Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
4 Pages V   1 2 3 > »   
 Closed TopicStart new topic
Combofix and HJT logs! Issue:Outerinfo/Purityscan [CLOSED] [RESOL
Jack Of Nines
post Dec 21 2007, 05:29 PM
Post #1


Member
**
Posts: 26
OS: Windows XP
I've been trying to get rid of Outerinfo for awhile. Please help!!!!

Here is my combofix log:

ComboFix 07-12-21.4 - 2007-12-21 14:02:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1606 [GMT -7:00]
Running from: C:\Documents and Settings\Jacob\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jacob\Application Data\DOBE~1
C:\Documents and Settings\Jacob\Application Data\ICROSO~1
C:\Documents and Settings\Jacob\Application Data\ICROSO~1\m?dtc.exe
C:\Documents and Settings\Jacob\Application Data\SCURIT~1
C:\Documents and Settings\Jacob\Application Data\WNSXS~1
C:\Documents and Settings\Jacob\My Documents\CROSOF~1.NET
C:\Documents and Settings\Jacob\My Documents\YSTEM~1
C:\Program Files\Common Files\appatc~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\racle~1\chkntfs.exe
C:\Program Files\Common Files\ymante~1
C:\Program Files\icroso~1
C:\Program Files\mcroso~1.net
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\wnsxs~1
C:\Program Files\wnsxs~1\t?skmgr.exe
C:\WINDOWS\ecurit~1
C:\WINDOWS\fnts~1
C:\WINDOWS\mantec~1
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\fnts~1\F?nts\
C:\WINDOWS\system32\fnts~1\fast.exe
C:\WINDOWS\system32\taalrbn.dll
C:\WINDOWS\system32\wnsapiicom.exe
C:\WINDOWS\system32\wnsapisv.exe
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\system32\zxlh.dll
C:\WINDOWS\wnsxs~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-20 17:15 . 2007-12-20 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-20 14:56 . 2007-12-20 16:53 <DIR> d-------- C:\Program Files\D-Tools
2007-12-20 14:56 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-20 14:56 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-20 14:49 . 2007-12-20 14:49 <DIR> d-------- C:\Program Files\LucasArts
2007-12-20 01:51 . 2007-12-20 01:51 <DIR> d-------- C:\Program Files\DNA
2007-12-20 01:51 . 2007-12-20 01:51 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-20 01:51 . 2007-12-20 12:22 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\DNA
2007-12-15 23:34 . 2007-12-15 23:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-15 22:00 . 2007-12-06 00:37 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_RON.ico
2007-12-14 22:51 . 2007-12-14 22:56 <DIR> d-------- C:\Documents and Settings\Jacob\.housecall6.6
2007-12-14 22:51 . 2007-12-14 22:51 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-12-14 22:50 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-14 22:49 . 2007-12-14 22:49 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-13 10:22 . 2007-12-13 10:22 <DIR> d-------- C:\Microsoft
2007-12-13 10:22 . 2007-12-13 10:22 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\Microsoft Games
2007-12-12 22:21 . 2007-12-12 22:21 <DIR> d-------- C:\Program Files\DIFX
2007-12-12 22:21 . 2006-07-01 22:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-12-12 22:20 . 2007-12-12 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-12-12 22:15 . 2007-12-12 22:15 <DIR> d-------- C:\Program Files\ATI
2007-12-12 22:05 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-12 22:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-12 22:05 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-12 22:05 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-12 21:45 . 2007-11-01 21:57 9,314,304 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-12-12 21:45 . 2007-11-01 20:24 376,832 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-12-12 21:45 . 2007-11-01 21:10 364,544 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-12 21:45 . 2007-11-01 21:24 176,128 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-12-12 21:45 . 2007-09-08 19:37 47,360 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-12-12 21:45 . 2007-05-30 09:43 2,096 --a------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-12-12 13:10 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-12-12 13:10 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-12 13:10 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-12 13:10 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-12 13:10 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-12-12 13:10 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-27 20:43 . 2007-11-27 20:43 <DIR> d-------- C:\Program Files\Guild Wars
2007-11-24 15:59 . 2007-11-24 15:59 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-22 09:49 . 2007-12-20 12:21 <DIR> d-------- C:\Documents and Settings\Jacob\Application Data\BitTorrent
2007-11-21 22:05 . 2007-11-22 08:41 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-21 22:02 . 2007-11-21 22:02 2,238 --a------ C:\WINDOWS\system32\GClogo_32x32.ico
2007-11-21 16:14 . 2007-12-17 23:03 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 21:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 05:50 --------- d-----w C:\Program Files\Java
2007-12-13 05:14 --------- d-----w C:\Program Files\ATI Technologies
2007-12-12 19:23 --------- d-----w C:\Program Files\Microsoft Games
2007-11-24 23:53 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Viewpoint
2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-24 23:52 --------- d-----w C:\Program Files\Viewpoint
2007-11-22 04:47 --------- d-----w C:\Program Files\AIM6
2007-11-22 04:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-18 06:49 --------- d-----w C:\Program Files\Ubisoft
2007-11-11 02:15 --------- d-----w C:\Program Files\Activision
2007-11-04 04:18 --------- d-----w C:\Program Files\SEGA
2007-11-04 02:07 --------- d-----w C:\Program Files\MSN Messenger
2007-11-04 01:59 --------- d-----w C:\Program Files\Common Files\LogiShared
2007-11-04 01:59 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Logitech
2007-11-04 01:59 --------- d-----w C:\Documents and Settings\Jacob\Application Data\Leadertech
2007-11-04 01:58 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-11-04 01:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-11-04 01:58 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-11-04 01:57 --------- d-----w C:\Program Files\Logitech
2007-11-04 01:57 --------- d-----w C:\Program Files\Common Files\Logitech
2007-11-04 01:57 --------- d-----w C:\Documents and Settings\Jacob\Application Data\InstallShield
2007-11-04 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-11-04 01:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-11-02 05:52 2,644,480 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-02 03:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2006-05-04 08:25 199,396 ----a-w C:\Documents and Settings\Jacob\Application Data\FNTCACHE.BIN
2005-12-19 03:33 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-09-07 00:39 280,064 ----a-w C:\Documents and Settings\Jacob\Application Data\tizhook.bin
2005-09-07 00:39 138,402 ----a-w C:\Documents and Settings\Jacob\Application Data\tizupd.bin
2006-01-17 16:09 405,504 --sh--r C:\WINDOWS\system32\?ttrib.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4390409A-A222-83D8-01E3-F34A468EFB97}]
2006-01-17 09:08 139264 --a------ C:\WINDOWS\system32\lnaoxx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4690409C-A254-F2A2-01E3-814A3CFEFB9C}]
2006-01-17 09:08 139264 --a------ C:\WINDOWS\system32\lnaoxx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722E67B8-D55E-A9F2-2885-D5F8FE90CFC1}]
C:\WINDOWS\system32\toojw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{772E67BE-D528-D888-2885-A7F884E0CFCA}]
C:\WINDOWS\system32\toojw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{985D4E9B-FD56-ADF1-5152-8F3AF8772693}]
C:\WINDOWS\system32\bez.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B28A8F49-3AD1-3B7A-8B5A-4AE678F20BC3}]
C:\WINDOWS\system32\mvblbhmh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6D8DB42-69D4-3E2F-8B5A-4AE678F50F94}]
C:\WINDOWS\system32\tandq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 09:47]
"ATI Launchpad"="" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-12-01 15:28]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-08-26 23:51]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"Ftvc"="C:\WINDOWS\system32\?ttrib.exe" [2004-08-04 05:00]
"Aeen"="C:\WINDOWS\system32\FNTS~1\fast.exe" []
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-11-30 00:09]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 21:05]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-14 21:16]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-30 18:13]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"Microsoft Domain Controller"="C:\WINDOWS\system32\mstc.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]
"CatalystRegistration"="C:\Program Files\ATI\CatalystRegistration\dolce.exe" [2007-07-27 12:04]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]

C:\Documents and Settings\Jacob\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2006-01-19 20:09:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-03 18:57:32]
Q Manager.lnk - C:\Program Files\US Biometrics Corp\The Q\qmanager.exe [2005-11-21 22:12:48]
Smart Wizard Wireless Settings.lnk - C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2005-08-27 21:47:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PassQLogon]
Passqlogon.dll 2005-11-21 22:13 503808 C:\WINDOWS\system32\passqlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 22:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 09:22]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 03:22]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 efipsk;efipsk;C:\DOCUME~1\Jacob\LOCALS~1\Temp\efipsk.sys []
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 19:45]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-19 22:45:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-14 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Jacob.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 14:17:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\usbgina.dll
-> C:\WINDOWS\system32\Passqlogon.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\GlobalHook.dll
.
Completion time: 2007-12-21 14:19:08 - machine was rebooted











Ok and here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:27, on 2007-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\?ttrib.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\US Biometrics Corp\The Q\qmanager.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\US Biometrics Corp\The Q\ScriptQ.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/Mothership?Comp=A...D33333432363541
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/mothership.aspx
R3 - URLSearchHook: (no name) - {4690409C-A254-F2A2-01E3-814A3CFEFB9C} - C:\WINDOWS\system32\lnaoxx.dll
R3 - URLSearchHook: (no name) - {4390409A-A222-83D8-01E3-F34A468EFB97} - C:\WINDOWS\system32\lnaoxx.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4390409A-A222-83D8-01E3-F34A468EFB97} - C:\WINDOWS\system32\lnaoxx.dll
O2 - BHO: (no name) - {4690409C-A254-F2A2-01E3-814A3CFEFB9C} - C:\WINDOWS\system32\lnaoxx.dll
O2 - BHO: (no name) - {722E67B8-D55E-A9F2-2885-D5F8FE90CFC1} - C:\WINDOWS\system32\toojw.dll (file missing)
O2 - BHO: IEHlprObj Class - {73D56F24-4B0A-4027-868C-E2EDDCD31CFC} - C:\Program Files\US Biometrics Corp\The Q\WebQ.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {772E67BE-D528-D888-2885-A7F884E0CFCA} - C:\WINDOWS\system32\toojw.dll (file missing)
O2 - BHO: (no name) - {985D4E9B-FD56-ADF1-5152-8F3AF8772693} - C:\WINDOWS\system32\bez.dll (file missing)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {B28A8F49-3AD1-3B7A-8B5A-4AE678F20BC3} - C:\WINDOWS\system32\mvblbhmh.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E6D8DB42-69D4-3E2F-8B5A-4AE678F50F94} - C:\WINDOWS\system32\tandq.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files\ATI\CatalystRegistration\dolce.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ftvc] C:\WINDOWS\system32\?ttrib.exe
O4 - HKCU\..\Run: [Aeen] "C:\WINDOWS\system32\FNTS~1\fast.exe" -vt ndrv
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Q Manager.lnk = C:\Program Files\US Biometrics Corp\The Q\qmanager.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: PassQLogon - C:\WINDOWS\SYSTEM32\Passqlogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 10555 bytes
Go to the top of the page
 
+Quote Post
sarahw
post Dec 22 2007, 05:15 AM
Post #2


Malware Staff
Group Icon
Posts: 2,618
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. smile.gif
Go to the top of the page
 
+Quote Post
sarahw
post Dec 22 2007, 05:24 AM
Post #3


Malware Staff
Group Icon
Posts: 2,618
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
Hi,


1.
First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.


2.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Do not Run it yet, we will use it later. Save it somewhere you will remember, like your desktop.


3.
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

QUOTE
File::
C:\WINDOWS\SYSTEM32\Passqlogon.dll
C:\WINDOWS\system32\lnaoxx.dll
C:\WINDOWS\system32\toojw.dll
C:\WINDOWS\system32\bez.dll
C:\WINDOWS\system32\mvblbhmh.dll
C:\WINDOWS\system32\tandq.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4390409A-A222-83D8-01E3-F34A468EFB97}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4690409C-A254-F2A2-01E3-814A3CFEFB9C}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{722E67B8-D55E-A9F2-2885-D5F8FE90CFC1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{772E67BE-D528-D888-2885-A7F884E0CFCA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{985D4E9B-FD56-ADF1-5152-8F3AF8772693}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B28A8F49-3AD1-3B7A-8B5A-4AE678F20BC3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6D8DB42-69D4-3E2F-8B5A-4AE678F50F94}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PassQLogon]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




4.
Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.


5. - In Safe mode
Please open ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


6. - In Safe mode
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  1. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  7. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


7.
Post the following reports/logs into your next reply:
  • Combofix.txt
  • The AVG Anti-Spyware report scan
  • A new HijackThis log.




smile.gif

This post has been edited by sarahw: Dec 22 2007, 09:20 PM
Go to the top of the page
 
+Quote Post
Jack Of Nines
post Dec 22 2007, 02:54 PM
Post #4


Member
**
Posts: 26
OS: Windows XP
Thanks!

Ok I downloaded all the programs I'm going to need and made a hard copy of your instructions for me. I had a question though, so you want me to post up the new combofix and HJT this logs THEN reboot into safemode or wait until you can look over the logs to reboot into safemode?
Go to the top of the page
 
+Quote Post
sarahw
post Dec 22 2007, 05:13 PM
Post #5


Malware Staff
Group Icon
Posts: 2,618
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
Sorry that I didn't make the instructions very clear.
Write down, or save to a convenient location all of your logs and post them all at the same time when you are finnished scanning.
I'll change the above instructions a bit for you. smile.gif
Go to the top of the page
 
+Quote Post
Jack Of Nines
post Dec 22 2007, 09:02 PM
Post #6


Member
**
Posts: 26
OS: Windows XP
One more question just to be sure:do I run AVG in safemode or regular windows?
Go to the top of the page
 
+Quote Post
sarahw
post Dec 22 2007, 09:20 PM
Post #7


Malware Staff
Group Icon
Posts: 2,618
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
In safe mode. Stay in Safe mode untill you are ready to post the logs in the last step.
I updated the instructrions again.

smile.gif

This post has been edited by sarahw: Dec 22 2007, 09:21 PM
Go to the top of the page
 
+Quote Post
Jack Of Nines
post Dec 23 2007, 12:47 AM
Post #8


Member
**
Posts: 26
OS: Windows XP
I'll have the logs up in the morning!
Go to the top of the page
 
+Quote Post
sarahw
post Dec 23 2007, 01:08 AM
Post #9


Malware Staff
Group Icon
Posts: 2,618
From: The center of the earth
OS: Vista, Xp, 98, 3.1, Dos 5.1
ok

smile.gif
Go to the top of the page
 
+Quote Post
Jack Of Nines
post Dec 23 2007, 01:41 AM
Post #10


Member
**
Posts: 26
OS: Windows XP
Alright got my logs a little early. For some reason AVG wouldn't let me save the log after the scan though it did quarantine a lot of purityscan(outerinfo)files for me...I dunno.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:33 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe