Cyberanswers is now on youtube

Register a free account
ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Spyware / Virus Removal
Reload this Page Still have ssl32dr problem
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Spyware / Virus Removal Spyware, virus, browser hijack and other malware removal.

Reply
Page 1 of 3 1 23
 
Thread Tools Display Modes
  #1  
Old 03-01-2005, 07:48 PM
robinsonpr robinsonpr is offline
Junior Member
  
Join Date: Feb 2005
Posts: 25
Hi, I reported this problem over a week ago but have been away. The problem is with some program and registry entries called ssl32dr.exe. I did what you suggested last time but I still have the problem.

One thing though - I could not COMPLETELY empty my temp folders. In C:\windows\temp I could not delete:

Perflib_Perfdata_6c4.dat
WebPoolFileFile

It said they were being used by another process.

I also had a similar problem with several index.dat files under my %temp% folder.

Here is my latest log file. Note that adaware and spybot both report no problems.

Logfile of HijackThis v1.99.0
Scan saved at 00:46:23, on 02/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\ciclient.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winvnc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\System32\soundblaster.exe
C:\WINDOWS\System32\soundblaster.exe
C:\Documents and Settings\Paul Robinson\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - HKLM\..\Run: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunServices: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - HKCU\..\Run: [Micr Update] soundblaster.exe
O4 - HKCU\..\RunServices: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O17 - HKLM\System\CCS\Services\Tcpip\..\{2005B897-4390-4DC7-9250-C0CB5E2C79DA}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{2005B897-4390-4DC7-9250-C0CB5E2C79DA}: NameServer = 205.188.146.145
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVSync Manager - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: Indexing The System Files - Unknown - C:\WINDOWS\system32\ciclient.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server - Olivetti & Oracle Research Lab - C:\WINDOWS\system32\winvnc.exe
Reply With Quote
Sponsored Links

  #2  
Old 03-01-2005, 10:10 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
Lets start bt running an online scan at both of these locations please and be sure to have each set to remove anything it finds.

[Only Registered and Activated Users Can See Links. Click Here To Register...]


[Only Registered and Activated Users Can See Links. Click Here To Register...]
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
  #3  
Old 03-02-2005, 07:35 PM
robinsonpr robinsonpr is offline
Junior Member
  
Join Date: Feb 2005
Posts: 25
Oh dear..things seem to have gone from bad to worse [img]style_emoticons/<#EMO_DIR#>/sad.gif[/img]

Firstly, I booted up my PC and no start menu or desktop appeared, just a blank screen. I reset and the same thing happened. I pressed Ctrl/Shift/Esc and the task manager appeared. One process that I didn't recognize was mqsq132.exe. I killed it and my desktop and startbar appeared.

I've tried running the trend micro online scan but it won't run. It says it only works with English or Chinese internet explorer. My internet explorer IS english!

I'm trying to run the panda scan now but it keeps freezing. My McAfee scanner and AD-Aware says everything is fine :-(

Here's my latest hijack log:

Logfile of HijackThis v1.99.0
Scan saved at 23:16:07, on 02/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Documents and Settings\Paul Robinson\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.ex e /auto
O4 - HKLM\..\Run: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKLM\..\RunServices: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKLM\..\RunOnce: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKCU\..\Run: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKCU\..\RunServices: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKCU\..\RunOnce: [Microsoft MqQ1 Service] Mqsq132.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe


Save me?!
Reply With Quote
  #4  
Old 03-02-2005, 07:53 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
What you going to have to do now is reboot into "safe mode with networking"

as shown here [Only Registered and Activated Users Can See Links. Click Here To Register...]


Then try some online scans at trend and panda.
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
  #5  
Old 03-03-2005, 06:09 AM
robinsonpr robinsonpr is offline
Junior Member
  
Join Date: Feb 2005
Posts: 25
Oh no...I start in Safe Mode with Networking and AOL complains that it can't initialize the modem.

This is driving me crazy!
Reply With Quote
  #6  
Old 03-03-2005, 08:10 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
Download TDS-3 trojan scanner from [Only Registered and Activated Users Can See Links. Click Here To Register...]

Then you will need to manually update it so follow the instructions given here
[Only Registered and Activated Users Can See Links. Click Here To Register...]


Now reboot into safe mode:

Now open the program, pause until its finished its mini test then click system testing / full scan to perform a full scan

If anything is found,(shown in the lower window) right click and select delete to each when the scan completes itself.

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin


Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn off System restore on all Drives.


Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

Then reboot normally and rescan with hijack then post a fresh log.
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
  #7  
Old 03-04-2005, 03:04 AM
robinsonpr robinsonpr is offline
Junior Member
  
Join Date: Feb 2005
Posts: 25
Ok, I did that. TDS3 found the following:

Trojan Rootkit.h in c:\documents and settings\me\msdirectx.sys
Live trojan PRC in process ciclient.exe

I removed them with TDS3 and cleared all the temp stuff as you described. Then turned off sys restore and rebooted.

I logged back in (normal boot) and my desktop didn't appear. I ctrl/shift/esc to the taskmgr and killed mqsq132.exe and my desktop reappeared.

Here's the hijack log:

Logfile of HijackThis v1.99.0
Scan saved at 06:38:00, on 04/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winvnc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\SSL32Dr.exe
C:\WINDOWS\System32\Mqsq132.exe
C:\Program Files\Company\Quick Start Button\QSB.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\mrtMngr.EXE
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Documents and Settings\Paul Robinson\Desktop\HijackThis.exe

O1 - Hosts: 64.91.255.87 [Only Registered and Activated Users Can See Links. Click Here To Register...]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKLM\..\Run: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - HKLM\..\RunServices: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKLM\..\RunServices: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - HKLM\..\RunOnce: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKCU\..\Run: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKCU\..\Run: [QSB] C:\Program Files\Company\Quick Start Button\QSB.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - HKCU\..\Run: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - HKCU\..\RunServices: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - HKCU\..\RunServices: [Windows SSL Secondary Drivers] SSL32Dr.exe
O4 - HKCU\..\RunOnce: [Microsoft MqQ1 Service] Mqsq132.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - [Only Registered and Activated Users Can See Links. Click Here To Register...]
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVSync Manager - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: VNC Server - Olivetti & Oracle Research Lab - C:\WINDOWS\system32\winvnc.exe
Reply With Quote
  #8  
Old 03-04-2005, 07:22 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
You may in fact have the latest and most dangerous threat which is just beginning to cicculate for windows operating systems.


lets try this now

reeboot

Open hijack this

Click config / misc tools

Click "open process manager"

Put a tick in the box to "show dll's"

Then in the upper window look for SSL32Dr.exe

If present highlight it

Then in the lower window you will see a list of the dlls associated with it.

I will need a list of these please.
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
  #9  
Old 03-04-2005, 10:24 AM
robinsonpr robinsonpr is offline
Junior Member
  
Join Date: Feb 2005
Posts: 25
ssl32dr.exe is not in the list.

However, mqsq132.exe IS in the list. :excl: When I reboot this is the process I have to kill in order for my desktop to appear :excl:

Here are the associated dlls all in Windows/system32:

ntdll.dll
kernel32.dll
WS2_32.dll
msvcrt.dll
WS2HELP.dll
ADVAPI32.dll
RPCRT4.dll
user32.dll
GDI32.dll
wininet.dll
SHLWAPI.dll
CRYPT32.dll
MSASN1.dll
OLEAUT32.dll
OLE32.dll
Secur32.dll
shell32.dll
comctl32.dll
wsock32.dll
icmp.dll
iphlpapi.dll
netapi32.dll
dnsapi.dll
mpr.dll
odbc32.dll
comdlg32.dll
odbcint.dll
RASAPI32.dll
rasman.dll
TAPI32.dll
rtutils.dll
WINMM.dll
sensapi.dll
netapi32.dll
rtutils.dll
wsock32.dll
wininet.dll
CRYPT32.dll
MSASN1.dll
WINMM.dll
TAPI32.dll
RASAPI32.dll
rasman.dll
and also comctl32.dll in c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b<loads of numbers>
Reply With Quote
  #10  
Old 03-04-2005, 10:30 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,612
Send a message via MSN to Mobo
Those files are all legit

I want you to reboot
when the desktop time comes and doesnt show press ctrl / alt / del to get task manager.

Select file / new task
then explorer.exe


Dont ent task mqsq132.exe


If it appears in the list then do the process from above for mqsq132.exe
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
Reply
Page 1 of 3 1 23

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wierd Screen Saver Problem theamcguy Windows 2000 | Windows xp | Vista 35 12-11-2005 12:28 PM
task manager problem JeSter27 Windows 2000 | Windows xp | Vista 3 09-09-2005 09:39 PM
Interesting Problem I Have southernlady News & Announcements 3 08-18-2005 04:53 PM
Power Problem Melodi Hardware 5 04-28-2005 09:03 PM
AZESEARCH Problem ixeisafikseis Spyware / Virus Removal 1 03-22-2005 07:48 AM


All times are GMT -5. The time now is 03:57 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved