Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outerinfo [CLOSED]


  • This topic is locked This topic is locked

#1
Cjester

Cjester

    New Member

  • Member
  • Pip
  • 4 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2008 at 08:17 PM

Application Version : 4.0.1154

Core Rules Database Version : 3440
Trace Rules Database Version: 1432

Scan type : Complete Scan
Total Scan Time : 00:18:42

Memory items scanned : 406
Memory threats detected : 5
Registry items scanned : 4156
Registry threats detected : 25
File items scanned : 16035
File threats detected : 97

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\OPNONNKL.DLL
C:\WINDOWS\SYSTEM32\OPNONNKL.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\opnonnkl
C:\WINDOWS\SYSTEM32\MLJHFCYW.DLL
C:\WINDOWS\SYSTEM32\NNNOPNNK.DLL
C:\WINDOWS\SYSTEM32\EFCABYYX.DLL
C:\WINDOWS\SYSTEM32\XXYXWWTT.DLL
C:\WINDOWS\SYSTEM32\AWTTRQNO.DLL
C:\WINDOWS\SYSTEM32\VTURSQOL.DLL
C:\WINDOWS\SYSTEM32\HGGHEFGG.DLL

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\SSQPQPPN.DLL
C:\WINDOWS\SYSTEM32\SSQPQPPN.DLL

Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU572.EXE
[runner1] C:\WINDOWS\MROFINU572.EXE
C:\WINDOWS\MROFINU572.EXE.TMP

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\CUMUYQMX.DLL
C:\WINDOWS\SYSTEM32\CUMUYQMX.DLL

Adware.ClickSpring/Resident
C:\WINDOWS\SYSTEM32\DUKDY.DLL
C:\WINDOWS\SYSTEM32\DUKDY.DLL

Adware.Vundo-Variant/Small-A
HKLM\Software\Classes\CLSID\{003121cf-9c4b-405b-8292-761a0103fbe5}
HKCR\CLSID\{003121CF-9C4B-405B-8292-761A0103FBE5}
HKCR\CLSID\{003121CF-9C4B-405B-8292-761A0103FBE5}\InprocServer32
HKCR\CLSID\{003121CF-9C4B-405B-8292-761A0103FBE5}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{003121cf-9c4b-405b-8292-761a0103fbe5}
C:\WINDOWS\SYSTEM32\IBOOKHOT.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}
HKCR\CLSID\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}
HKCR\CLSID\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}\InprocServer32
HKCR\CLSID\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}
HKCR\CLSID\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C6AA778-3C24-4AEA-B98D-C20F841C1B9E}
HKCR\CLSID\{9C6AA778-3C24-4AEA-B98D-C20F841C1B9E}
HKCR\CLSID\{9C6AA778-3C24-4AEA-B98D-C20F841C1B9E}\InprocServer32
HKCR\CLSID\{9C6AA778-3C24-4AEA-B98D-C20F841C1B9E}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected]_[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected]=5_[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected]=0_[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

Adware.ClickSpring
HKLM\Software\ClickSpring
HKLM\Software\ClickSpring#UBWKR
C:\PROGRAM FILES\SSEMBL~1\FAST.EXE

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount

Trojan.DNSChanger-Codec
HKLM\Software\MRSoft
HKLM\Software\MRSoft\P

Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ]

Rogue.AntiSpywareMaster
C:\Program Files\AntiSpywareMaster
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WINVSNET.EXE

Adware.ClickSpring/Yazzle
C:\WINDOWS\PREFETCH\YAZZLE1281OINADMIN.EXE-2D8F7800.PF
C:\WINDOWS\PREFETCH\YAZZLE1281OINUNINSTALLER.EXE-2B4D86B8.PF

Trojan.Unclassified/17PHolmes-A
C:\WINDOWS\17PHOLMES572.EXE

Trojan.Downloader-Gen/SnapSNet
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SNAPSNET.EXE
C:\WINDOWS\Prefetch\SNAPSNET.EXE-05D5830D.pf

Adware.Yazzle-Installer
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\YAZZSNET.EXE
C:\WINDOWS\Prefetch\YAZZSNET.EXE-048747F2.pf

Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CWS4GAOL\OIUNINSTALLER[1].EXE

Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHYR45QN\i53b_icon1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5N9JDIVL\i53b_btn-download[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NL7RIK9O\index[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C9QB052X\close[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5N9JDIVL\checkinput_2[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XMWUV9H0\genpass[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XMWUV9H0\sm_er[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5N9JDIVL\crypt[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C7YRSN47\i53b_btn-overview[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHYR45QN\style_f[1].css
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5N9JDIVL\box_742[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHYR45QN\ajax[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2ZC7OBUR\errorhandler[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHYR45QN\errorhandler[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NL7RIK9O\i53b_btn-features[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5N9JDIVL\sm_ok[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XMWUV9H0\functions_2[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHYR45QN\trust[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHYR45QN\arrow_left[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0B17MEVH\1x1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C9QB052X\i53b_t1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0B17MEVH\i53b_line2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0B17MEVH\i606_main[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XMWUV9H0\managers[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C7YRSN47\stats[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5N9JDIVL\err[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C9QB052X\CA0LIHFO.php
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2ZC7OBUR\i53b_bg1[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C9QB052X\i53b_btn-home[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHYR45QN\box[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XMWUV9H0\i53b_boton2[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XMWUV9H0\secure[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0B17MEVH\stats[1].jpg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XMWUV9H0\i53b_btn-purchase[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JMDV6EJZ\i53b_btn-updates[1].gif
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NL7RIK9O\background[1].gif
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP