Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outerinfo/yazzle


  • This topic is locked This topic is locked
2 replies to this topic

#1 cipherdiez

cipherdiez

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 13 August 2007 - 11:16 AM

After I figured out that I had outerinfo adware on my computer, I poked around the forums and noticed that 1) my computer lagged a LOT and 2) it kept trying to open IE and go to outerinfo sites. I downloaded Combofix and ran it, and then after it finished I ran HijackThis. They seemed to fix the problem (e.g., HijackThis deleted a bunch of registry keys that were invading IE's security settings and disabling them). I assume my computer's fixed since it's going faster and it doesn't seem to be opening popups, but I'd like confirmation based on my logs- ComboFix is first, then HijackThis. Thanks in advance.

ComboFix 07-08-09.3 - "Quests" 2007-08-13 11:33:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.58 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\system32\_002417_.tmp.dll
C:\WINDOWS\system32\_002560_.tmp.dll
C:\WINDOWS\system32\_002561_.tmp.dll
C:\WINDOWS\system32\_002562_.tmp.dll
C:\WINDOWS\system32\_002563_.tmp.dll
C:\WINDOWS\system32\_002570_.tmp.dll
C:\WINDOWS\system32\_002571_.tmp.dll
C:\WINDOWS\system32\_002572_.tmp.dll
C:\WINDOWS\system32\_002573_.tmp.dll
C:\WINDOWS\system32\uvuvw.bak1
C:\WINDOWS\system32\uvuvw.bak2
C:\WINDOWS\system32\uvuvw.ini
C:\WINDOWS\system32\uvuvw.ini2
C:\WINDOWS\system32\uvuvw.tmp
C:\WINDOWS\system32\vxebffws.dll
C:\WINDOWS\system32\wvuvu.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))


2007-08-13 11:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 02:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-10 02:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-10 02:14 <DIR> d-------- C:\Temp
2007-08-09 22:49 <DIR> d-------- C:\Program Files\Microsoft Games
2007-08-09 22:46 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-08-09 22:39 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-07 17:44 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-07 17:44 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-08-07 17:44 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-08-07 17:44 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-08-04 11:03 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-08-03 22:26 <DIR> d-------- C:\DOCUME~1\522375\APPLIC~1\Hamachi
2007-08-03 22:24 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-08-03 22:24 <DIR> d-------- C:\Program Files\Hamachi
2007-08-02 19:38 <DIR> d-------- C:\Panda3D-1.4.0
2007-08-02 18:41 <DIR> d-------- C:\DOCUME~1\522375\.pype
2007-08-01 23:43 76,496 --a------ C:\WINDOWS\War3Unin.dat
2007-08-01 23:43 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-08-01 23:43 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-08-01 23:38 <DIR> d-------- C:\Program Files\Warcraft III
2007-08-01 20:35 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-08-01 20:35 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-08-01 20:35 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-08-01 20:35 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-08-01 20:35 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-01 20:35 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-08-01 20:35 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-08-01 20:35 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-01 20:35 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-01 20:35 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-08-01 20:35 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-08-01 20:35 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-08-01 20:35 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-01 20:35 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-08-01 20:35 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-08-01 20:35 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-08-01 20:35 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-08-01 20:35 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-08-01 20:35 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-08-01 20:35 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-08-01 20:35 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-08-01 20:35 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-01 20:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-01 20:32 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-01 20:13 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-01 19:41 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-08-01 00:19 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2007-08-01 00:19 896,512 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-08-01 00:19 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-08-01 00:19 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-08-01 00:19 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-08-01 00:19 52,224 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-08-01 00:19 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-08-01 00:19 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-08-01 00:19 42,368 --a------ C:\WINDOWS\system32\drivers\agp440.sys
2007-08-01 00:19 4,096 --a------ C:\WINDOWS\system32\dsprpres.dll
2007-08-01 00:19 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-08-01 00:19 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-08-01 00:19 37,376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-08-01 00:19 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-08-01 00:19 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2007-08-01 00:19 32,768 --a------ C:\WINDOWS\system32\asr_pfu.exe
2007-08-01 00:19 310,272 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-08-01 00:19 270,848 --a------ C:\WINDOWS\system32\sbe.dll
2007-08-01 00:19 233,472 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-08-01 00:19 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-08-01 00:19 192,000 --a------ C:\WINDOWS\system32\iuengine.dll
2007-08-01 00:19 187,392 --a------ C:\WINDOWS\system32\xpsp1res.dll
2007-08-01 00:19 186,368 --a------ C:\WINDOWS\system32\encdec.dll
2007-08-01 00:19 18,432 --a------ C:\WINDOWS\system32\secedit.exe
2007-08-01 00:19 168,448 --a------ C:\WINDOWS\system32\wmerror.dll
2007-08-01 00:19 159,232 --a------ C:\WINDOWS\system32\sbeio.dll
2007-08-01 00:19 151,552 --a------ C:\WINDOWS\system32\wmidx.dll
2007-08-01 00:19 134,656 --a------ C:\WINDOWS\system32\mssap.dll
2007-08-01 00:19 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2007-08-01 00:19 12,800 --a------ C:\WINDOWS\system32\spiisupd.exe
2007-08-01 00:19 114,688 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-08-01 00:19 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-08-01 00:19 1,001,472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-08-01 00:18 96,768 --a------ C:\WINDOWS\system32\dpcdll.dll
2007-08-01 00:18 95,744 --a------ C:\WINDOWS\system32\mqsec.dll
2007-08-01 00:18 9,216 --a------ C:\WINDOWS\system32\proxycfg.exe
2007-08-01 00:18 89,088 --a------ C:\WINDOWS\system32\mqlogmgr.dll
2007-08-01 00:18 78,336 --a------ C:\WINDOWS\system32\tlntsess.exe
2007-08-01 00:18 73,728 --a------ C:\WINDOWS\system32\fdeploy.dll
2007-08-01 00:18 73,216 --a------ C:\WINDOWS\system32\tlntsvr.exe
2007-08-01 00:18 72,960 --a------ C:\WINDOWS\system32\drivers\mqac.sys
2007-08-01 00:18 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2007-08-01 00:18 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2007-08-01 00:18 67,584 --a------ C:\WINDOWS\system32\openfiles.exe
2007-08-01 00:18 660,992 --a------ C:\WINDOWS\system32\mqqm.dll
2007-08-01 00:18 65,024 --a------ C:\WINDOWS\system32\nwwks.dll
2007-08-01 00:18 61,440 --a------ C:\WINDOWS\system32\tlntadmn.exe
2007-08-01 00:18 596,992 --a------ C:\WINDOWS\system32\wsecedit.dll
2007-08-01 00:18 59,392 --a------ C:\WINDOWS\system32\logman.exe
2007-08-01 00:18 566,784 --a------ C:\WINDOWS\system32\gpedit.dll
2007-08-01 00:18 56,320 --a------ C:\WINDOWS\system32\cipher.exe
2007-08-01 00:18 517,632 --a------ C:\WINDOWS\system32\mqsnap.dll
2007-08-01 00:18 50,176 --a------ C:\WINDOWS\system32\eventcreate.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-13 11:47 19231 --a------ C:\WINDOWS\nsreg.dat
2007-08-13 11:45 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-08-10 02:14 --------- d-------- C:\Program Files\Microsoft Works
2007-08-01 20:44 3286 --a------ C:\WINDOWS\mozver.dat
2007-08-01 19:46 --------- d-------- C:\Program Files\Movie Maker
2007-08-01 19:41 --------- d-------- C:\Program Files\Windows NT
2007-07-31 19:49 --------- d-------- C:\Program Files\Google
2007-07-31 19:40 --------- d--h----- C:\Program Files\WindowsUpdate
2007-06-23 15:58 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 15:56 21035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-06-23 15:55 --------- d-------- C:\Program Files\NETGEAR
2004-10-06 00:00 5014 --a------ C:\Program Files\setuplog.txt
2003-10-01 08:07 8305 --a------ C:\Program Files\What's New - Word Templates.txt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5863a276-d05e-4ce6-b1d7-163ed287a2b9}]
C:\WINDOWS\system32\ctnveuk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFCDBCF-4023-4CAE-2975-4FB60C3BA4B8}]
C:\WINDOWS\system32\pbo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 05:53 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 13:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"iPCCheck"="C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe" [2004-05-11 10:05]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-02-05 01:36]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-02-05 01:36]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-02-05 01:36]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 02:04]
"TP4EX"="tp4ex.exe" [2002-09-04 01:05 C:\WINDOWS\system32\TP4EX.exe]
"TrackPointSrv"="tp4mon.exe" [2004-08-04 03:56 C:\WINDOWS\system32\tp4mon.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-03-10 07:10]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-05-19 03:21]
"QCWLICON"="C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe" [2004-05-19 03:21]
"WLANSTA.EXE"="WLANSTA.exe" [2002-07-04 01:52 C:\WINDOWS\system32\WLANSTA.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [2004-12-14 02:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"{AF-FD-DF-FE-ZN}"="C:\Documents and Settings\522375\Local Settings\Temp\thinksnet.exe" []
"medep"="C:\Program Files\Microsoft Works\medep22011.exe" [2007-08-07 16:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-06-22 22:35:30]
HotSync Manager.lnk - C:\Palm\hotsync.exe [2007-02-24 21:32:07]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)
"LockTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 22:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopno]
nnnopno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-05-19 03:21 94208 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= pwdmon scecli

R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS
R1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys
R1 Smapint;Smapint;C:\WINDOWS\system32\drivers\Smapint.sys
R1 TDSMAPI;TDSMAPI;C:\WINDOWS\system32\drivers\TDSMAPI.SYS
R1 TPHKDRV;TPHKDRV;C:\WINDOWS\system32\drivers\TPHKDRV.sys
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys
R1 TSMAPIP;TSMAPIP;C:\WINDOWS\system32\drivers\TSMAPIP.SYS
R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\System32\drivers\ibmfilter.sys
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys
R3 ltmodem5;LT Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
R3 S3SSavage;S3SSavage;C:\WINDOWS\system32\DRIVERS\s3ssavm.sys
S3 IMWEB51;High Rate Wireless LAN Mini-PCI LAN Driver;C:\WINDOWS\system32\DRIVERS\IMWEBN51.sys
S3 IPFilter;Microsoft IntelliPoint Features driver;C:\WINDOWS\system32\DRIVERS\IPFilter.sys
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 psadd;IBM PSA Access Driver;\??\C:\WINDOWS\system32\Drivers\psadd.sys
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys
S3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys
S3 WLANRB;NETGEAR Wireless 802.11b LAN RB Driver;C:\WINDOWS\system32\DRIVERS\MA401RB.sys


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ADOBEPRO7]
C:\Program Files\SetupCache\AdobePRO7\AdobePro7_stub.EXE

Contents of the 'Scheduled Tasks' folder
2005-11-28 22:19:38 C:\WINDOWS\Tasks\BMMTask.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 11:45:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 11:52:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 11:51

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:38 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\icollect\icserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\icollect\wake_up.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\tp4mon.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5863a276-d05e-4ce6-b1d7-163ed287a2b9} - C:\WINDOWS\system32\ctnveuk.dll (file missing)
O2 - BHO: (no name) - {6FFCDBCF-4023-4CAE-2975-4FB60C3BA4B8} - C:\WINDOWS\system32\pbo.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{AF-FD-DF-FE-ZN}] C:\Documents and Settings\522375\Local Settings\Temp\thinksnet.exe CHD003
O4 - HKLM\..\Run: [medep] C:\Program Files\Microsoft Works\medep22011.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185925216960
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185925199755
O20 - Winlogon Notify: nnnopno - nnnopno.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - c:\icollect\icserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9744 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:03 AM

Posted 20 August 2007 - 06:33 PM

Hello cipherdiez,

Welcome to Bleeping Computer :flowers:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:03 AM

Posted 31 August 2007 - 08:40 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users