1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Infected with several critters

Discussion in 'Virus & Other Malware Removal' started by delperal, Apr 12, 2008.

Thread Status:
Not open for further replies.
  1. delperal

    delperal Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    2
    Hello,

    I am computer illiterate and been trying to figure this problem out on my own, but, as you may imagine... I have several viruses/worms/viruses? that keep taking over my IE7. I am running Vista on a Fujitsu laptop. I read about Hijack thi and here is my last log. I am thankful for any help you can give. (by the way.. ran Combofix and still having the problem)
    Here is the log:Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:43:06 PM, on 4/12/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\Fujitsu\chitose\updatenv.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\AdwareAlert\AdwareAlert.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Apoint2K\HidFind.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtPSS.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Users\Del\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/?.src=fp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
    O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
    O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [ErrorKiller] C:\Program Files\ErrorKiller\ErrorKiller.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - HKCU\..\Run: [PrivacyControl] C:\Program Files\PrivacyControl\PrivacyControl.exe -boot
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Del\AppData\Local\Temp\qOIYSiig.dll,c
    O4 - HKCU\..\Run: [BMbfcb4caa] Rundll32.exe "C:\Users\Del\AppData\Local\Temp\slihxnxs.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Del\AppData\Local\Temp\~DF9CD4.tmp C:\Users\Del\AppData\Local\Temp\~DF9CB4.tmp C:\Users\Del\AppData\Local\Temp\~DF6272.tmp C:\Users\Del\AppData\Local\Temp\~DF6262.tmp C:\Users\Del\AppData\Local\Temp\~DF5E8D.tmp C:\Users\Del\AppData\Local\Temp\~DF51E7.tmp C:\Users\Del\AppData\Local\Temp\~DF4F0B.tmp C:\Users\Del\AppData\Local\Temp\~DF467C.tmp C:\Users\Del\AppData\Local\Temp\~DF466C.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E69.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E56.tmp (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\Users\Del\AppData\Local\Temp\~DF9CD4.tmp C:\Users\Del\AppData\Local\Temp\~DF9CB4.tmp C:\Users\Del\AppData\Local\Temp\~DF6272.tmp C:\Users\Del\AppData\Local\Temp\~DF6262.tmp C:\Users\Del\AppData\Local\Temp\~DF5E8D.tmp C:\Users\Del\AppData\Local\Temp\~DF51E7.tmp C:\Users\Del\AppData\Local\Temp\~DF4F0B.tmp C:\Users\Del\AppData\Local\Temp\~DF467C.tmp C:\Users\Del\AppData\Local\Temp\~DF466C.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E69.tmp C:\Users\Del\AppData\Local\Temp\Low\~DF3E56.tmp (User 'Default user')
    O4 - Startup: CCC.lnk = ?
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
    O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5191/mcfscan.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: AdwareAlert Scanning Engine (AdwareAlertSrv) - Unknown owner - C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - c:\Program Files\FUJITSU\chitose\updnvsrv.exe

    --
    End of file - 12098 bytes
     
  2. delperal

    delperal Thread Starter

    Joined:
    Apr 12, 2008
    Messages:
    2
    ComboFix 08-04-12.4 - Del 2008-04-12 17:56:57.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1114 [GMT -5:00]
    Running from: C:\Users\Del\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
    .

    No new files created in this timespan

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-12 22:36 --------- d-----w C:\ProgramData\Kaspersky Lab
    2008-04-12 22:25 4,386,848 --sha-w C:\Windows\system32\drivers\fidbox.dat
    2008-04-12 22:09 3,938,376 ----a-w C:\Users\Del\setupxv (1).exe
    2008-04-12 22:03 --------- d-----w C:\Users\Del\AppData\Roaming\AdwareAlert
    2008-04-12 20:56 --------- d---a-w C:\ProgramData\TEMP
    2008-04-12 20:53 --------- d-----w C:\Program Files\SpywareBlaster
    2008-04-12 19:57 60,572 --sha-w C:\Windows\system32\drivers\fidbox.idx
    2008-04-12 19:46 --------- d-----w C:\Program Files\Spyware Doctor
    2008-04-12 15:32 --------- d-----w C:\Users\Del\AppData\Roaming\PC Tools
    2008-04-12 01:03 --------- d-----w C:\Users\Del\AppData\Roaming\ErrorKiller
    2008-04-12 01:03 --------- d-----w C:\Program Files\ErrorKiller
    2008-04-12 00:42 --------- d-----w C:\Users\Del\AppData\Roaming\LimeWire
    2008-04-12 00:06 253 ----a-w C:\Users\Del\adwarealert (1).reg
    2008-04-11 23:55 --------- d-----w C:\Users\Del\AppData\Roaming\PrivacyControl
    2008-04-11 23:50 --------- d-----w C:\Program Files\PrivacyControl
    2008-04-11 23:35 1,415,536 ----a-w C:\Users\Del\vistasetup-1.exe
    2008-04-11 23:31 1,415,536 ----a-w C:\Users\Del\vistasetup.exe
    2008-04-11 23:28 1,965,544 ----a-w C:\Users\Del\setupxv.exe
    2008-04-11 22:50 253 ----a-w C:\Users\Del\adwarealert.reg
    2008-04-11 01:03 91,700 ----a-w C:\Windows\system32\drivers\klin.dat
    2008-04-11 01:03 85,860 ----a-w C:\Windows\system32\drivers\klick.dat
    2008-04-11 00:44 --------- d-----w C:\Program Files\Kaspersky Lab
    2008-04-10 23:19 --------- d-----w C:\ProgramData\McAfee
    2008-04-10 22:30 --------- d-----w C:\Program Files\AdwareAlert
    2008-04-10 10:26 --------- d-----w C:\Users\Del\AppData\Roaming\ComcastToolbar
    2008-04-09 16:06 --------- d--h--w C:\ProgramData\{152C45C0-1455-47B6-B5A4-73CC4F988D86}
    2008-04-09 16:06 --------- d-----w C:\ProgramData\DietPower4.4
    2008-04-09 00:54 --------- d-----w C:\Program Files\Windows Mail
    2008-04-09 00:49 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-05 00:12 --------- d-----w C:\Program Files\iTunes
    2008-04-05 00:12 --------- d-----w C:\Program Files\iPod
    2008-04-05 00:10 --------- d-----w C:\Program Files\QuickTime
    2008-03-31 19:42 22,512 ----a-w C:\Windows\system32\drivers\adwarealert.sys
    2008-03-22 04:29 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-03-22 02:47 12,644,232 ----a-w C:\Users\Del\drvupdate-x86.exe
    2008-03-22 02:45 --------- d-----w C:\Users\Del\AppData\Roaming\Microsoft Office Mobile
    2008-03-22 02:43 --------- d-----w C:\Program Files\Windows Mobile Feb. 2008 DST Updates
    2008-03-22 02:33 7,277,360 ----a-w C:\Users\Del\setup (1).exe
    2008-03-22 02:02 1,478,696 ----a-w C:\Users\Del\GenuineCheck-1.exe
    2008-03-22 02:01 1,478,696 ----a-w C:\Users\Del\GenuineCheck.exe
    2008-03-22 01:38 1,491,592 ----a-w C:\Users\Del\install_flash_player.exe
    2008-03-22 01:03 --------- d-----w C:\Users\Del\AppData\Roaming\Apple Computer
    2008-03-21 21:56 --------- d-----w C:\Program Files\Safari
    2008-03-20 22:29 --------- d-----w C:\Users\Del\AppData\Roaming\U3
    2008-03-20 20:23 --------- d-----w C:\ProgramData\Office Genuine Advantage
    2008-03-19 18:49 7,151,050 ----a-w C:\Users\Del\videoraipodconverter_Installer.exe
    2008-03-18 14:22 --------- d-----w C:\Program Files\Java
    2008-03-16 02:45 --------- d-----w C:\Users\Mart\AppData\Roaming\Yahoo!
    2008-03-16 02:45 --------- d-----w C:\Users\Mart\AppData\Roaming\COMCASTTOOLBAR
    2008-03-11 23:31 --------- d-----w C:\Program Files\AvantGo
    2008-03-11 23:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-02 04:56 --------- d-----w C:\Program Files\Medical Wizards
    2008-03-01 04:27 4,428 ----a-w C:\Users\Public\Sample_Floor_Notes.zip
    2008-03-01 04:27 4,428 ----a-w C:\Users\Del\Sample_Floor_Notes.zip
    2008-03-01 04:25 9,261 ----a-w C:\Users\Public\PalmEKG.zip
    2008-03-01 04:25 9,261 ----a-w C:\Users\Del\PalmEKG.zip
    2008-03-01 04:25 13,999 ----a-w C:\Users\Public\On_Call.zip
    2008-03-01 04:25 13,999 ----a-w C:\Users\Del\On_Call.zip
    2008-03-01 04:22 15,403 ----a-w C:\Users\Public\heartsounds.zip
    2008-03-01 04:22 15,403 ----a-w C:\Users\Del\heartsounds.zip
    2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
    2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
    2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
    2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
    2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
    2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
    2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
    2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
    2008-02-29 00:45 --------- d-----w C:\Program Files\Medical Eponyms2
    2008-02-29 00:43 --------- d-----w C:\Program Files\Medical Eponyms
    2008-02-29 00:38 582,455 ----a-w C:\Users\Del\Medical_Eponyms_for_PocketPC_V_2_0.zip
    2008-02-29 00:18 230,202 ----a-w C:\Users\Del\eponyms.zip
    2008-02-23 02:01 --------- d-----w C:\Program Files\Common Files\Skyscape
    2008-02-23 01:50 724,992 ----a-w C:\Windows\iun6002.exe
    2008-02-22 00:24 --------- d-----w C:\Program Files\skyscape
    2008-02-22 00:10 5,775,464 ----a-w C:\Users\Del\mobileddx_ce.exe
    2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
    2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
    2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
    2008-02-14 09:20 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 09:20 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 09:17 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
    2008-02-14 09:17 224,824 ----a-w C:\Windows\System32\clfs.sys
    2008-02-14 09:12 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 09:12 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 09:12 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 09:12 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 09:12 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 09:12 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 09:12 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 09:11 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 09:11 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 09:11 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 09:11 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 09:11 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 09:10 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2007-06-17 02:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-06-17 02:45 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-06-17 02:45 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-06-02 04:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007060120070602\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 08:51 1232896]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-04-08 09:59 7173360]
    "PrivacyControl"="C:\Program Files\PrivacyControl\PrivacyControl.exe" [2008-04-02 09:28 9032936]
    "cmds"="C:\Users\Del\AppData\Local\Temp\qOIYSiig.dll" [2008-04-09 12:30 270336]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-01 23:35 1006264]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-01 02:37 3772416 C:\Windows\RtHDVCpl.exe]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-25 23:49 151552]
    "IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 17:45 97072]
    "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 18:38 80688]
    "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-25 20:09 260912]
    "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 19:13 68400]
    "SSUtility"="C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 13:02 239144]
    "ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [ ]
    "OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-12-06 13:27 2473984]
    "FJUPDNV_Chitose"="C:\Program Files\Fujitsu\chitose\updatenv.exe" [2006-11-28 00:52 151552]
    "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
    "ErrorKiller"="C:\Program Files\ErrorKiller\ErrorKiller.exe" [2008-03-07 14:34 2548984]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.exe" [ ]

    C:\Users\Del\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-10-31 22:50:20 2134016]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{3D885B46-736D-4545-A641-C55698F3B448}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{1F4B7B01-4B01-440C-8398-3F74E2B83119}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C8C77A94-89F8-4814-8B9B-7C8608455AE2}"= UDP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
    "{E4F37E67-1F3D-4E05-AE3E-57ED956A3114}"= TCP:C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:CyberLink PowerDVD
    "{F0182EC1-78F9-4343-B5C3-97EA111EC9C7}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{E8A062A5-D052-4839-B994-78953D9CFFB7}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{9947D46E-4A43-402C-8308-AB961A78F918}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{3271CD2B-4CAB-4D3C-95F5-1B37663E83B7}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
    "{64642F0D-16F3-4B64-AC51-0844E6740300}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{C454F728-D0FA-4622-816A-573BC6324C43}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{41F2A458-0506-41E1-A70F-2326AB5CAE18}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{381187B9-ADDA-4B61-8C22-CB15FBCD06B2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{36DA696A-171D-423F-904A-91A4F4A54C2A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{76869B83-41A2-4C3C-8BDA-B631D353E04B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
    "Rip-Listener-1"= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:mad:iprip.dll,-200|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 adwarealert;adwarealert;C:\Windows\system32\DRIVERS\adwarealert.sys [2008-03-31 14:42]
    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 13:23]
    R0 FBIOSDRV;FBIOSDRV;C:\Windows\system32\drivers\FBIOSDRV.SYS [2006-08-28 03:56]
    R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2006-12-05 18:52]
    R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-10-03 17:23]
    R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2006-10-12 14:47]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
    R2 AdwareAlertSrv;AdwareAlert Scanning Engine;"C:\Program Files\AdwareAlert\AdwareAlert.srv.exe" [2008-04-08 09:59]
    R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
    R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\Program Files\FUJITSU\chitose\updnvsrv.exe [2006-11-27 16:18]
    R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
    R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 06:34]
    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 05:59]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-26 03:19]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-14 19:12]
    S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2006-10-31 22:40]
    S3 ADVNTDRV;ADVNTDRV;C:\Windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 03:20]
    S3 PD1030VID;Creative WebCam Pro;C:\Windows\system32\DRIVERS\P1030Vid.sys [2002-05-21 02:00]
    S3 wtpfiltr;wtpfiltr;C:\Windows\system32\drivers\wtpfiltr.sys [2006-02-03 01:57]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    rsmsvcs REG_MULTI_SZ ntmssvc
    ipripsvc REG_MULTI_SZ iprip
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ba26131-ccf7-11dc-a7ab-00037aeb9846}]
    \shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ba26142-ccf7-11dc-a7ab-00037aeb9846}]
    \shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdaa83a2-9313-11dc-a3a0-00037aeb9846}]
    \shell\AutoRun\command - F:\LaunchU3.exe -a

    *Newly Created Service* - CATCHME

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {9FB9E409-423F-8B24-BF0D-1172F67EFA2F} /qb
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-12 22:36:04 C:\Windows\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.ex
    - C:\Program Files\AdwareAlert
    "2008-03-23 08:00:06 C:\Windows\Tasks\DietPower 4.4 Updates.job"
    - C:\Windows\Installer\DietPower 4.4 Updates for All Users.lnk
    "2008-04-12 22:57:16 C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-12 18:01:55
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\Windows\Explorer.exe
    -> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
    -> C:\Users\Del\AppData\Local\Temp\qOIYSiig.dll
    .
    Completion time: 2008-04-12 18:03:16
    ComboFix-quarantined-files.txt 2008-04-12 23:03:04
    The system cannot find message text for message number 0x2379 in the message file for Application.
    The system cannot find message text for message number 0x2379 in the message file for Application.
    .
    2008-04-09 00:49:29 --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703111

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice