Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This Log Help (Noob)


  • Please log in to reply

#1
VivaHST

VivaHST

    New Member

  • Member
  • Pip
  • 1 posts
My girlfriend and I have been having problems with our computer for a few days now. I don't know where the malware came from. Pop-ups kept opening new tabs in Firefox even on sites that don't have pop-up ads. Sometimes the icons on the desktop and the task bar would disappear and the Windows start button would fail to respond. I followed steps from geekstogo.com on how to remove Outerinfo and then I ran Combofix. Please help. Here is the log:



ComboFix 08-02.05.3 - Rich 2001-08-16 1:50:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.379 [GMT -5:00]
Running from: C:\Documents and Settings\Rich\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\oppmn.dll
C:\WINDOWS\system32\vtuutsp.dll
C:\Documents and Settings\Lindsay\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Lindsay\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Lindsay\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Rich\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Rich\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Rich\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\FunWebProducts
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive10.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\WINDOWS\system32\bcqrcmiy.dll
C:\WINDOWS\system32\bktqrirk.dll
C:\WINDOWS\system32\bobrhvae.dll
C:\WINDOWS\system32\borjosss.dll
C:\WINDOWS\system32\cytdsxao.dll
C:\WINDOWS\system32\dihgxepb.ini
C:\WINDOWS\system32\ejgmjfmj.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fdwrbpux.ini
C:\WINDOWS\system32\knkwjgmx.ini
C:\WINDOWS\system32\ngajprys.ini
C:\WINDOWS\system32\nmppo.ini
C:\WINDOWS\system32\nmppo.ini2
C:\WINDOWS\system32\nplhppqj.dll
C:\WINDOWS\system32\oppmn.dll
C:\WINDOWS\system32\qnuoybid.dll
C:\WINDOWS\system32\qxxcghsv.ini
C:\WINDOWS\system32\rdfvcfkw.dll
C:\WINDOWS\system32\sdajuvqj.dll
C:\WINDOWS\system32\vsicmpnu.ini
C:\WINDOWS\system32\vtuutsp.dll
C:\WINDOWS\system32\vvkowdti.ini
C:\WINDOWS\system32\vwbynsno.dll
C:\WINDOWS\system32\vyrprlkh.ini
C:\WINDOWS\system32\wjykvfju.dll
C:\WINDOWS\system32\wpsitjxg.dll
C:\WINDOWS\system32\wxiwfdws.ini
C:\WINDOWS\system32\xqatgahu.ini
C:\WINDOWS\system32\xupbrwdf.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-06 18:49 . 2008-02-06 18:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-03 07:03 . 2008-02-03 07:03 270,698 --a------ C:\WINDOWS\system32\L2299.tmp
2008-02-03 07:03 . 2008-02-03 07:03 181,965 --a------ C:\WINDOWS\system32\LDF8C.tmp
2008-02-03 07:03 . 2008-02-03 07:03 39,936 --a------ C:\WINDOWS\system32\jkklljg.dll
2008-02-03 07:03 . 2008-02-03 07:03 9,292 --a------ C:\WINDOWS\system32\L7BB6.tmp
2008-02-02 05:10 . 2008-02-02 05:13 66,177,544 --a------ C:\pcc26usf1410_1041.exe
2008-02-02 05:09 . 2008-02-02 05:13 107,520 --a------ C:\KeyGen.exe
2008-02-02 03:40 . 2008-02-02 03:40 270,698 --a------ C:\WINDOWS\system32\L4971.tmp
2008-02-02 03:40 . 2008-02-02 03:40 181,965 --a------ C:\WINDOWS\system32\L25D8.tmp
2008-02-02 03:40 . 2008-02-02 03:40 9,292 --a------ C:\WINDOWS\system32\L9BDD.tmp
2008-01-30 15:26 . 2008-01-30 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-01-30 15:25 . 2008-01-30 15:25 <DIR> d-------- C:\Program Files\PopCap Games
2008-01-17 16:38 . 2004-08-03 23:08 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2008-01-17 16:38 . 2004-08-03 23:08 26,624 --a--c--- C:\WINDOWS\system32\dllcache\usbehci.sys
2008-01-17 16:38 . 2004-08-04 00:56 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2008-01-17 16:38 . 2004-08-04 00:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\hccoin.dll
2008-01-15 12:35 . 2008-01-15 12:35 45 --a------ C:\tmp.bat
2008-01-10 20:49 . 2008-01-10 20:49 <DIR> d-------- C:\WINDOWS\Sun
2008-01-10 20:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-10 20:47 . 2008-01-10 20:48 <DIR> d-------- C:\Program Files\Java
2008-01-10 20:46 . 2008-01-10 20:46 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-10 02:03 . 2008-01-10 02:03 <DIR> d-------- C:\Documents and Settings\Lindsay\Application Data\Pogo Games
2008-01-10 02:03 . 2008-01-10 02:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 02:01 . 2008-01-10 15:34 <DIR> d-------- C:\Program Files\Oberon Media
2008-01-05 22:27 . 2008-02-06 07:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-05 22:27 . 2008-01-05 22:27 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 22:22 . 2008-01-05 22:22 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-05 22:21 . 2008-01-05 22:22 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-05 22:07 . 2008-01-10 20:48 841 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 11:13 53,760 -c--a-w C:\WINDOWS\system32\Squeeze.dll
2008-02-02 11:13 34,308 -c--a-w C:\WINDOWS\system32\Chip.dll
2008-01-19 10:33 --------- d-----w C:\Documents and Settings\Rich\Application Data\Ahead
2008-01-06 12:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.
Code:

<pre>
----a-w 897,089 2008-02-02 12:16:13 C:\Program Files\Trend Micro\Internet Security 2006\pccguide .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd74acd9-f392-46ec-8e32-df93c89e41aa}]
2001-08-16 00:12 92224 --a------ C:\WINDOWS\system32\kbsfgobi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]
"BitComet"="D:\BitComet\BitComet.exe" [2007-12-07 09:03 1913656]
"QdrModule12"="C:\Program Files\QdrModule\QdrModule12.exe" [ ]
"Veoh"="D:\VeohClient.exe" [2008-01-30 12:55 3497984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"HP Update 3400C"="C:\sj652\hpupdate.exe" [ ]
"WinampAgent"="D:\Winamp\winampa.exe" [2006-11-21 11:38 35328]
"QuickTime Task"="D:\Rich\QTTask.exe" [2007-12-11 10:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [ ]
"14cac597"="C:\WINDOWS\system32\qjhwvjnf.dll" [2001-08-16 00:15 88640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-10-22 21:19:58 98304]
REALTEK RTL8185 Wireless LAN Utility.lnk - C:\Program Files\REALTEK RTL8185 Wireless LAN Driver and Utility\RtWLan.exe [2007-10-22 21:08:49 733184]

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 22:31]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2003-04-08 08:56]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 08:57]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 0232
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\qjhwvjnf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-05 2:08:41 - machine was rebooted [Rich]
ComboFix-quarantined-files.txt 2008-02-05 08:08:23
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP