Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo + Vundo + Other things

Started by matthimself , Jan 02 2008 03:57 PM

  • Please log in to reply

#1
matthimself
Posted 02 January 2008 - 03:57 PM

matthimself

    New Member

  • Member
  • Pip
  • 3 posts
Hi guys. For starters, forgive my English, im Swedish :)

This is my first post on this site. I am having massive problems atm. It started last night with loads of popups. Something like "outerinfo" were in my taskmanager. My computer were really slow. So i decided to turn it off and go to bed.

Today when i booted my computer things were nasty. First off, norton cant start, says its missing ccApp.exe...
So i started to google about outerinfo. Found this site and ran the uninstaller. So to be sure i was okay i did the panda online scan. Turns out that this vundo and some other trojans were installed on my computer. Panda removed some of the trojans but not vundo. Then i did a scan with a random trojan scanner. Things like "steam.exe " "Itunes.exe" and whatnot were infected with vundo. So now i turn to your friendly site for some help and future advice. I have tried VuduFix. It scans i press "remove" reboots and its there again.

Logfile of HijackThis v1.99.1
Scan saved at 22:39:14, on 2008-01-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
K:\GammaSutra.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\iTunes\iTunesHelper .exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Ägaren\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmkjh.exe
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [GammaSutra] K:\GammaSutra.exe
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [kernel] C:\Program\kernel\kernel.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom....gamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program\TVersity\Media Server\MediaServer.exe
  • 0

Advertisements

#2
loophole
Posted 02 January 2008 - 05:08 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :)


Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
matthimself
Posted 03 January 2008 - 09:18 AM

matthimself

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi Loophole an thank you for helping me.

ComboFix 08-01-03.3 - HP_Ägaren 2008-01-03 16:05:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.685 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Ägaren\Skrivbord\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program\Delade filer\Yazzle1281OinUninstaller.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\network monitor
C:\Program\network monitor\netmon.exe.vir
C:\Program\Temporary
C:\Program\Temporary\kernInstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\IA
C:\WINDOWS\IA\asappsrv.dll.vir
C:\WINDOWS\IA\command.exe.vir
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\ssembl~1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmkjh.exe
C:\WINDOWS\system32\wapisvcc.exe
C:\WINDOWS\system32\y2
C:\WINDOWS\uninstall_nmon.vbs

"C:\Program\iTunes\iTunesHelper .exe" replaces infected copy of "C:\Program\iTunes\iTunesHelper.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.

2008-01-03 16:04 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 20:34 . 2008-01-02 22:27 <KAT> d-------- C:\VundoFix Backups
2008-01-02 20:23 . 2008-01-02 20:23 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-02 20:19 . 2008-01-02 20:19 344,576 --a------ C:\WINDOWS\system32\pmkjh.dll.vir
2008-01-02 20:18 . 2008-01-02 20:18 38,400 --a------ C:\WINDOWS\system32\urqonmn.dll.vir
2008-01-02 20:16 . 2008-01-02 20:27 <KAT> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 20:12 . 2008-01-02 22:24 <KAT> d-------- C:\Program\Trojan Remover
2008-01-02 20:12 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-01-02 20:12 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-01-02 20:12 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-01-02 20:12 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-01-02 20:12 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-01-01 16:28 . 2008-01-01 16:28 <KAT> dr------- C:\Documents and Settings\LocalService\Favoriter
2008-01-01 16:28 . 2008-01-01 16:28 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-01 16:22 . 2008-01-01 16:22 <KAT> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2008-01-01 16:18 . 2008-01-01 16:18 <KAT> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-01 16:18 . 2008-01-01 16:18 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-01 16:13 . 2008-01-02 20:21 35,307 --ahs---- C:\WINDOWS\system32\hjkmp.ini.vir
2008-01-01 16:13 . 2008-01-02 20:20 35,245 --a------ C:\WINDOWS\system32\hjkmp.ini2.vir
2008-01-01 16:12 . 2008-01-01 17:54 <KAT> d-------- C:\Program\kernel
2008-01-01 16:08 . 2008-01-01 17:24 <KAT> d-------- C:\WINDOWS\system32\ardCo01
2008-01-01 16:08 . 2008-01-01 16:08 <KAT> d-------- C:\Temp\cEeer12
2008-01-01 16:08 . 2008-01-03 16:08 <KAT> d-------- C:\Temp
2008-01-01 16:08 . 2008-01-01 16:08 39,936 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2007-12-27 23:35 . 2007-12-27 23:52 <KAT> d-------- C:\Program\iPhoneBrowser
2007-12-27 15:01 . 2008-01-03 16:10 <KAT> d-------- C:\Program\iTunes
2007-12-27 15:01 . 2007-12-27 15:01 <KAT> d-------- C:\Program\iPod
2007-12-27 15:00 . 2008-01-01 17:54 <KAT> d-------- C:\Program\QuickTime
2007-12-27 15:00 . 2007-12-27 15:00 <KAT> d-------- C:\Program\Delade filer\Apple
2007-12-27 15:00 . 2007-12-27 15:00 <KAT> d-------- C:\Program\Apple Software Update
2007-12-27 15:00 . 2007-12-27 15:01 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-27 15:00 . 2007-12-27 15:00 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-27 15:00 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-18 19:50 . 2007-12-18 19:50 <KAT> d-------- C:\Program\TVAnts
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-09 13:01 . 2007-12-09 13:01 <KAT> d--h----- C:\WINDOWS\PIF
2007-12-06 17:17 . 2007-12-17 22:19 <KAT> d-------- C:\WINDOWS\system32\svcdll
2007-12-06 17:17 . 2007-12-17 22:21 <KAT> d-------- C:\Program\XAC
2007-12-03 16:52 . 2008-01-02 19:07 <KAT> d-------- C:\jahaaaaaan1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-03 14:56 --------- d-----w C:\Program\Mozilla Thunderbird
2008-01-01 21:53 --------- d-----w C:\Program\mIRC
2008-01-01 16:54 --------- d-----w C:\Program\DAEMON Tools
2007-12-20 17:08 --------- d-----w C:\Program\DC++
2007-12-08 12:45 --------- d--h--w C:\Program\InstallShield Installation Information
2007-12-08 12:42 --------- d-----w C:\Program\Delade filer\Adobe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 21:49 --------- d-----w C:\Program\Real
2007-11-11 21:49 --------- d-----w C:\Program\Delade filer\xing shared
2007-11-11 21:49 --------- d-----w C:\Program\Delade filer\Real
2007-11-07 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
.
----a-w		   737,872 2008-01-02 21:20:27  C:\Program\Trojan Remover\Trjscan .exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67559020-7CAD-41AB-B4EF-7FC7254A1844}]
C:\Program\xerox\viwyj83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91681108-21E3-43CC-188A-A5A60AA317FA}]
C:\Program\WindowsUpdate\zyjicon.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9A2DA3B-6F8D-5522-895A-4DE602F45999}]
C:\WINDOWS\system32\auysja.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [ ]
"NBJ"="C:\Program\Ahead\Nero BackItUp\NBJ.exe" [ ]
"kernel"="C:\Program\kernel\kernel.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 04:23 4603904]
"nwiz"="nwiz.exe" [2004-09-30 04:23 921600 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-11-14 09:18 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 01:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [ ]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [ ]
"WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [ ]
"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [ ]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [ ]
"IntelliType"="C:\Program\Microsoft Hardware\Keyboard\type32.exe" [ ]
"POINTER"="point32.exe" []
"GammaSutra"="K:\GammaSutra.exe" [2003-06-08 16:15 9216]
"OxigenClientAdmin"="C:\Program\Oxigen\bin\Oxigen.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [ ]
"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [ ]
"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-01-03 15:55 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 10:13 49152 C:\WINDOWS\MIDIDEF.EXE]
"StartMS"="C:\Program\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 12:54 57344]
"CMSRegOW.exe"="C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 00:00 57344]

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
HP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 01:28:24]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program\WindowsUpdate\diroqihd.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqonmn]
urqonmn.dll

R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-28 04:40]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 23:35]
S3 PRISM_A00;Wireless PCI 802.11b/g adapter WN4201B Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-12-01 02:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fe0b8de-94a3-11d9-88d5-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 14:00:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 16:10:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-03 16:12:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 15:12:06
.
2007-12-28 18:12:40 --- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 16:13:46, on 2008-01-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
c:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
K:\GammaSutra.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Ägaren\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67559020-7CAD-41AB-B4EF-7FC7254A1844} - C:\Program\xerox\viwyj83122.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 0 - {91681108-21E3-43CC-188A-A5A60AA317FA} - C:\Program\WindowsUpdate\zyjicon.dll (file missing)
O2 - BHO: (no name) - {B9A2DA3B-6F8D-5522-895A-4DE602F45999} - C:\WINDOWS\system32\auysja.dll (file missing)
O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [GammaSutra] K:\GammaSutra.exe
O4 - HKLM\..\Run: [OxigenClientAdmin] "C:\Program\Oxigen\bin\Oxigen.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [kernel] C:\Program\kernel\kernel.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Picture Motion Browser verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom....gamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: urqonmn - urqonmn.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program\TVersity\Media Server\MediaServer.exe

There we go
  • 0

#4
matthimself
Posted 05 January 2008 - 06:43 AM

matthimself

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
*bump*
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP