Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Newbie - found ssqpp.dll file

Started by Allnite , Jan 05 2008 10:23 AM

  • Please log in to reply

#1
Allnite
Posted 05 January 2008 - 10:23 AM

Allnite

    New Member

  • Member
  • Pip
  • 1 posts
I'm new to this, so please understand if I ask too many questions. I've read a few threads here to try and fix my Vundo virus issue, but I'm lost at this point. Here is where I am so far:

ComboFix 08-01-04.1 - Compaq_Administrator 2007-12-15 22:51:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.454 [GMT -6:00]
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SpyNoMore\SNM .exe
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ssqpp.dll
.
---- Previous Run -------
.
C:\Program Files\SpyNoMore\SNM .exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Program Files\TrojanHunter 5.0\THGuard .exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\RCXC4.tmp
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\ssqpp.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf
C:\WINDOWS\Fonts\'

<pre>
"C:\Program Files\TrojanHunter 5.0\THGuard  .exe" replaces infected copy of "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.

2008-01-05 00:43 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 00:38 . 2008-01-05 00:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-04 23:58 . 2008-01-05 01:10 <DIR> d-------- C:\VundoFix Backups
2008-01-04 23:27 . 2008-01-03 18:44 147,456 --a------ C:\WINDOWS\system32\Copy of vbzip10.dll
2008-01-04 22:59 . 2008-01-04 22:59 335,360 --a------ C:\WINDOWS\system32\ssqpp.dll
2008-01-04 22:59 . 2008-01-04 23:00 319 --ahs---- C:\WINDOWS\system32\ppqss.ini
2008-01-04 16:38 . 2008-01-04 16:38 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\TrojanHunter
2008-01-04 15:58 . 2007-12-15 22:23 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-03 19:42 . 2008-01-03 19:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-01-03 19:30 . 2008-01-03 19:30 338,944 --a------ C:\WINDOWS\system32\RCX9A4.tmp
2008-01-03 19:25 . 2008-01-04 19:57 15,360 --a------ C:\WINDOWS\system32\OLD19.tmp
2008-01-03 19:22 . 2008-01-03 19:22 338,944 --a------ C:\WINDOWS\system32\RCX56B.tmp
2008-01-03 19:21 . 2008-01-03 19:21 338,944 --a------ C:\WINDOWS\system32\RCX51E.tmp
2008-01-03 19:21 . 2008-01-03 19:21 338,944 --a------ C:\WINDOWS\system32\RCX4D3.tmp
2008-01-03 19:20 . 2008-01-03 19:20 338,944 --a------ C:\WINDOWS\system32\RCX4AC.tmp
2008-01-03 19:20 . 2008-01-03 19:20 338,944 --a------ C:\WINDOWS\system32\RCX458.tmp
2008-01-03 19:19 . 2008-01-03 19:19 338,944 --a------ C:\WINDOWS\system32\RCX40E.tmp
2008-01-03 19:18 . 2008-01-03 19:18 338,944 --a------ C:\WINDOWS\system32\RCX3C3.tmp
2008-01-03 19:18 . 2008-01-03 19:18 338,944 --a------ C:\WINDOWS\system32\RCX378.tmp
2008-01-03 19:17 . 2008-01-03 19:17 338,944 --a------ C:\WINDOWS\system32\RCX32D.tmp
2008-01-03 19:16 . 2008-01-03 19:16 338,944 --a------ C:\WINDOWS\system32\RCX2E2.tmp
2008-01-03 19:16 . 2008-01-03 19:16 338,944 --a------ C:\WINDOWS\system32\RCX297.tmp
2008-01-03 19:15 . 2008-01-03 19:15 338,944 --a------ C:\WINDOWS\system32\RCX22D.tmp
2008-01-03 19:14 . 2008-01-03 19:14 338,944 --a------ C:\WINDOWS\system32\RCX1D1.tmp
2008-01-03 19:14 . 2008-01-03 19:14 338,944 --a------ C:\WINDOWS\system32\RCX185.tmp
2008-01-03 19:13 . 2008-01-03 19:13 338,944 --a------ C:\WINDOWS\system32\RCX138.tmp
2008-01-03 19:03 . 2008-01-03 19:03 338,944 --a------ C:\WINDOWS\system32\RCX3CF.tmp
2008-01-03 19:02 . 2008-01-03 19:02 338,944 --a------ C:\WINDOWS\system32\RCX384.tmp
2008-01-03 19:02 . 2008-01-03 19:02 338,944 --a------ C:\WINDOWS\system32\RCX338.tmp
2008-01-03 19:01 . 2008-01-03 19:01 338,944 --a------ C:\WINDOWS\system32\RCX2EE.tmp
2008-01-03 19:01 . 2008-01-03 19:01 338,944 --a------ C:\WINDOWS\system32\RCX22C.tmp
2008-01-03 19:00 . 2008-01-03 19:00 338,944 --a------ C:\WINDOWS\system32\RCX1D7.tmp
2008-01-03 19:00 . 2008-01-03 19:00 338,944 --a------ C:\WINDOWS\system32\RCX187.tmp
2008-01-03 18:59 . 2008-01-03 18:59 338,944 --a------ C:\WINDOWS\system32\RCX13F.tmp
2008-01-03 18:59 . 2008-01-03 18:59 338,944 --a------ C:\WINDOWS\system32\RCX117.tmp
2008-01-03 18:44 . 2008-01-03 18:46 <DIR> d-------- C:\Program Files\kernel
2008-01-03 18:44 . 2008-01-03 18:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-03 18:41 . 2008-01-03 18:41 134 --a------ C:\n.bat
2007-12-31 20:33 . 2007-12-31 20:42 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Moyea
2007-12-22 11:06 . 2007-12-22 11:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-22 11:06 . 2007-12-22 11:06 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-19 14:05 . 2007-12-19 14:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 05:00 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-05 04:59 338,944 ----a-w C:\WINDOWS\system32\ssqpp.exe
2008-01-05 04:59 --------- d-----w C:\Program Files\SpyNoMore
2008-01-05 01:58 24,576 ----a-w C:\WINDOWS\system32\CTHELPER.EXE
2008-01-04 01:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 00:46 --------- d-----w C:\Program Files\QuickTime
2008-01-04 00:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 00:44 278,556 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-12-17 23:49 1,552 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
<pre>
----a-w		 1,560,576 2008-01-05 04:59:32  C:\Program Files\SpyNoMore\SNM .exe
----a-w		 5,355,832 2008-01-04 01:12:19  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w			64,512 2008-01-05 02:26:56  C:\WINDOWS\ehome\ehtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DFF832AB-32A8-486C-9B02-5DDF9DD9DE3D}]
2008-01-04 22:59 335360 --a------ C:\WINDOWS\system32\ssqpp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 15:00 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [ ]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"DXDllRegExe"="dxdllreg.exe" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [ ]
"WINDVDPatch"="CTHELPER.EXE" [2008-01-04 19:58 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [ ]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [ ]
"IcoSet"="c:\hp\bin\cloaker.exe" [ ]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [ ]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [ ]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:19 77312 C:\WINDOWS\arpwrmsg.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [ ]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard .exe" [ ]
"SNM"="C:\Program Files\SpyNoMore\SNM .exe" [2008-01-04 22:59 1560576]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-26 03:09:52]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-10-03 13:56:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{00DC0058-A87E-4D19-9C26-F1AAC98AD4D7}"= C:\WINDOWS\system32\ljjkkhe.dll [ ]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ssqpp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqpp

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-06-21 17:43]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 22:59:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 23:06:14 - machine was rebooted [Compaq_Administrator]
ComboFix-quarantined-files.txt 2008-01-05 05:06:04
.
2007-12-13 09:09:52 --- E O F ---

Also:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:48 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpp.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IcoSet] "c:\hp\bin\cloaker.exe" c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard .exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM .exe /startup
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1151762127453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1153874685953
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: Privacy Protection - about:home

--
End of file - 10047 bytes


I have downloaded VundoFix v.6.7.7, CCleaner, VirtumondeBegone, and various other software. I don't know where to go from here though.

Any help would be appreciated!!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP