Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo.....not sure if its all gone [CLOSED]

Started by Girlee , Feb 10 2008 03:22 PM

  • This topic is locked This topic is locked

#1
Girlee
Posted 10 February 2008 - 03:22 PM

Girlee

    New Member

  • Member
  • Pip
  • 1 posts
I had problems with Outerinfo so followed the instructions on how to get rid but just wanted to post my SAS and HJT log to see if there is any trace left. I have just rebooted my comp and so far so good, thanks in advance

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/10/2008 at 09:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3399
Trace Rules Database Version: 1391

Scan type : Complete Scan
Total Scan Time : 00:16:54

Memory items scanned : 301
Memory threats detected : 7
Registry items scanned : 3238
Registry threats detected : 97
File items scanned : 14462
File threats detected : 144

Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\RQRPMJG.DLL
C:\WINDOWS\SYSTEM32\RQRPMJG.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rqrpmjg
C:\WINDOWS\SYSTEM32\IIFCDEC.DLL
C:\WINDOWS\SYSTEM32\LJJIFEB.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\NNNKH.DLL
C:\WINDOWS\SYSTEM32\NNNKH.DLL

Unclassified.Unknown Origin
C:\WINDOWS\AG9TZQ\COMMAND.EXE
C:\WINDOWS\AG9TZQ\COMMAND.EXE
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PVGJRNCU.DLL
HKLM\System\ControlSet001\Services\cmdService
HKLM\System\ControlSet002\Services\cmdService
HKLM\System\CurrentControlSet\Services\cmdService
C:\WINDOWS\Prefetch\COMMAND.EXE-1748B1D0.pf

Trojan.NetMon/DNSChange
C:\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE
C:\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control#ActiveService
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Program Files\Network Monitor
C:\WINDOWS\Prefetch\NETMON.EXE-09C9CC43.pf

Adware.Adservs
C:\WINDOWS\AG9TZQ\ASAPPSRV.DLL
C:\WINDOWS\AG9TZQ\ASAPPSRV.DLL
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\SYSTEM32\Z2\LIAMDLL2.EXE
C:\WINDOWS\Prefetch\LIAMDLL2.EXE-1F8B25E5.pf

Adware.Vundo-Variant/Small-A
C:\WINDOWS\SYSTEM32\JBLLWCAH.DLL
C:\WINDOWS\SYSTEM32\JBLLWCAH.DLL
HKLM\Software\Classes\CLSID\{67693af6-6e6d-44e4-8069-e429042d5129}
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}\InprocServer32
HKCR\CLSID\{67693AF6-6E6D-44E4-8069-E429042D5129}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\BKDVUNAH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67693af6-6e6d-44e4-8069-e429042d5129}

Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU1000106.EXE
C:\WINDOWS\MROFINU572.EXE.TMP
C:\WINDOWS\Prefetch\MROFINU572.EXE-16B9FCA5.pf

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}\InprocServer32
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5F90013B-95DF-4C60-80C9-923328D27D70}
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}\InprocServer32
HKCR\CLSID\{5F90013B-95DF-4C60-80C9-923328D27D70}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@systemerrorfixer[1].txt
C:\Documents and Settings\Home\Cookies\home@2o7[1].txt
C:\Documents and Settings\Home\Cookies\home@atdmt[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@73500804[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@adrevolver[3].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@fastclick[1].txt
C:\Documents and Settings\Home\Cookies\home@tribalfusion[2].txt
C:\Documents and Settings\Home\Cookies\home@avsystemcare[2].txt
C:\Documents and Settings\Home\Cookies\home@neocounter2[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@advertising[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@adtech[1].txt
C:\Documents and Settings\Home\Cookies\home@doubleclick[1].txt
C:\Documents and Settings\Home\Cookies\home@mediaplex[1].txt
C:\Documents and Settings\Home\Cookies\home@specificclick[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@adecn[2].txt
C:\Documents and Settings\Home\Cookies\home@adserver[1].txt
C:\Documents and Settings\Home\Cookies\home@statcounter[2].txt
C:\Documents and Settings\Home\Cookies\home@clickbank[1].txt
C:\Documents and Settings\Home\Cookies\home@gomyhit[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@apmebf[1].txt
C:\Documents and Settings\Home\Cookies\home@zedo[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@ex=1_[2].txt
C:\Documents and Settings\Home\Cookies\home@cgi-bin[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@linksynergy[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@adbrite[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@advancedcleaner[2].txt
C:\Documents and Settings\Home\Cookies\home@trafficmp[1].txt
C:\Documents and Settings\Home\Cookies\home@winanonymous[2].txt
C:\Documents and Settings\Home\Cookies\home@bestsellerantivirus[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@casalemedia[2].txt
C:\Documents and Settings\Home\Cookies\home@888ladies[1].txt
C:\Documents and Settings\Home\Cookies\home@revsci[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@bizadverts[2].txt
C:\Documents and Settings\Home\Cookies\home@yadro[2].txt
C:\Documents and Settings\Home\Cookies\home@tradedoubler[1].txt
C:\Documents and Settings\Home\Cookies\home@adrevolver[2].txt
C:\Documents and Settings\Home\Cookies\home@288_[2].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\home@cassava[1].txt
C:\Documents and Settings\Home\Cookies\home@288_[3].txt
C:\Documents and Settings\Home\Cookies\home@atwola[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt
C:\Documents and Settings\Home\Cookies\home@247realmedia[1].txt
C:\Documents and Settings\Home\Cookies\[email protected][2].txt
C:\Documents and Settings\Home\Cookies\[email protected][1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control#ActiveService

Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ]

Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\HOME\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PTOMTFAB\OIUNINSTALLER[1].EXE

Trojan.Unknown Origin
C:\WINDOWS\AG9TZQ\U36QTK.VBS
C:\WINDOWS\UNINSTALL_NMON.VBS

Malware.LocusSoftware Inc-Installer
C:\WINDOWS\DOWNLOADED PROGRAM FILES\UGA6P_0001_N122M0611NETINSTALLER.EXE
C:\WINDOWS\Prefetch\UGA6P_0001_N122M0611NETINSTAL-15F19D6C.pf

Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-2D8F7800.PF
C:\WINDOWS\PREFETCH\YAZZLE1281OINUNINSTALLER.EXE-2B4D86B8.PF

Trace.Known Threat Sources
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\errorhandler[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\index[3].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\crypt[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\index[2].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\ajax[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\flash_detect[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\errorhandler[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\spacer[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\feat_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\logo[1].jpg
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\managers[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\spacer[2].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\ico_1[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\ico_5[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\c21_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\g-left[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\flash[1].swf
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\feat_top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\c11_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\ico_4[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\body_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\window[1].js
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\clean[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\AC_RunActiveContent[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\g-bottomleft[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\g-top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\scan_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\footer_bg[2].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\scans_top[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\styles[1].css
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\feat_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\g-topleft[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\feat_li[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\g-bottom[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\c12_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\AC_ActiveX[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\logo_bot[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\fullresize[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\bar[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\c22_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\ajax[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\scans_bg[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\8I18UVKI\[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\PTOMTFAB\g-bottomright[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\g-topright[1].gif
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\UY534ZRA\3_swp[1].htm
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\6VT6V5US\scan_now[1].gif





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:07, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\F5D7011\Belkinwcui.exe
C:\Program Files\Belkin\F5D7011\ChkDev.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {E900D4D1-88C3-4396-85E2-8F64391F1C5A} - C:\Program Files\MSN\sacuhy89104.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AutoConnect] "C:\Documents and Settings\Home\Local Settings\Temp\{0B6FFDCF-58CF-49EF-805E-D320748F06AB}\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\AutoConnect.exe" BCMALL
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fc3d2809] rundll32.exe "C:\WINDOWS\system32\jbllwcah.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pvgjrncu - pvgjrncu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4199 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 10 February 2008 - 04:20 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Rorschach112
Posted 15 February 2008 - 08:44 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP