Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outerinfo.....not sure if its all gone [CLOSED]


  • This topic is locked This topic is locked

#1
Girlee

Girlee

    New Member

  • Member
  • Pip
  • 1 posts
I had problems with Outerinfo so followed the instructions on how to get rid but just wanted to post my SAS and HJT log to see if there is any trace left. I have just rebooted my comp and so far so good, thanks in advance

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/10/2008 at 09:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3399
Trace Rules Database Version: 1391

Scan type : Complete Scan
Total Scan Time : 00:16:54

Memory items scanned : 301
Memory threats detected : 7
Registry items scanned : 3238
Registry threats detected : 97
File items scanned : 14462
File threats detected : 144

Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\RQRPMJG.DLL
C:\WINDOWS\SYSTEM32\RQRPMJG.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqrpmjg
C:\WINDOWS\SYSTEM32\IIFCDEC.DLL
C:\WINDOWS\SYSTEM32\LJJIFEB.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\NNNKH.DLL
C:\WINDOWS\SYSTEM32\NNNKH.DLL

Unclassified.Unknown Origin
C:\WINDOWS\AG9TZQ\COMMAND.EXE
C:\WINDOWS\AG9TZQ\COMMAND.EXE
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PVGJRNCU.DLL
HKLM\System\ControlSet001\Services\cmdService
HKLM\System\ControlSet002\Services\cmdService
HKLM\System\CurrentControlSet\Services\cmdService
C:\WINDOWS\Prefetch\COMMAND.EXE-1748B1D0.pf

Trojan.NetMon/DNSChange
C:\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE
C:\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control#ActiveService
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Program Files\Network Monitor
C:\WINDOWS\Prefetch\NETMON.EXE-09C9CC43.pf

Adware.Adservs
C:\WINDOWS\AG9TZQ\ASAPPSRV.DLL
C:\WINDOWS\AG9TZQ\ASAPPSRV.DLL
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\SYSTEM32\Z2\LIAMDLL2.EXE
C:\WINDOWS\Prefetch\LIAMDLL2.EXE-1F8B25E5.pf

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\JBLLWCAH.DLL
C:\WINDOWS\SYSTEM32\JBLLWCAH.DLL
HKLM\Software\Classes\CLSID\{67693af6-6e6d-44e4-8069-e429042d5129}
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}\InprocServer32
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BKDVUNAH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67693af6-6e6d-44e4-8069-e429042d5129}

Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU1000106.EXE
C:\WINDOWS\MROFINU572.EXE.TMP
C:\WINDOWS\Prefetch\MROFINU572.EXE-16B9FCA5.pf

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}\InprocServer32
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F90013B-95DF-4C60-80C9-923328D27D70}
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}\InprocServer32
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][3].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected]=1_[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected]_[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected]_[3].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control#ActiveService

Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ]

Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\HOME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PTOMTFAB\OIUNINSTALLER[1].EXE

Trojan.Unknown Origin
C:\WINDOWS\AG9TZQ\U36QTK.VBS
C:\WINDOWS\UNINSTALL_NMON.VBS

Malware.LocusSoftware Inc-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M0611NETINSTALLER.EXE
C:\WINDOWS\Prefetch\UGA6P_0001_N122M0611NETINSTAL-15F19D6C.pf

Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-2D8F7800.PF
C:\WINDOWS\PREFETCH\YAZZLE1281OINUNINSTALLER.EXE-2B4D86B8.PF

Trace.Known Threat Sources
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\errorhandler[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\index[3].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\crypt[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\index[2].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\ajax[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\flash_detect[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\errorhandler[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\spacer[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\feat_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\logo[1].jpg
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\managers[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\spacer[2].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\ico_1[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\ico_5[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\c21_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\g-left[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\flash[1].swf
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\feat_top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\c11_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\ico_4[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\body_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\window[1].js
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\clean[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\AC_RunActiveContent[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\g-bottomleft[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\g-top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\scan_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\footer_bg[2].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\scans_top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\styles[1].css
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\feat_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\g-topleft[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\feat_li[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\g-bottom[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\c12_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\AC_ActiveX[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\logo_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\fullresize[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\bar[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\c22_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\ajax[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\scans_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\g-bottomright[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\g-topright[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\3_swp[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\scan_now[1].gif





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:07, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
C:\Program Files\Belkin\F5D7011\ChkDev.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E900D4D1-88C3-4396-85E2-8F64391F1C5A} - C:\Program Files\MSN\sacuhy89104.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AutoConnect] "C:\Documents and Settings\Home\Local Settings\Temp\{0B6FFDCF-58CF-49EF-805E-D320748F06AB}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe" BCMALL
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fc3d2809] rundll32.exe "C:\WINDOWS\system32\jbllwcah.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pvgjrncu - pvgjrncu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4199 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP