WiredWX Hobby Weather ToolsLog in

 


descriptionMalware Doctor, Regedit and Task Manager Blocked EmptyMalware Doctor, Regedit and Task Manager Blocked

more_horiz
Please see my Log file and helpme out of this.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:26 AM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Documents and Settings\LocalService\Application Data\916653139.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\NG\Sanjeev.exe
C:\program Files\ThunMail\testabd.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Documents and Settings\NG\reader_s.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
c:\jotvxhh.exe
c:\jotvxhh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\NG\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://10.48.190.5/edmsreports/login.jsp
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: (no name) - {03bd7103-8f87-4aae-993d-045a58e64044} - C:\WINDOWS\system32\zrbpdafu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {707acbab-c690-420d-9bc7-b4cb3a111c21} - c:\windows\system32\icvjunh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Anti Popup - {EFCA9D4B-F2E8-487d-8505-E4D0E459ABFE} - C:\PROGRA~1\CATCOM~1\QUICKH~1\apop.dll (file missing)
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\CATCOM~1\QUICKH~1\emlproxy.exe
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\CATCOM~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\CATCOM~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\CATCOM~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [Startup Scan] C:\PROGRA~1\CATCOM~1\QUICKH~1\sensor.exe /loadrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKLM\..\Run: [systme] C:\WINDOWS\system32\vmiad.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunServices: [MSys32] "C:\Program Files\Morfit\Secret Mission ep1\morfitwebentrance.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sanjeev] C:\Documents and Settings\NG\Sanjeev.exe /i
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-6596855187-1177541684-196785037-3925\service.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\916653139.exe
O4 - HKCU\..\Run: [svc] C:\program Files\ThunMail\testabd.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\NG\reader_s.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: DriveGuard.lnk = C:\Program Files\WinDriveGuard\DriveGuard.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: cryptdiag.dll, cryptdiag.dll, ipcmd.dll, sysdiag.dll,,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: cqczbpeu - C:\WINDOWS\SYSTEM32\icvjunh.dll
O23 - Service: McAfee Alert Manager (AlertManager) - Unknown owner - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe (file missing)
O23 - Service: avast!antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\CATCOM~1\QUICKH~1\ONLNSVC.EXE (file missing)
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleServiceORACLE - Unknown owner - c:\oracle\ora92\bin\ORACLE.EXE (file missing)
O23 - Service: OracleServiceRaju - Unknown owner - c:\oracle\ora92\bin\ORACLE.EXE (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9529 bytes

descriptionMalware Doctor, Regedit and Task Manager Blocked EmptyRe: Malware Doctor, Regedit and Task Manager Blocked

more_horiz
Bad news for you.

You are dealing with a polymorphic file infecter known as Virut. Sad to say it's game over for this machine and my best advice would be format and reinstall, this is the fastest and especially the safest solution.

See here:
Dealing with Virut and other file infecters

I suggest you start to backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
Doing so may restore the infection because the above file types are infected with this virut.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum