Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

qdrmodule and popups


  • This topic is locked This topic is locked
1 reply to this topic

#1 gingicat

gingicat

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 08 December 2007 - 04:23 PM

Hi, this is my first time here and I would appreciate help with removing some bad stuff from my computer. I ran Hijack and here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 5:28:22 PM, on 12/8/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\{10BCF6EB-057B-1033-0313-020109200001}\Update.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QdrPack\QdrPack10.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\_svchost.exe
C:\WINDOWS\System32\update275.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {12AF386B-277C-48C2-BA22-41BE4ADDB7EB} - (no file)
O2 - BHO: (no name) - {37402602-1dd2-11b2-a6a8-91bc21b66cd7} - (no file)
O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll
O2 - BHO: (no name) - {B637F0D3-9AE3-45CA-8838-98922EA2018E} - (no file)
O2 - BHO: compact - {CC677D67-4900-435B-9E88-3B9BFF0FF498} - C:\WINDOWS\System32\compact.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [QdrPack10] "C:\Program Files\QdrPack\QdrPack10.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {33331111-1131-1111-1111-611111193428} -
O16 - DPF: {43331111-1111-1111-1111-611111195622} -
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34795A5F-4205-4832-8710-A0932BF41B99}: NameServer = 85.255.113.140,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C19DF3B-CB4C-4CBD-A31E-7E130A933429}: NameServer = 85.255.113.140,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{A07A98F3-89E3-4771-83C0-DB1B01452234}: NameServer = 85.255.113.140,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5ED7249-3E84-4397-93FD-118E198F00D5}: NameServer = 85.255.113.140 85.255.112.93
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.140 85.255.112.93
O17 - HKLM\System\CS2\Services\Tcpip\..\{34795A5F-4205-4832-8710-A0932BF41B99}: NameServer = 85.255.113.140,85.255.112.93
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.140 85.255.112.93
O17 - HKLM\System\CS3\Services\Tcpip\..\{34795A5F-4205-4832-8710-A0932BF41B99}: NameServer = 85.255.113.140,85.255.112.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.140 85.255.112.93
O20 - Winlogon Notify: arm32reg - C:\WINDOWS\
O20 - Winlogon Notify: rege2usb - rege2usb.dll (file missing)
O20 - Winlogon Notify: wvutrsp - wvutrsp.dll (file missing)
O20 - Winlogon Notify: __c007F6C9 - C:\WINDOWS\
O21 - SSODL: E404Helper - {34c1d8fc-5043-451b-ab33-e42bc4af2e40} - e404d.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


I look forward to receiving your answer as soon as possible as I need this computer for work and all the popups have made it quite challenging!

Thanks,
gingicat

Edited by gingicat, 08 December 2007 - 05:29 PM.

    Advertisements

Register to Remove


#2 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 16 December 2007 - 03:21 PM

Resolved here:
http://www.geekstogo...ps-t179424.html

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users