Infected with several critters

delperal · Apr 12, 2008

Hello,

I am computer illiterate and been trying to figure this problem out on my own, but, as you may imagine... I have several viruses/worms/viruses? that keep taking over my IE7. I am running Vista on a Fujitsu laptop. I read about Hijack thi and here is my last log. I am thankful for any help you can give. (by the way.. ran Combofix and still having the problem)
Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:06 PM, on 4/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Del\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?.src=fp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ErrorKiller] C:\Program Files\ErrorKiller\ErrorKiller.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [PrivacyControl] C:\Program Files\PrivacyControl\PrivacyControl.exe -boot
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Del\AppData\Local\Temp\qOIYSiig.dll,c
O4 - HKCU\..\Run: [BMbfcb4caa] Rundll32.exe "C:\Users\Del\AppData\Local\Temp\slihxnxs.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Del\AppData\Local\Temp\~DF9CD4.tmp C:\Users\Del\AppData\Local\Temp\~DF9CB4.tmp C:\Users\Del\AppData\Local\Temp\~DF6272.tmp C:\Users\Del\AppData\Local\Temp\~DF6262.tmp C:\Users\Del\AppData\Local\Temp\~DF5E8D.tmp C:\Users\Del\AppData\Local\Temp\~DF51E7.tmp C:\Users\Del\AppData\Local\Temp\~DF4F0B.tmp C:\Users\Del\AppData\Local\Temp\~DF467C.tmp C:\Users\Del\AppData\Local\Temp\~DF466C.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E69.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E56.tmp (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Del\AppData\Local\Temp\~DF9CD4.tmp C:\Users\Del\AppData\Local\Temp\~DF9CB4.tmp C:\Users\Del\AppData\Local\Temp\~DF6272.tmp C:\Users\Del\AppData\Local\Temp\~DF6262.tmp C:\Users\Del\AppData\Local\Temp\~DF5E8D.tmp C:\Users\Del\AppData\Local\Temp\~DF51E7.tmp C:\Users\Del\AppData\Local\Temp\~DF4F0B.tmp C:\Users\Del\AppData\Local\Temp\~DF467C.tmp C:\Users\Del\AppData\Local\Temp\~DF466C.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E69.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E56.tmp (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5191/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - c:\Program Files\FUJITSU\chitose\updnvsrv.exe

--
End of file - 12098 bytes

delperal · Apr 12, 2008

ComboFix 08-04-12.4 - Del 2008-04-12 17:56:57.1 - NTFSx86
Microsoft® Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.1114 [GMT -5:00]
Running from: C:\Users\Del\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 22:36 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-12 22:25 4,386,848 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-04-12 22:09 3,938,376 ----a-w C:\Users\Del\setupxv (1).exe
2008-04-12 22:03 --------- d-----w C:\Users\Del\AppData\Roaming\AdwareAlert
2008-04-12 20:56 --------- d---a-w C:\ProgramData\TEMP
2008-04-12 20:53 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-12 19:57 60,572 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-04-12 19:46 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-12 15:32 --------- d-----w C:\Users\Del\AppData\Roaming\PC Tools
2008-04-12 01:03 --------- d-----w C:\Users\Del\AppData\Roaming\ErrorKiller
2008-04-12 01:03 --------- d-----w C:\Program Files\ErrorKiller
2008-04-12 00:42 --------- d-----w C:\Users\Del\AppData\Roaming\LimeWire
2008-04-12 00:06 253 ----a-w C:\Users\Del\adwarealert (1).reg
2008-04-11 23:55 --------- d-----w C:\Users\Del\AppData\Roaming\PrivacyControl
2008-04-11 23:50 --------- d-----w C:\Program Files\PrivacyControl
2008-04-11 23:35 1,415,536 ----a-w C:\Users\Del\vistasetup-1.exe
2008-04-11 23:31 1,415,536 ----a-w C:\Users\Del\vistasetup.exe
2008-04-11 23:28 1,965,544 ----a-w C:\Users\Del\setupxv.exe
2008-04-11 22:50 253 ----a-w C:\Users\Del\adwarealert.reg
2008-04-11 01:03 91,700 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-11 01:03 85,860 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-11 00:44 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-10 23:19 --------- d-----w C:\ProgramData\McAfee
2008-04-10 22:30 --------- d-----w C:\Program Files\AdwareAlert
2008-04-10 10:26 --------- d-----w C:\Users\Del\AppData\Roaming\ComcastToolbar
2008-04-09 16:06 --------- d--h--w C:\ProgramData\{152C45C0-1455-47B6-B5A4-73CC4F988D86}
2008-04-09 16:06 --------- d-----w C:\ProgramData\DietPower4.4
2008-04-09 00:54 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 00:49 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-05 00:12 --------- d-----w C:\Program Files\iTunes
2008-04-05 00:12 --------- d-----w C:\Program Files\iPod
2008-04-05 00:10 --------- d-----w C:\Program Files\QuickTime
2008-03-31 19:42 22,512 ----a-w C:\Windows\system32\drivers\adwarealert.sys
2008-03-22 04:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-22 02:47 12,644,232 ----a-w C:\Users\Del\drvupdate-x86.exe
2008-03-22 02:45 --------- d-----w C:\Users\Del\AppData\Roaming\Microsoft Office Mobile
2008-03-22 02:43 --------- d-----w C:\Program Files\Windows Mobile Feb. 2008 DST Updates
2008-03-22 02:33 7,277,360 ----a-w C:\Users\Del\setup (1).exe
2008-03-22 02:02 1,478,696 ----a-w C:\Users\Del\GenuineCheck-1.exe
2008-03-22 02:01 1,478,696 ----a-w C:\Users\Del\GenuineCheck.exe
2008-03-22 01:38 1,491,592 ----a-w C:\Users\Del\install_flash_player.exe
2008-03-22 01:03 --------- d-----w C:\Users\Del\AppData\Roaming\Apple Computer
2008-03-21 21:56 --------- d-----w C:\Program Files\Safari
2008-03-20 22:29 --------- d-----w C:\Users\Del\AppData\Roaming\U3
2008-03-20 20:23 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-03-19 18:49 7,151,050 ----a-w C:\Users\Del\videoraipodconverter_Installer.exe
2008-03-18 14:22 --------- d-----w C:\Program Files\Java
2008-03-16 02:45 --------- d-----w C:\Users\Mart\AppData\Roaming\Yahoo!
2008-03-16 02:45 --------- d-----w C:\Users\Mart\AppData\Roaming\COMCASTTOOLBAR
2008-03-11 23:31 --------- d-----w C:\Program Files\AvantGo
2008-03-11 23:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 04:56 --------- d-----w C:\Program Files\Medical Wizards
2008-03-01 04:27 4,428 ----a-w C:\Users\Public\Sample_Floor_Notes.zip
2008-03-01 04:27 4,428 ----a-w C:\Users\Del\Sample_Floor_Notes.zip
2008-03-01 04:25 9,261 ----a-w C:\Users\Public\PalmEKG.zip
2008-03-01 04:25 9,261 ----a-w C:\Users\Del\PalmEKG.zip
2008-03-01 04:25 13,999 ----a-w C:\Users\Public\On_Call.zip
2008-03-01 04:25 13,999 ----a-w C:\Users\Del\On_Call.zip
2008-03-01 04:22 15,403 ----a-w C:\Users\Public\heartsounds.zip
2008-03-01 04:22 15,403 ----a-w C:\Users\Del\heartsounds.zip
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 00:45 --------- d-----w C:\Program Files\Medical Eponyms2
2008-02-29 00:43 --------- d-----w C:\Program Files\Medical Eponyms
2008-02-29 00:38 582,455 ----a-w C:\Users\Del\Medical_Eponyms_for_PocketPC_V_2_0.zip
2008-02-29 00:18 230,202 ----a-w C:\Users\Del\eponyms.zip
2008-02-23 02:01 --------- d-----w C:\Program Files\Common Files\Skyscape
2008-02-23 01:50 724,992 ----a-w C:\Windows\iun6002.exe
2008-02-22 00:24 --------- d-----w C:\Program Files\skyscape
2008-02-22 00:10 5,775,464 ----a-w C:\Users\Del\mobileddx_ce.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 09:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 09:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 09:17 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-14 09:17 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-14 09:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 09:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 09:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 09:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 09:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 09:12 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 09:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 09:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 09:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 09:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 09:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 09:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 09:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2007-06-17 02:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-17 02:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-17 02:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-02 04:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007060120070602\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 08:51 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-04-08 09:59 7173360]
"PrivacyControl"="C:\Program Files\PrivacyControl\PrivacyControl.exe" [2008-04-02 09:28 9032936]
"cmds"="C:\Users\Del\AppData\Local\Temp\qOIYSiig.dll" [2008-04-09 12:30 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-01 23:35 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 02:37 3772416 C:\Windows\RtHDVCpl.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-25 23:49 151552]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 17:45 97072]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 18:38 80688]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-25 20:09 260912]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 19:13 68400]
"SSUtility"="C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 13:02 239144]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [ ]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-12-06 13:27 2473984]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\chitose\updatenv.exe" [2006-11-28 00:52 151552]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"ErrorKiller"="C:\Program Files\ErrorKiller\ErrorKiller.exe" [2008-03-07 14:34 2548984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.exe" [ ]

C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-10-31 22:50:20 2134016]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3D885B46-736D-4545-A641-C55698F3B448}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F4B7B01-4B01-440C-8398-3F74E2B83119}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C8C77A94-89F8-4814-8B9B-7C8608455AE2}"= UDP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"{E4F37E67-1F3D-4E05-AE3E-57ED956A3114}"= TCP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
"{F0182EC1-78F9-4343-B5C3-97EA111EC9C7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E8A062A5-D052-4839-B994-78953D9CFFB7}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9947D46E-4A43-402C-8308-AB961A78F918}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3271CD2B-4CAB-4D3C-95F5-1B37663E83B7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{64642F0D-16F3-4B64-AC51-0844E6740300}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C454F728-D0FA-4622-816A-573BC6324C43}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{41F2A458-0506-41E1-A70F-2326AB5CAE18}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{381187B9-ADDA-4B61-8C22-CB15FBCD06B2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{36DA696A-171D-423F-904A-91A4F4A54C2A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{76869B83-41A2-4C3C-8BDA-B631D353E04B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=ipripiprip.dll,-200|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 adwarealert;adwarealert;C:\Windows\system32\DRIVERS\adwarealert.sys [2008-03-31 14:42]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 13:23]
R0 FBIOSDRV;FBIOSDRV;C:\Windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 03:56]
R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2006-12-05 18:52]
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-10-03 17:23]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2006-10-12 14:47]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlert.srv.exe" [2008-04-08 09:59]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\Program Files\FUJITSU\chitose\updnvsrv.exe [2006-11-27 16:18]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 06:34]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 05:59]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-26 03:19]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-14 19:12]
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
S3 ADVNTDRV;ADVNTDRV;C:\Windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 03:20]
S3 PD1030VID;Creative WebCam Pro;C:\Windows\system32\DRIVERS\P1030Vid.sys [2002-05-21 02:00]
S3 wtpfiltr;wtpfiltr;C:\Windows\system32\drivers\wtpfiltr.sys [2006-02-03 01:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ba26131-ccf7-11dc-a7ab-00037aeb9846}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ba26142-ccf7-11dc-a7ab-00037aeb9846}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdaa83a2-9313-11dc-a3a0-00037aeb9846}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {9FB9E409-423F-8B24-BF0D-1172F67EFA2F} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-04-12 22:36:04 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-03-23 08:00:06 C:\Windows\Tasks\DietPower 4.4 Updates.job"
- C:\Windows\Installer\DietPower 4.4 Updates for All Users.lnk
"2008-04-12 22:57:16 C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 18:01:55
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
-> C:\Users\Del\AppData\Local\Temp\qOIYSiig.dll
.
Completion time: 2008-04-12 18:03:16
ComboFix-quarantined-files.txt 2008-04-12 23:03:04
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-04-09 00:49:29 --- E O F ---

Log in or Sign up

Infected with several critters

delperal Thread Starter

delperal Thread Starter

Welcome to Tech Support Guy!

Solved Infected by ransomware

In Progress Geacata Virus - Eliminate without deleting infected files

Solved May or may not be infected with nusojog and r.sastts

In Progress random game macro infected my PC

Log in or Sign up

Infected with several critters

delperal Thread Starter

delperal Thread Starter

Welcome to Tech Support Guy!

Solved Infected by ransomware

In Progress Geacata Virus - Eliminate without deleting infected files

Solved May or may not be infected with nusojog and r.sastts

In Progress random game macro infected my PC

Useful Searches