Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] qdrdrive

Started by Kyace , Dec 30 2007 08:55 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 Kyace

Kyace

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 30 December 2007 - 08:55 AM

Hello WhatTheTech,

Ive been having some serious problems with my computer. ive been getting this IMSORRYInternet Speed Monitor window in my internet explorer, my computer runs super slow and i cannot enable any of my anti virus stuff so i asked a friend to google the IMSORRY thing for me, because my internet explorer was not cooperating. he came across your site and guided me through your directions that you gave other poeple with the simillar problem. i was wondering if you guys could take a look at the log that was generated for me and give me your imputs on it.

I do appologize again for not reading through the forums carefully and posting a help request in the wrong area. I have been rather flustered ever sense my system was infected.

Thank you for your time,

Kyace

Running from: C:\Documents and Settings\Chad\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Chad\Application Data\MANTEC~1
C:\Documents and Settings\Chad\Application Data\MANTEC~1\??mantec\
C:\Documents and Settings\Chad\Application Data\MANTEC~1\winword.exe
C:\Documents and Settings\Chad\My Documents\SKS~1
C:\Documents and Settings\Chad\My Documents\SKS~1\l?rear.exe
C:\Documents and Settings\Chad\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Chad\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Chad\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\mrofinu11.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\nnnonlj.dll
C:\WINDOWS\system32\wnsinticom32.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-30 06:40 . 2007-12-30 06:40 336,384 --------- C:\WINDOWS\system32\ddcca.dll
2007-12-30 06:25 . 2007-12-30 06:25 339,968 --a------ C:\WINDOWS\system32\RCX13.tmp
2007-12-30 04:24 . 2007-12-30 04:24 339,968 --a------ C:\WINDOWS\system32\RCX1E.tmp
2007-12-30 03:50 . 2007-12-30 03:50 339,968 --a------ C:\WINDOWS\system32\RCX81.tmp
2007-12-30 03:42 . 2007-12-30 06:40 <DIR> d-------- C:\Program Files\Router
2007-12-30 03:39 . 2007-12-30 06:40 339,968 --a------ C:\WINDOWS\system32\ddcca.exe
2007-12-30 03:34 . 2007-12-30 03:36 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-30 03:29 . 2007-12-30 03:39 380,928 --a------ C:\WINDOWS\mrofinu11.exe.tmp
2007-12-25 22:13 . 2007-12-25 22:13 <DIR> d-------- C:\Program Files\Cinemaware Marquee
2007-12-25 12:28 . 2007-12-25 12:28 <DIR> d-------- C:\Documents and Settings\Chad\Application Data\InstallShield
2007-12-22 20:58 . 2007-12-22 20:58 <DIR> d-------- C:\Documents and Settings\Chad\Application Data\InterVideo
2007-12-12 19:58 . 2007-12-12 19:58 <DIR> d-------- C:\Documents and Settings\Chad\Application Data\WildTangent
2007-12-12 19:58 . 2007-12-12 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-12-12 19:57 . 2007-12-12 19:58 <DIR> d-------- C:\Program Files\Free Online Games.com
2007-12-12 19:21 . 2007-12-12 19:36 <DIR> d-------- C:\Program Files\Pocket Tanks Deluxe
2007-12-06 18:12 . 2007-12-06 18:12 <DIR> d-------- C:\Documents and Settings\Chad\Application Data\Template
2007-12-06 18:12 . 2007-12-06 18:39 110 --a------ C:\Documents and Settings\Chad\Application Data\wklnhst.dat
2007-12-03 18:36 . 2007-12-16 18:36 <DIR> d-------- C:\Documents and Settings\Chad\Application Data\ZoomBrowser EX
2007-12-03 18:31 . 2007-12-03 18:31 <DIR> d-------- C:\Documents and Settings\Chad\Application Data\Canon
2007-12-03 18:31 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-03 18:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-03 18:31 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-03 18:31 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-03 18:23 . 2007-12-16 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-12-03 18:22 . 2007-12-03 18:22 <DIR> d-------- C:\Program Files\Common Files\Canon
2007-12-03 18:22 . 2007-12-03 18:23 <DIR> d-------- C:\Program Files\Canon
2007-12-02 19:33 . 2007-12-02 19:33 <DIR> d-------- C:\Program Files\Activision
2007-12-02 00:45 . 2007-12-02 19:42 22,328 --a------ C:\Documents and Settings\Chad\Application Data\PnkBstrK.sys
2007-12-02 00:45 . 2007-12-02 19:42 319 --a------ C:\WINDOWS\game.ini
2007-12-02 00:34 . 2007-12-02 00:34 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-29 21:59 . 2007-12-30 06:40 <DIR> d-------- C:\Program Files\iTunes
2007-11-29 21:57 . 2007-12-30 06:40 <DIR> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 21:12 --------- d-----w C:\Program Files\World of Warcraft
2007-12-29 17:31 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-29 17:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 17:31 --------- d-----w C:\Documents and Settings\Chad\Application Data\Xfire
2007-12-29 17:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-25 03:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 03:28 --------- d-----w C:\Program Files\Lineage II
2007-12-20 06:06 --------- d-s---w C:\Program Files\Xfire
2007-12-12 18:10 337,301 ----a-w C:\Documents and Settings\Chad\Application Data\babupd.bin
2007-11-29 12:59 --------- d-----w C:\Program Files\iPod
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 08:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-13 21:06 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CFF14224-682F-4815-BB39-D0E71E2B08E1}]
2007-12-30 06:40 336384 --------- C:\WINDOWS\system32\ddcca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-12-30 06:37]
"Widp"="C:\DOCUME~1\Chad\APPLIC~1\MANTEC~1\winword.exe" []
"Gdlmrp"="C:\Documents and Settings\Chad\My Documents\??sks\l?rear.exe" []
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []
"Router"="C:\Program Files\Router\Router.exe" [2007-12-30 06:25]
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-30 06:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 06:37]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2007-12-30 06:40]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2007-12-30 06:37]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

C:\Documents and Settings\Chad\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-05 11:25:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\ddcca.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddcca

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock]
2005-04-12 11:27 694784 --a------ C:\Program Files\Computer Alarm Clock\cac.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 05:56 64512 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2005-06-17 23:56 139264 --a------ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-07-20 03:06 77824 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-07-20 03:10 114688 --a------ C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-07-20 03:09 94208 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
2007-12-30 06:37 669696 --a------ c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2007-12-30 06:40 576000 --a------ c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
2005-08-11 22:02 53248 --a------ C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
C:\Program Files\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-04-13 19:48 36975 --a------ C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 13:08 28672 --a------ C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
2005-08-10 12:49 163840 --a------ C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Widp]
C:\DOCUME~1\Chad\MYDOCU~1\SMANTE~1\wuaclt.exe -vt tzt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zolero Translator]
2006-02-11 16:28 41216 --a------ C:\Program Files\Zolero Translator\ZoleroTranslator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2007-03-15 09:03 24104 --a------ C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"VzFw"=2 (0x2)
"VzCdbSvc"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"Vcsw"=3 (0x3)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"SSScsiSV"=3 (0x3)
"Sony TVTA Manager"=2 (0x2)
"Sony TV Tuner Manager"=3 (0x3)
"Sony TV Tuner Controller"=3 (0x3)
"SonicStageMonitoring"=2 (0x2)
"ose"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"iPod Service"=3 (0x3)
"Image Converter video recording monitor for VAIO Entertainment"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"GameConsoleService"=3 (0x3)
"CCALib8"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB []
S3 3f8ab4ch;3f8ab4ch;C:\DOCUME~1\Chad\LOCALS~1\Temp\04FE7HK []
S3 ldiskl;ldiskl;C:\DOCUME~1\Chad\LOCALS~1\Temp\ldiskl.sys []
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB []
S4 GameConsoleService;GameConsoleService;"C:\Program Files\Free Online Games.com\FOG Console\GameConsoleService.exe" [2007-11-10 07:59]
S4 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-06 05:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e1ebce-2722-11da-a907-806d6172696f}]
\shell\AutoRun\command - M:\sony\Autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 03:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 06:41:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\ddcca.dll
.
Completion time: 2007-12-30 6:41:57 - machine was rebooted
.
2007-12-12 18:03:42 --- E O F ---

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 January 2008 - 08:11 AM

Hello and welcome to the forum.

Sorry about the delay in responding :(

I suppose you didn't read this either?
http://forums.whatth...ING_t86364.html

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 January 2008 - 08:25 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·