Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo pest

Started by kinneyro5 , Jun 10 2007 12:23 PM

  • Please log in to reply

#1
kinneyro5
Posted 10 June 2007 - 12:23 PM

kinneyro5

    New Member

  • Member
  • Pip
  • 1 posts
I read the thread and followed the instructions already posted on this site about dealing with Outerinfo. I will say that the computer is running much better now, but I still am receiving a popup sometimes at startup for some removal tool for spyware, so I think something is still there. Here are the logs created by Hijack This and Combofix. I would really appreciate someone taking a look at them to see if I am clean or where the problems still exist.

My HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:39:37 AM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\All Users\Application Data\twbutobw.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gastonia-grizzlies.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {92794337-DDFE-885D-D97C-FDADDBE77090} - C:\WINDOWS\system32\qkhhjtjo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [twbutobw.exe] C:\Documents and Settings\All Users\Application Data\twbutobw.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Hts] C:\WINDOWS\system32\?ymbols\n?lookup.exe
O4 - HKCU\..\Run: [Clkscdv] "C:\Program Files\F?nts\?hkntfs.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab53083.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/...rp.cab53083.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab53083.cab
O16 - DPF: {447A07F8-1CC5-44FF-BE2D-854BCBB0D20C} (TestWWAX Control) - http://www.ordea.com...x46/aiiwwax.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab53083.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab53083.cab
O20 - Winlogon Notify: 0Øè - 0Øè (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


I'm not sure whether I am suppossed to post the log titled "Combofix" or the one labled "Combofix-quarantined-files" so I am just going to post both.

Here is my "Combofix" log:[/b]


ComboFix 07-06-09.5 - C:\Documents and Settings\User\Desktop\salvation\ComboFix.exe
"User" - 2007-06-10 2:13:18 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\agbgvaof.dll
C:\WINDOWS\system32\fheldjye.dll
C:\WINDOWS\system32\ohsqborm.dll
C:\WINDOWS\system32\gebaxyv.dll
C:\WINDOWS\system32\jkkhfda.dll
C:\WINDOWS\system32\wvurrpo.dll
C:\WINDOWS\system32\winemx32.dll
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\mrobqsho.ini
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\khfdbyx.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\User\Desktop\internet.lnk
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\fnts~1
C:\Program Files\fnts~1\?hkntfs.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\retadpu2000352.exe
C:\WINDOWS\smgr.exe
C:\WINDOWS\system32\instcat.dll
C:\WINDOWS\system32\mit.bat
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\wr.txt


((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))


2007-06-10 02:23 11,776 --a------ C:\WINDOWS\smgr.exe
2007-06-10 02:08 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-09 11:19 28,160 --a------ C:\WINDOWS\system32\winsys64.exe
2007-06-09 11:10 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\twbutobw.exe
2007-06-09 11:09 93,696 --a------ C:\WINDOWS\system32\drvwal.dll
2007-06-08 16:40 60,928 --a------ C:\WINDOWS\system32\qkhhjtjo.dll
2007-06-08 15:48 2,580 --a------ C:\WINDOWS\system32\shoalinw.exe
2007-06-08 10:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-08 10:05 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-08 10:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-08 10:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-07 14:38 2,580 --a------ C:\WINDOWS\system32\wqfdyiem.exe
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-30 09:51 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 14:50:15 -------- d-----w C:\Program Files\Viewpoint
2007-05-31 19:19:20 -------- d-----w C:\Program Files\Google
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 19:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-01-06 12:52]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22]
{92794337-DDFE-885D-D97C-FDADDBE77090}=C:\WINDOWS\system32\qkhhjtjo.dll [2007-05-21 09:59]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-31 12:37]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-05-31 12:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"twbutobw.exe"="C:\Documents and Settings\All Users\Application Data\twbutobw.exe" [2007-06-09 11:10]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-08-09 15:41]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 12:00]
"Hts"="C:\WINDOWS\system32\?ymbols\n?lookup.exe" []
"Clkscdv"="C:\Program Files\F?nts\?hkntfs.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\0Øè]
0Øè

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a0c708a-0fad-11dc-95e6-0010b5bf164d}]
AutoRun\command- F:\LaunchU3.exe -a


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-10 02:32:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-10 2:36:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-10 02:35

--- E O F ---

Here is my "Combofix-quarantined-files" log:

2006-07-26 16:28	  104	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\User\Desktop\Internet.lnk.vir
2007-05-01 11:35	  146432	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir
2007-05-21 10:00	  228864	--a------	C:\Qoobox\Quarantine\C\Program Files\FNTS~1\?hkntfs.exe.vir
2007-06-07 14:25	  19456	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\winemx32.dll.vir
2007-06-07 14:25	  40960	--a------	C:\Qoobox\Quarantine\C\WINDOWS\retadpu2000352.exe.vir
2007-06-07 14:26	  33302	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\khfdbyx.dll.vir
2007-06-07 14:27	  33302	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\gebaxyv.dll.vir
2007-06-07 14:28	  60928	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\instcat.dll.vir
2007-06-07 14:34	  1808551	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkkj.bak1.vir
2007-06-07 14:34	  263220	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkji.dll.vir
2007-06-07 14:38	  131124	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ohsqborm.dll.vir
2007-06-07 14:40	  58420	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\agbgvaof.dll.vir
2007-06-09 11:09	  33302	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\wvurrpo.dll.vir
2007-06-09 11:10	  40183	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1162OinUninstaller.exe.vir
2007-06-09 11:10	  40960	--a------	C:\Qoobox\Quarantine\C\WINDOWS\retadpu1000272.exe.vir
2007-06-09 12:35	  11776	--a------	C:\Qoobox\Quarantine\C\WINDOWS\smgr.exe.vir
2007-06-09 13:11	  103	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\mit.bat.vir
2007-06-09 13:11	  33302	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkhfda.dll.vir
2007-06-09 15:45	  1828590	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkkj.bak2.vir
2007-06-09 17:00	  76412	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\fheldjye.dll.vir
2007-06-10 02:02	  122	--a------	C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-06-10 02:11	  971475	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\mrobqsho.ini.vir
2007-06-10 02:22	  1839545	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\ijkkj.ini.vir
2007-06-10 02:24	  104	--a------	C:\Qoobox\Quarantine\catchme.log


Folder PATH listing
Volume serial number is 88A0-0871
C:\QOOBOX
\---Quarantine
	|   catchme.log
	|   
	+---C
	|   +---DOCUME~1
	|   |   \---User
	|   |	   \---Desktop
	|   |			   Internet.lnk.vir
	|   |			   
	|   +---Program Files
	|   |   +---Common Files
	|   |   |	   Yazzle1162OinAdmin.exe.vir
	|   |   |	   Yazzle1162OinUninstaller.exe.vir
	|   |   |	   
	|   |   \---FNTS~1
	|   |		   ?hkntfs.exe.vir
	|   |		   
	|   \---WINDOWS
	|	   |   retadpu1000272.exe.vir
	|	   |   retadpu2000352.exe.vir
	|	   |   smgr.exe.vir
	|	   |   wr.txt.vir
	|	   |   
	|	   \---system32
	|			   agbgvaof.dll.vir
	|			   fheldjye.dll.vir
	|			   gebaxyv.dll.vir
	|			   ijkkj.bak1.vir
	|			   ijkkj.bak2.vir
	|			   ijkkj.ini.vir
	|			   instcat.dll.vir
	|			   jkkhfda.dll.vir
	|			   jkkji.dll.vir
	|			   khfdbyx.dll.vir
	|			   mit.bat.vir
	|			   mrobqsho.ini.vir
	|			   ohsqborm.dll.vir
	|			   winemx32.dll.vir
	|			   wvurrpo.dll.vir
	|			   
	\---Registry_backups


[b]For some reason when I ran the "AVG-Antispyware" program, I selected it to make a report every time and even if there were no threats found. However, when I ran the scan, it found 76 items but never made a report so that I could save it to post to this. I ran it again and it found maybe 8 threats and still did not publish a report. So I have no log for the "AVG-Antispyware" program.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP