Tech Support Forum banner
Cancel

Outerinfo, purityscan, win32.trojan.agent, and maybe more??? HELP!!!

Jump to Latest Follow
Status
Not open for further replies.
1 - 2 of 2 Posts
C

· Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
Okay, I have followed the five steps before posting a log and am now ready.

My problem is that I am so overloaded with popups I can barely do anything at all. I used to have a copy of Norton on my computer that my friend put on here but I it slowed my computer down way too much. When I took it off, I think my computer was left open to an attack and this might be the result.

Something called Outerinfo has appeared in the Start menu/All Programs section from the desktop. It gives me the option to uninstall, and it does uninstall and everything is okay...until I reboot. Then it is magically back and my life is hell again. I've tried going into the actual program files section and deleting stuff, and I did, but still no luck, it always comes back.

Also, other than Outerinfo, when I run Adaware and the free AVG antivirus, the two always remove or quarantine a lot of items, but the ones that always show up are the outerinfo, purityscan, win32.trojan.agent. There are others, but these seem to be the big ones.

Here is the Panda online scan, and following that is the DSS/Hijack this log.

PLEASE HELP!!!!

Thanks

Here is the Panda Scan:


Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\windows\sstem3~1\nslookup.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\twnfuzs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\dibpcxmd.dll
Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.advertising.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Samantha\Application Data\Mozilla\Firefox\Profiles\7vxr5573.default\cookies.txt[.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Samantha\Cookies\[email protected][1].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temp\!update.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temp\mofugclq.exe
Virus:Generic Malware Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temp\OiUninstaller.exe[UE.exe]
Virus:Generic Malware Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temp\OiUninstaller.exe[WSu.exe]
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temp\qrjatydi.exe
Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temp\urclqecd.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temporary Internet Files\Content.IE5\0M35VQL6\!update-4395[1].0000
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temporary Internet Files\Content.IE5\0PIF0PQN\upd32_v14[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temporary Internet Files\Content.IE5\N3LRB148\pochki20071106[1]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temporary Internet Files\Content.IE5\UBHFPY18\upd32_v13[1]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Samantha\Local Settings\Temporary Internet Files\Content.IE5\YFMV0NIL\!update-4395[1].0000
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Program Files\BitLord\Downloads\Programs\Adobe Programs\Adobe - 234 PhotoShop Plugins\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\alphastrip11.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Program Files\BitLord\Downloads\Programs\Adobe Programs\Adobe - 234 PhotoShop Plugins\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Digitalizer v1.1\Digitalizer1Psd.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Program Files\BitLord\Downloads\Programs\Adobe Programs\Adobe - 234 PhotoShop Plugins\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Engraver v1.1\engraver1ps.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Program Files\BitLord\Downloads\Programs\Adobe Programs\Adobe - 234 PhotoShop Plugins\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Fire v3.1\fire3psd.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Program Files\BitLord\Downloads\Programs\Adobe Programs\Adobe - 234 PhotoShop Plugins\234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Lens Pro III v3.6\Lens3PS.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Program Files\BitLord\Downloads\Programs\Adobe Programs\Adobe - 234 PhotoShop Plugins\234 PhotoShop Plugins\PEv11\engraver1ps.exe
Hacktool:Hacktool/MailBomber.F Not disinfected C:\Program Files\BitLord\Downloads\Programs\Adobe Programs\Adobe - 234 PhotoShop Plugins\234 PhotoShop Plugins\PFirev31forAP\fire3psd.exe
Virus:Generic Malware Disinfected C:\Program Files\BitLord\Downloads\Programs\Microsoft - Windows Vista Cracks and Serials\Vista-Keygenerator1.031\Vista-Keygenerator1.031.exe
Adware:Adware/DnsInsider Not disinfected C:\Program Files\Outerinfo\OiUninstaller.exe[UE.exe]
Virus:Trj/Agent.GMX Not disinfected C:\Program Files\Outerinfo\OiUninstaller.exe[WSu.exe]
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\agnnnipq.exe
Virus:Trj/Downloader.OZB Disinfected C:\WINDOWS\system32\cagfcabd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jolwuhhv.dll
Virus:Generic Malware Disinfected C:\WINDOWS\system32\W?nSxS\m?config.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\s?stem32\nslookup.exe


Here is the MAIN DSS/Hijack this log:


Deckard's System Scanner v20071014.68
Run by Samantha on 2007-12-09 09:57:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2007-12-09 14:58:03 UTC - RP657 - Deckard's System Scanner Restore Point
93: 2007-12-09 01:36:50 UTC - RP656 - System Checkpoint
92: 2007-12-08 00:33:52 UTC - RP655 - System Checkpoint
91: 2007-12-06 23:51:20 UTC - RP654 - System Checkpoint
90: 2007-12-05 20:26:43 UTC - RP653 - System Checkpoint


-- First Restore Point --
1: 2007-10-25 16:07:26 UTC - RP564 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 92% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Samantha.exe) --------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-09 10:05:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Documents and Settings\Samantha\Policies\catsrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\s?stem32\nslookup.exe
C:\Program Files\Talking Time Keeper\TalkingTimeKeeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\W?nSxS\m?config.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Samantha\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {c5d7ea89-c703-3e19-9fd4-15e2566a9fc4} - {4cf9a665-2e51-4df9-91e3-307c98ae7d5c} - C:\WINDOWS\system32\crbgfwhw.dll
O2 - BHO: (no name) - {566E15D9-F0C4-4879-9392-23DA53A80023} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8966F969-138A-43CE-8587-ABFD15E31E8E} - C:\WINDOWS\system32\mllji.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\dibpcxmd.dll
O2 - BHO: (no name) - {B3DCF515-328B-3C2A-8B29-48E6718102C4} - C:\WINDOWS\system32\twnfuzs.dll
O2 - BHO: (no name) - {B48CF74E-668F-377A-8B29-48E671810F95} - C:\WINDOWS\system32\sfek.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\dibpcxmd.dll
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [catsrv] "C:\Documents and Settings\Samantha\Policies\catsrv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft system navigation tool] sysnav32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [c8c0b065] rundll32.exe "C:\WINDOWS\system32\aqgpkswa.dll",b
O4 - HKLM\..\RunServices: [Microsoft system navigation tool] sysnav32.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Microsoft system navigation tool] sysnav32.exe
O4 - HKCU\..\Run: [Qkkmel] C:\WINDOWS\system32\??crosoft\s?oolsv.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Samantha\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Iesa] "C:\WINDOWS\SSTEM3~1\nslookup.exe" -vt ndrv
O4 - HKCU\..\Run: [catsrv] C:\Documents and Settings\Samantha\Policies\catsrv.exe -AutoStart
O4 - Startup: TTK.lnk = C:\Program Files\Talking Time Keeper\TalkingTimeKeeper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: dibpcxmd - C:\WINDOWS\system32\dibpcxmd.dll
O20 - Winlogon Notify: ehogcgsk - C:\WINDOWS\system32\ehogcgsk.dll
O20 - Winlogon Notify: fscjcmqh - C:\WINDOWS\system32\fscjcmqh.dll
O20 - Winlogon Notify: zvvkyauq - C:\WINDOWS\system32\zvvkyauq.dll (file missing)
O20 - Winlogon Notify: __c002BCDA - C:\WINDOWS\system32\__c002BCDA.dat
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\ATMsrvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qhjadjub.exe /service
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


--
End of file - 10802 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070302-133243-493 O1 - Hosts: 66.98.148.65 auto.search.msn.es
backup-20070302-133243-638 O1 - Hosts: 66.98.148.65 auto.search.msn.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin/MarvinPro>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 BT848 (ATI TV Wonder BtCap, WDM Video Capture) - c:\windows\system32\drivers\bt848.sys <Not Verified; Conexant Systems, Inc.; bt848.sys>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 SndTDriverV32 - c:\windows\system32\drivers\sndtdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AvidSDMService (Avid SDM Service) - system32\avidsdmservice.exe <Not Verified; Avid Technology, Inc.; Avid Technology, Inc. AvidSDMService>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 DomainService - c:\windows\system32\qhjadjub.exe /service (file missing)
S3 AvidStartup (Avid Startup) - system32\avidstartup.exe <Not Verified; ; AvidStartup>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Specialized PCD WDM VBI Codec
Device ID: ROOT\MEDIA\0000
Manufacturer: ATI
Name: Specialized PCD WDM VBI Codec
PNP Device ID: ROOT\MEDIA\0000
Service: PCDCODEC

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ATI WDM Teletext Decoder
Device ID: ROOT\MEDIA\0001
Manufacturer: ATI
Name: ATI WDM Teletext Decoder
PNP Device ID: ROOT\MEDIA\0001
Service: TTDec

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Audio Codecs
Device ID: ROOT\MEDIA\MS_MMACM
Manufacturer: (Standard system devices)
Name: Audio Codecs
PNP Device ID: ROOT\MEDIA\MS_MMACM
Service: audstub

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Audio Drivers
Device ID: ROOT\MEDIA\MS_MMDRV
Manufacturer: (Standard system devices)
Name: Legacy Audio Drivers
PNP Device ID: ROOT\MEDIA\MS_MMDRV
Service: audstub

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Media Control Devices
Device ID: ROOT\MEDIA\MS_MMMCI
Manufacturer: (Standard system devices)
Name: Media Control Devices
PNP Device ID: ROOT\MEDIA\MS_MMMCI
Service: audstub

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Legacy Video Capture Devices
Device ID: ROOT\MEDIA\MS_MMVCD
Manufacturer: (Standard system devices)
Name: Legacy Video Capture Devices
PNP Device ID: ROOT\MEDIA\MS_MMVCD
Service: audstub

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Video Codecs
Device ID: ROOT\MEDIA\MS_MMVID
Manufacturer: (Standard system devices)
Name: Video Codecs
PNP Device ID: ROOT\MEDIA\MS_MMVID
Service: audstub

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Wave Audio Mixer
Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Wave Audio Mixer
PNP Device ID: SW\{B7EAFDC0-A680-11D0-96D8-00AA0051E51D}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: kmixer


-- Scheduled Tasks -------------------------------------------------------------

2007-12-08 19:30:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-09 and 2007-12-09 -----------------------------

2007-12-08 18:26:20 174 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-12-08 18:26:19 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-12-08 18:11:10 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-08 18:10:59 0 d-------- C:\WINDOWS\LastGood
2007-12-07 11:19:14 0 d-------- C:\WINDOWS\system32\W?nSxS
2007-12-07 11:18:40 60928 --a------ C:\WINDOWS\system32\twnfuzs.dll
2007-12-07 11:15:56 2 --a------ C:\WINDOWS\system32\wnstscc.exe
2007-12-07 11:14:50 0 d-------- C:\Program Files\Outerinfo
2007-12-07 11:14:45 0 d-------- C:\WINDOWS\?racle
2007-12-06 23:53:02 80448 --a------ C:\WINDOWS\system32\crbgfwhw.dll
2007-12-06 23:50:02 85568 --a------ C:\WINDOWS\system32\aqgpkswa.dll
2007-12-06 23:47:29 74304 --a------ C:\WINDOWS\system32\whroorqc.exe <Not Verified; ; DDC>
2007-12-06 15:44:00 80448 --a------ C:\WINDOWS\system32\srsrnras.dll
2007-12-06 15:35:48 145984 --a------ C:\WINDOWS\system32\dibpcxmd.dll
2007-12-06 15:35:04 145984 --a------ C:\WINDOWS\system32\jolwuhhv.dll
2007-12-06 15:31:59 36928 --a------ C:\WINDOWS\system32\__c002BCDA.dat
2007-12-06 15:31:58 36928 --a------ C:\WINDOWS\system32\ehogcgsk.dll
2007-12-06 15:28:50 36928 --a------ C:\WINDOWS\system32\tosvuiir.dll
2007-12-06 15:27:33 36928 --a------ C:\WINDOWS\system32\__c00F0DDA.dat
2007-12-06 15:27:24 36928 --a------ C:\WINDOWS\system32\fscjcmqh.dll
2007-12-06 02:05:22 1498835 ---hs---- C:\WINDOWS\system32\rtbxwvvi.ini2
2007-12-06 02:05:10 85568 --a------ C:\WINDOWS\system32\ivvwxbtr.dll
2007-12-06 01:59:10 74304 --a------ C:\WINDOWS\system32\vlvfptgh.exe <Not Verified; ; DDC>
2007-12-05 12:41:31 85568 -----n--- C:\WINDOWS\system32\stauavbc.dll
2007-12-05 12:38:58 74304 --a------ C:\WINDOWS\system32\tkstwdtl.exe <Not Verified; ; DDC>
2007-12-02 20:08:27 0 d-------- C:\WINDOWS\system32\?asks


-- Find3M Report ---------------------------------------------------------------

2007-12-09 10:06:13 433 ---hs---- C:\WINDOWS\system32\ijllm.ini2
2007-12-09 00:14:07 0 d-------- C:\Program Files\Talking Time Keeper
2007-12-09 00:05:36 0 d-------- C:\Program Files\MSN Messenger
2007-12-08 23:57:16 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2007-12-08 23:55:51 0 d-------- C:\Program Files\iTunes
2007-12-08 23:43:41 0 d-------- C:\Program Files\Bonjour
2007-10-29 13:46:29 0 d-------- C:\Documents and Settings\Samantha\Application Data\Grisoft
2007-10-29 08:21:28 0 d-------- C:\Program Files\Common Files
2007-10-28 13:03:41 85056 --a------ C:\WINDOWS\system32\eldyuagv.dll
2007-10-27 22:26:44 0 d-------- C:\Program Files\Common Files\womf
2007-10-27 20:02:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-27 19:59:40 0 d-------- C:\Program Files\Symantec
2007-10-27 19:42:33 83520 -----n--- C:\WINDOWS\system32\pmluownc.dll
2007-10-26 14:11:28 311392 -----n--- C:\WINDOWS\system32\mllji.dll
2007-10-26 13:04:13 6575 --ahs---- C:\WINDOWS\system32\pqtss.ini2
2007-10-26 12:51:50 6505 --ahs---- C:\WINDOWS\system32\pqtss.bak1
2007-10-26 12:28:26 76864 --a------ C:\WINDOWS\system32\imcwkfis.dll
2007-10-26 12:25:25 86592 -----n--- C:\WINDOWS\system32\vriemkqk.dll
2007-10-26 11:47:02 10 --a------ C:\Program Files\.autoreg
2007-10-25 12:33:16 6505 --ahs---- C:\WINDOWS\system32\ddeeg.bak1
2007-10-25 11:05:43 315488 --a------ C:\WINDOWS\system32\geedd.dll
2007-10-25 10:31:10 0 d-------- C:\Documents and Settings\Samantha\Application Data\Adobe
2007-10-25 10:27:39 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-22 19:22:11 0 d-------- C:\Program Files\iPod
2007-09-16 22:24:33 1369 --a------ C:\WINDOWS\checkip.dat
2007-09-11 07:59:09 475 --a------ C:\WINDOWS\system32\SpoonUninstall-TTK Voice Jessica.dat
2007-09-11 07:59:09 164864 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2007-09-11 07:49:08 50348 --a------ C:\WINDOWS\system32\SpoonUninstall-Talking Time Keeper.dat
2007-09-11 07:49:07 159744 --a------ C:\WINDOWS\Talking Time Keeper.scr <Not Verified; chensu; Screen Saver>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4cf9a665-2e51-4df9-91e3-307c98ae7d5c}]
12/06/2007 11:53 PM 80448 --a------ C:\WINDOWS\system32\crbgfwhw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{566E15D9-F0C4-4879-9392-23DA53A80023}]
C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
12/06/2007 03:35 PM 145984 --a------ C:\WINDOWS\system32\dibpcxmd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3DCF515-328B-3C2A-8B29-48E6718102C4}]
11/01/2007 08:44 AM 60928 --a------ C:\WINDOWS\system32\twnfuzs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B48CF74E-668F-377A-8B29-48E671810F95}]
C:\WINDOWS\system32\sfek.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\dibpcxmd.dll [12/06/2007 03:35 PM 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 05:53 PM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 03:59 AM C:\WINDOWS\BCMSMMSG.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/24/2006 11:46 PM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 01:21 PM]
"@"="" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [06/26/2007 04:58 PM]
"catsrv"="C:\Documents and Settings\Samantha\Policies\catsrv.exe" [04/09/2007 05:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"Microsoft system navigation tool"="sysnav32.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"c8c0b065"="C:\WINDOWS\system32\aqgpkswa.dll" [12/06/2007 11:50 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [11/12/2006 05:48 AM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [05/08/2007 02:41 PM]
"Microsoft system navigation tool"="sysnav32.exe" []
"Qkkmel"="C:\WINDOWS\system32\??crosoft\s?oolsv.exe" []
"WinTouch"="C:\Documents and Settings\Samantha\Application Data\WinTouch\WinTouch.exe" []
"Iesa"="C:\WINDOWS\SSTEM3~1\nslookup.exe" [12/07/2007 10:26 AM]
"catsrv"="C:\Documents and Settings\Samantha\Policies\catsrv.exe" [04/09/2007 05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft system navigation tool"=sysnav32.exe

C:\Documents and Settings\Samantha\Start Menu\Programs\Startup\
TTK.lnk - C:\Program Files\Talking Time Keeper\TalkingTimeKeeper.exe [9/11/2007 7:48:58 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dibpcxmd]
dibpcxmd.dll 12/06/2007 03:35 PM 145984 C:\WINDOWS\system32\dibpcxmd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ehogcgsk]
ehogcgsk.dll 12/06/2007 03:31 PM 36928 C:\WINDOWS\system32\ehogcgsk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fscjcmqh]
fscjcmqh.dll 12/06/2007 03:27 PM 36928 C:\WINDOWS\system32\fscjcmqh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zvvkyauq]
zvvkyauq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c002BCDA]
__c002BCDA.dat 12/06/2007 03:31 PM 36928 C:\WINDOWS\system32\__c002BCDA.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\\WINDOWS\\system32\\mllji
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{073c7749-3a97-11db-990f-0014bf7a076c}]
AutoRun\command- J:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-12-09 10:08:50 ------------
 
Aaflac

· TSF-Enthusiast
Joined
·
923 Posts
#2 ·
Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.


Please download ComboFix
Save to the Desktop <<< Important!!

Now, go to Start > Run, and copy/paste the following command in the Open box:

"%userprofile%\desktop\combofix.exe" /killall


Example:


Click:OK

Follow the prompts to install ComboFix.
Then, type 1 and press Enter to begin the scan.

Do not mouse-click the ComboFix window while it runs. It may cause it to stall.

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
About this Discussion
1 Reply
2 Participants
Last post:
Aaflac
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top