65.32.5.74,65.32.5.75
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe
(file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC
PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file
missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk
Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4
\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer,
Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32
\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common
Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files
(x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program
Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32
\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32
\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32
\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32
\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32
\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common
Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -
C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe
(file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32
\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -
C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -
C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner -
C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10901 bytes
--------------------------------------------------------
Super Anti SpyWare Log follows:
SUPERAntiSpyware Scan Log
Generated 01/05/2008 at 04:24 PM
Application Version : 3.6.1000
Core Rules Database Version : 3374
Trace Rules Database Version: 1369
Scan type : Complete Scan
Total Scan Time : 02:00:28
Memory items scanned : 243
Memory threats detected : 0
Registry items scanned : 5591
Registry threats detected : 8
File items scanned : 165564
File threats detected : 30
Adware.Vundo Variant
[MSServer] C:\WINDOWS\SYSTEM32\SSQRR.DLL
C:\WINDOWS\SYSTEM32\SSQRR.DLL
HKLM\Software\Classes\CLSID\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}
HKCR\CLSID\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}
HKCR\CLSID\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}\InprocServer32
HKCR\CLSID\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSWOW64\SSQRR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}
HKCR\CLSID\{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}
Adware.Tracking Cookie
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@2o7[2].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@atdmt[2].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@doubleclick[1].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@questionmarket[1].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@statcounter[1].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@tacoda[1].txt
C:\Users\jim\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@tribalfusion[1].txt
Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\AWTQO.EXE
C:\WINDOWS\SYSTEM32\AWTQQ.EXE
C:\WINDOWS\SYSTEM32\SSTTR.EXE
C:\WINDOWS\SYSTEM32\VTSQN.EXE
Trojan.Downloader-ConHook
C:\WINDOWS\SYSTEM32\GEBCA.EXE
C:\WINDOWS\SYSTEM32\GEBYA.EXE
C:\WINDOWS\SYSTEM32\MLJJI.EXE
C:\WINDOWS\SYSTEM32\PMKJH.EXE
C:\WINDOWS\SYSTEM32\PMKJI.EXE
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\HJKMP.INI2
C:\WINDOWS\SYSTEM32\IJKMP.INI2
C:\WINDOWS\SYSTEM32\NQSTV.INI
C:\WINDOWS\SYSTEM32\OQTWA.INI
C:\WINDOWS\SYSTEM32\RTTSS.INI
C:\WINDOWS\SYSTEM32\RTTSS.INI2
C:\WINDOWS\SYSTEM32\WYADD.INI
Trojan.WinFixer
C:\WINDOWS\SYSTEM32\PMNLI.EXE
Edited by Aidanmw, 05 January 2008 - 05:44 PM.