PDA

View Full Version : Windows system32 ssqpn.exe



jordan9524
2008-01-19, 05:15
Hello Everyone! I keep getting this message when i start up my computer and now I can't even access the internet (I'm on a different computer at the moment) so where do I go from here?

What do I need to run first so you guys can help me find my problem?

Thanks in Advance!

jordan9524
2008-01-19, 05:53
Here is my log after running combo Fix:

ComboFix 08-01-18.5 - Chad Killian 2008-01-18 22:31:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.672 [GMT -5:00]
Running from: C:\Documents and Settings\Chad Killian\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 3693 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drvpicr.dll
C:\WINDOWS\system32\jvbwjhjh.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnkhih.dll
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\qomjigg.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ywsktvmv.dll
C:\WINDOWS\system32\ywsktvmv.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-18 22:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 21:52 . 2008-01-18 21:52 3,584 --a------ C:\WINDOWS\system32\ssqpn.exe
2008-01-17 19:48 . 2008-01-17 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-01-17 18:10 . 2008-01-17 18:10 103,424 --a------ C:\WINDOWS\system32\drvpic.dll
2008-01-17 17:53 . 2008-01-17 17:53 <DIR> d-------- C:\Program Files\Bonjour
2008-01-17 17:42 . 2008-01-17 17:42 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-17 17:36 . 2008-01-17 17:36 <DIR> d-------- C:\Program Files\MagicISO
2008-01-17 15:56 . 2008-01-17 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-17 15:56 . 2008-01-17 15:56 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 16:15 . 2007-12-31 16:15 <DIR> d-------- C:\WINDOWS\Globalization
2007-12-31 16:14 . 2008-01-17 19:49 <DIR> d-------- C:\Program Files\Sony
2007-12-31 15:53 . 2007-12-31 15:53 <DIR> d-------- C:\Program Files\Smart Projects
2007-12-31 15:00 . 2007-12-31 15:00 <DIR> d-------- C:\Program Files\Sony Setup
2007-12-30 05:26 . 2007-12-31 22:00 <DIR> d-------- C:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2007-12-30 05:26 . 2007-12-30 05:28 12,241 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-30 05:25 . 2008-01-17 19:42 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 964
2007-12-29 05:23 . 2007-12-29 05:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-29 05:23 . 2008-01-18 18:28 <DIR> d-------- C:\Documents and Settings\Chad Killian\Application Data\AVG7
2007-12-29 05:23 . 2007-12-29 05:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-29 05:20 . 2007-12-29 06:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-29 05:00 . 2007-12-29 05:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-29 04:50 . 2007-12-29 04:50 <DIR> d-------- C:\Program Files\jv16 PowerTools 2007
2007-12-28 21:17 . 2007-12-28 21:17 <DIR> d-------- C:\Program Files\PQDVD
2007-12-28 20:10 . 2007-12-28 21:21 <DIR> d-------- C:\Program Files\HistoryKill
2007-12-28 20:10 . 2007-12-28 21:21 <DIR> d-------- C:\Program Files\BestPopUpKiller
2007-12-28 20:10 . 2007-12-28 20:10 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-28 17:58 . 2007-12-28 17:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 18:20 . 2008-01-18 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-27 18:18 . 2007-12-27 18:18 <DIR> d-------- C:\Program Files\Macromedia
2007-12-27 18:18 . 2007-12-27 18:18 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2007-12-25 06:16 . 2007-12-27 18:27 32 --a------ C:\WINDOWS\go
2007-12-25 06:11 . 2007-12-25 06:11 <DIR> d-------- C:\Program Files\XeroBank
2007-12-25 06:11 . 2007-12-25 06:11 <DIR> d-------- C:\Program Files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 00:53 --------- d-----w C:\Program Files\QuickTime
2008-01-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-18 18:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-18 00:55 --------- d-----w C:\Documents and Settings\Chad Killian\Application Data\LimeWire
2008-01-18 00:51 --------- d-----w C:\Program Files\BearFlix
2008-01-18 00:50 --------- d-----w C:\Program Files\Google
2008-01-18 00:48 --------- d-----w C:\Program Files\Yahoo!
2008-01-17 23:02 --------- d-----w C:\Documents and Settings\Chad Killian\Application Data\uTorrent
2008-01-17 19:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-17 19:06 --------- d-----w C:\Program Files\Participatory Culture Foundation
2008-01-16 01:24 --------- d-----w C:\Program Files\Dl_cats
2007-12-30 10:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 22:59 --------- d-----w C:\Program Files\BAE
2007-12-16 23:31 --------- d-----w C:\Documents and Settings\Chad Killian\Application Data\Fisher-Price
2007-12-16 23:30 --------- d-----w C:\Program Files\Fisher-Price
2007-12-16 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fisher-Price
2007-12-16 15:29 --------- d-----w C:\Program Files\uTorrent
2007-12-15 10:42 --------- d-----w C:\Program Files\Microsoft Games
2007-12-15 10:12 --------- d-----w C:\Program Files\DivX
2007-12-14 01:29 --------- d-----w C:\Documents and Settings\Chad Killian\Application Data\Participatory Culture Foundation
2007-12-14 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
2007-12-11 22:34 43,528 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-10 19:03 --------- d-----w C:\Program Files\PartyGaming
2007-07-19 22:41 46,208 ----a-w C:\Documents and Settings\Chad Killian\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MemoryCardManager"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winafq32]
winafq32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-02-09 17:34 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp]
--a------ 2007-07-24 12:20 197888 C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 02:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
--a------ 2006-09-18 12:46 8192 C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7FDA5DA0-0C92-E780-F273-B9207984D491}]
C:\WINDOWS\system32:svchost.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 13:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 22:43:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 22:46:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-19 03:46:30
.
2007-12-12 17:51:02 --- E O F ---

jordan9524
2008-01-19, 05:54
This is my Hijact log after Combo:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:48 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O20 - Winlogon Notify: winafq32 - winafq32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 1810 bytes

jordan9524
2008-01-19, 05:55
Now What? Anything?

jordan9524
2008-01-19, 15:23
Can i get some help please? It would be greatly appreciated.