I was getting a ton of pop-ups and noticed that outerinfo was installed on my computer. I uninstalled this. Then I ran the ComboFix.
I also downloaded and ran AVG Anti-spyware. This found a few high level infections. I deleted these and when I restarted my computer the AVG software was gone.
I am still getting the pop-ups.
I will post a copy of my Combofix and HijackThis logs if anyone can help me I would appreciate it.
Here is a copy of my Combofix log:
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\Ahead\Nero BackItUp\NBJ .exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl .exe
C:\Program Files\EarthLink TotalAccess\TaskPanl .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\McAfee.com\Agent\mcupdate .exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
C:\Program Files\McAfee.com\VSO\mcvsshld .exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Nero\data\Xtras\MSSYSM~1 .EXE
C:\Program Files\Nero\data\Xtras\MSSYSM~2 .EXE
C:\Program Files\Nero\data\Xtras\MSSYSM~3 .EXE
C:\Program Files\Nero\data\Xtras\mssysmgr .exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\Online Services\lawuhevol.dll
C:\Program Files\Online Services\lawuhevol220.dll
C:\Program Files\Online Services\lawuhevol535.dll
C:\Program Files\Online Services\lawuhevol865.dll
C:\Program Files\Online Services\progyvaprak.html
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
C:\Program Files\Windows Media Player\holenut4444.dll
C:\Program Files\Windows Media Player\holenut83122.dll
C:\Program Files\Yahoo!\browser\ybrwicon .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\crosof~1
C:\WINDOWS\crosof~1\??crosoft\
C:\WINDOWS\crosof~1\mmc .exe
C:\WINDOWS\crosof~1\mmc.exe
C:\WINDOWS\mouse.dll
C:\WINDOWS\Q2hyaXMgUmlkZWxsYQ\
C:\WINDOWS\Q2hyaXMgUmlkZWxsYQ\\asappsrv.dll
C:\WINDOWS\Q2hyaXMgUmlkZWxsYQ\\command.exe
C:\WINDOWS\Q2hyaXMgUmlkZWxsYQ\\kZ1Vurg0oA54tqUPsk.vbs
C:\WINDOWS\Q2hyaXMgUmlkZWxsYQ\command.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\b3\timedrdll2.exe
C:\WINDOWS\SYSTEM32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\system32\gzchbri.dll
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\ljjggef.dll
C:\WINDOWS\system32\mobjchku.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\p2\oedvers112.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnkkjj.dll
C:\WINDOWS\SYSTEM32\prqss.ini
C:\WINDOWS\SYSTEM32\prqss.ini2
C:\WINDOWS\system32\RCX67.tmp
C:\WINDOWS\system32\RCX68.tmp
C:\WINDOWS\system32\RCX69.tmp
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.exe
C:\WINDOWS\system32\t8
C:\WINDOWS\system32\t8\tycodllz83122.exe
C:\WINDOWS\system32\wnstssu.exe
C:\WINDOWS\system32\z0
C:\WINDOWS\system32\z0\vetzcomz22.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
<pre> C:\Program Files\BroadJump\Client Foundation\CFD .exe ---> CFD.exe C:\Program Files\Common Files\Real\Update_OB\realsched .exe ---> realsched.exe C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe ---> EngUtil.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe ---> sgtray.exe C:\Program Files\Dell\Media Experience\PCMService .exe ---> PCMService.exe C:\Program Files\DellSupport\DSAgnt .exe ---> DSAgnt.exe C:\Program Files\EarthLink TotalAccess\TaskPanl .exe ---> TaskPanl.exe C:\Program Files\iTunes\iTunesHelper .exe ---> iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent .exe ---> QooBox C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE ---> QooBox C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe ---> QooBox C:\Program Files\McAfee.com\VSO\mcvsshld .exe ---> QooBox C:\Program Files\Messenger\MSMSGS .EXE ---> MSMSGS.EXE C:\Program Files\Microsoft Money\System\mnyexpr .exe ---> mnyexpr.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe ---> mmtask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe ---> mm_tray.exe C:\Program Files\Real\RealPlayer\realplay .exe ---> realplay.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe ---> RxMon.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe ---> DrgToDsc.exe C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe ---> QooBox C:\Program Files\Yahoo!\browser\ybrwicon .exe ---> QooBox C:\WINDOWS\SYSTEM32\ctfmon .exe ---> QooBox C:\WINDOWS\SYSTEM32\DSentry .exe ---> QooBox C:\WINDOWS\SYSTEM32\hkcmd .exe ---> hkcmd.exe C:\WINDOWS\SYSTEM32\igfxtray .exe ---> igfxtray.exe C:\WINDOWS\SYSTEM32\mobjchku .exe ---> mobjchku.exe C:\WINDOWS\SYSTEM32\NeroCheck .exe ---> NeroCheck.exe C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe ---> tfswctrl.exe C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_S4I2K1 .EXE ---> E_S4I2K1.EXE </pre>.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.
2008-01-13 23:36 . 2008-01-13 23:36 <DIR> d-------- C:\Temp\tn3
2008-01-13 23:36 . 2008-01-13 23:36 334,336 --------- C:\WINDOWS\SYSTEM32\ssqrp.dll
2008-01-13 23:36 . 2008-01-13 23:36 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-13 23:36 . 2008-01-13 23:36 932 --------- C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-01-13 22:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 21:46 . 2008-01-13 21:47 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\yahoo!
2008-01-13 21:41 . 2008-01-13 21:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 21:04 . 2008-01-13 21:04 <DIR> d-------- C:\Documents and Settings\user\Application Data\Talkback
2008-01-13 19:54 . 2008-01-13 23:37 478,208 --a------ C:\WINDOWS\SYSTEM32\mobjchku.exe
2008-01-13 19:53 . 2008-01-13 23:37 494,592 --a------ C:\WINDOWS\SYSTEM32\NeroCheck.exe
2008-01-13 19:53 . 2008-01-13 23:37 494,592 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-13 19:53 . 2008-01-13 23:37 453,632 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-13 19:35 . 2008-01-13 19:35 4,286 --a------ C:\WINDOWS\SYSTEM32\everybodybets.32x32.4.ico
2008-01-13 18:40 . 2007-12-27 08:37 425,984 --a------ C:\WINDOWS\SYSTEM32\memopbdb.dll
2008-01-13 18:40 . 2007-12-11 13:14 151,552 --a------ C:\WINDOWS\SYSTEM32\rushjxmp.exe
2008-01-13 18:40 . 2007-12-11 13:14 151,552 --a------ C:\WINDOWS\SYSTEM32\bkmoopob.exe
2008-01-13 18:40 . 2008-01-13 18:40 86,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atintuxxx.sys
2008-01-13 18:40 . 2008-01-13 18:40 54,033 --a------ C:\WINDOWS\SYSTEM32\memouint.exe
2008-01-13 18:39 . 2008-01-13 18:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\edcA01
2008-01-13 18:39 . 2008-01-13 18:40 <DIR> d-------- C:\Temp\Ryuan1
2008-01-12 20:32 . 2008-01-12 20:32 <DIR> d-------- C:\Documents and Settings\user\Application Data\.BitTornado
2008-01-12 13:09 . 2008-01-12 13:09 <DIR> d-------- C:\Program Files\BitTornado
2007-12-15 21:09 . 2007-12-15 21:09 <DIR> d-------- C:\Program Files\Disney
2007-12-15 21:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-12-15 21:00 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2007-12-14 22:10 . 2007-12-15 09:37 <DIR> d-------- C:\Program Files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 05:37 --------- d-----w C:\Program Files\iTunes
2008-01-14 05:37 --------- d-----w C:\Program Files\DellSupport
2008-01-14 05:36 --------- d-----w C:\Program Files\EarthLink TotalAccess
2008-01-14 05:27 --------- d-----w C:\Program Files\QuickTime
2008-01-14 04:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 03:22 367,616 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-13 02:32 --------- d-----w C:\Documents and Settings\user\Application Data\.BitTornado
2007-11-21 18:58 --------- d--h--r C:\Documents and Settings\user\Application Data\yahoo!
2007-11-21 18:58 --------- d-----w C:\Documents and Settings\user\Application Data\Gtek
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2004-01-18 18:53 2,076,672 ----a-w C:\Program Files\Accelerator.msi
2004-01-18 17:26 427,136 ----a-w C:\Program Files\TA2004_1.exe
.
<pre> ----a-w 28,672 2008-01-14 05:36:51 C:\WINDOWS\SYSTEM32\DSentry .exe </pre>
Files Infected - Win32.Agent.zb
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BE61964-313F-41DE-96B2-D4D72792DD9B}]
2008-01-13 23:36 334336 --------- C:\WINDOWS\system32\ssqrp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A}]
2007-12-27 08:37 425984 --a------ C:\WINDOWS\system32\memopbdb.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2008-01-13 23:37 550912]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2008-01-13 23:37 866816]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\MSSYSM~4.EXE" [ ]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2008-01-13 23:37 2224640]
"RealPlayer"="C:\Program Files\Real\RealPlayer\realplay.exe" [2008-01-13 23:37 1368064]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ .exe" [ ]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [ ]
"Ncao"="C:\WINDOWS\CROSOF~1\mmc.exe" [ ]
"comup"="C:\WINDOWS\system32\mobjchku.exe" [2008-01-13 23:37 478208]
"Csh"="C:\Documents and Settings\user\Application Data\W?nSxS\s?rvices.exe" [ ]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl .exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-13 23:37 494592]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-13 23:37 453632]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 02:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2008-01-13 23:37 479232]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-13 23:37 494080]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-13 21:22 367616]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-13 23:37 566784]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 23:37 490496]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2008-01-13 23:37 392192]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2008-01-13 23:37 483328]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [ ]
"EPSON Stylus Photo RX500"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.exe" [2008-01-13 23:37 443904]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-13 23:37 494592]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2008-01-13 23:37 405504]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2008-01-13 23:37 1214464]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2008-01-13 23:37 670720]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2008-01-13 23:37 709120]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-13 23:37 696320]
"McRegWiz"="c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-01-08 23:52:28]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-08-03 09:43:50]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 12:04:38]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ssqrp.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ssqrp
R1 atintuxxx;atintuxxx;C:\WINDOWS\system32\drivers\atintuxxx.sys [2008-01-13 18:40]
R2 VPCAppSv;Virtual PC Application Services;C:\WINDOWS\system32\DRIVERS\VPCAppSv.sys [2002-05-20 19:31]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 05:23:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-01-15 03:10:17 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-01-14 05:39:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D8CK4441-Administrator).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-01-14 05:41:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D8CK4441-user).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate .ex
- C:\PROGRA~1\mcafee.com\agent
"2008-01-14 03:04:23 C:\WINDOWS\Tasks\McAfee.com Update Check (D8CK4441-user).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate .ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 23:38:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\prqss.ini 391 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ssqrp.dll
.
Completion time: 2008-01-13 23:42:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 05:42:23
.
2008-01-09 12:26:50 --- E O F ---
Here is a copy of my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:11 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\hkcmd .exe
C:\WINDOWS\system32\dla\tfswctrl .exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\DSentry .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask .exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\DellSupport\DSAgnt .exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrp.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: On The Net Search Helper - {4E8F5D76-EF5B-46C8-B35B-C86F8BD6621A} - C:\WINDOWS\system32\memopbdb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {D5A958EC-DE46-4092-97ED-7CB6DA45F5D8} - C:\WINDOWS\system32\ssqrp.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\MSSYSM~4.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ .exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet
O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\CROSOF~1\mmc.exe" -vt yazb
O4 - HKCU\..\Run: [comup] C:\WINDOWS\system32\mobjchku.exe
O4 - HKCU\..\Run: [Csh] "C:\Documents and Settings\user\Application Data\W?nSxS\s?rvices.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl .exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - https://fcsmail.fish.../spv3rdpchk.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1197689227062
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://fcsmail.fish...TSWeb/msrdp.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.to...31.3/ttinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 12403 bytes
Edited by minib, 17 January 2008 - 12:43 PM.
Sign In
Create Account
