antler3649
2010-01-19, 16:30
Hey, I'm really stumped by this virus/malware that I have. It sporadically opens up IE windows, normally to luxe-software. It also redirects my google searches, but if I click back 3 times, it will allow me to go to the original site. Additionally, it will not let me view a few different websites, most notably bleepingcomputer.com, which means I can't download combofix from their server. I've run Spybot, and it seems to pick up a number of malware problems and "fixes" the problems. Under my task manager, iexplore.exe is always open, even when there are no windows visible.
I know I'm not supposed to follow other peoples' instructions, but I've been clicking around this forum for a few days trying everything possible with the exception of combofix. I've tried eset's online scanner, Spybot, superantispyware, and mbam. Interestingly, I cannot run spybot or mbam without renaming the .exe to something different than the default.
Here's my HJT log, and thanks for any and all help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:07, on 1/19/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Profiler\LWEMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4439] command.com /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4605] cmd.exe /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2134] command.com /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9273] cmd.exe /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9538] command.com /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8430] cmd.exe /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3161] command.com /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5865] cmd.exe /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1345] command.com /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8991] cmd.exe /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5320] command.com /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8962] cmd.exe /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9505] command.com /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2624] cmd.exe /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9934] command.com /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9611] cmd.exe /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\9dd48d7f-c667-4241-aaf0-a90d5a055c53.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB402] command.com /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD229] cmd.exe /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4464] command.com /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7498] cmd.exe /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7704] command.com /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2307] cmd.exe /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9590] command.com /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5259] cmd.exe /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2828] command.com /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9813] cmd.exe /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4644] command.com /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD25] cmd.exe /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7256] command.com /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9736] cmd.exe /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1422] command.com /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD703] cmd.exe /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB402] command.com /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD2307] cmd.exe /c del "C:\Windows\System32\h8srtkrl32mainweq.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB9590] command.com /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD5259] cmd.exe /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB2828] command.com /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD9813] cmd.exe /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB4644] command.com /c del "C:\Windows\System32\h8srtshsyst.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD25] cmd.exe /c del "C:\Windows\System32\h8srtshsyst.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB7256] command.com /c del "C:\Windows\System32\H8SRTxrdunqervd.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD9736] cmd.exe /c del "C:\Windows\System32\H8SRTxrdunqervd.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB1422] command.com /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD703] cmd.exe /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat" (User '?')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12261 bytes
Also of note, gmer makes my computer freeze every time i try to run it. When i ctrl+alt+del and go to task manager, it just gives me a black screen. Earlier today it wouldn't let me access my personalized google page or these forums - it would crash firefox after it tried to load a map or one of my gadgets.
I feel helpless to this darn virus :(
I know I'm not supposed to follow other peoples' instructions, but I've been clicking around this forum for a few days trying everything possible with the exception of combofix. I've tried eset's online scanner, Spybot, superantispyware, and mbam. Interestingly, I cannot run spybot or mbam without renaming the .exe to something different than the default.
Here's my HJT log, and thanks for any and all help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:07, on 1/19/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Profiler\LWEMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0.:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4439] command.com /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4605] cmd.exe /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2134] command.com /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9273] cmd.exe /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9538] command.com /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8430] cmd.exe /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3161] command.com /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5865] cmd.exe /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1345] command.com /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8991] cmd.exe /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5320] command.com /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8962] cmd.exe /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9505] command.com /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2624] cmd.exe /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9934] command.com /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9611] cmd.exe /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\9dd48d7f-c667-4241-aaf0-a90d5a055c53.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB402] command.com /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD229] cmd.exe /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4464] command.com /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7498] cmd.exe /c del "C:\Windows\System32\H8SRTgrgoacfayx.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7704] command.com /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2307] cmd.exe /c del "C:\Windows\System32\h8srtkrl32mainweq.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9590] command.com /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5259] cmd.exe /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2828] command.com /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9813] cmd.exe /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4644] command.com /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD25] cmd.exe /c del "C:\Windows\System32\h8srtshsyst.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7256] command.com /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9736] cmd.exe /c del "C:\Windows\System32\H8SRTxrdunqervd.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1422] command.com /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD703] cmd.exe /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB402] command.com /c del "C:\Windows\System32\drivers\H8SRTvreljlnmjo.sys" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD2307] cmd.exe /c del "C:\Windows\System32\h8srtkrl32mainweq.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB9590] command.com /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD5259] cmd.exe /c del "C:\Windows\System32\H8SRTmmpbjwumdi.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB2828] command.com /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD9813] cmd.exe /c del "C:\Windows\System32\H8SRTrmgxnepxfu.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB4644] command.com /c del "C:\Windows\System32\h8srtshsyst.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD25] cmd.exe /c del "C:\Windows\System32\h8srtshsyst.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB7256] command.com /c del "C:\Windows\System32\H8SRTxrdunqervd.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD9736] cmd.exe /c del "C:\Windows\System32\H8SRTxrdunqervd.dll" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingB1422] command.com /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat" (User '?')
O4 - HKUS\S-1-5-21-2000478354-1957994488-725345543-1003\..\RunOnce: [SpybotDeletingD703] cmd.exe /c del "C:\Windows\System32\H8SRTxxixsjjdlm.dat" (User '?')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Icecast Media Server (Icecast) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12261 bytes
Also of note, gmer makes my computer freeze every time i try to run it. When i ctrl+alt+del and go to task manager, it just gives me a black screen. Earlier today it wouldn't let me access my personalized google page or these forums - it would crash firefox after it tried to load a map or one of my gadgets.
I feel helpless to this darn virus :(