Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked!. can't stop the pop-ups. Here is the HJT file

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » December 27th, 2008, 6:38 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:27 PM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\windows\system32\KADxMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\mfk\MFK.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {fbcd04a7-4569-4c41-abb3-8eba09cc5743} - C:\WINDOWS\system32\royufehe.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [KADxMain] C:\windows\system32\KADxMain.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMO_V2_CDU680] C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hunugakava] Rundll32.exe "C:\WINDOWS\system32\novunimu.dll",s
O4 - HKLM\..\Run: [444cef88] rundll32.exe "C:\WINDOWS\system32\figadufo.dll",b
O4 - HKLM\..\Run: [CPM477fdc14] Rundll32.exe "c:\windows\system32\honasani.dll",a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyKeys] "C:\Program Files\mfk\MFK.EXE" /M
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [hunugakava] Rundll32.exe "C:\WINDOWS\system32\rikebege.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2} (XMLtoRTF.XML) - https://lmr.partners.org/lmr/lmr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.geni.com/ImageUploader_5_5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {61611A68-B68C-420E-8E4D-6C61E68C03C6} (Cu2a Object) - https://lmr.partners.org/lmr/cvt.cab
O16 - DPF: {6D3CF4F3-C2F3-46E7-A126-3E53102A6B91} (Pegasus ImagXpress Control v7.0) - https://lmr.partners.org/lmr/diagram.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2332286109
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://athenanet.athenahealth.com/stat ... iemenu.cab
O16 - DPF: {895E51DC-866E-4090-AC7C-B557FBD29823} (AMI Pictorial Control CWeb 2.1 SPa01) - https://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
O16 - DPF: {8CAF79C1-7DBE-47CC-A941-535B1E74A869} (Project1.FailSafeCtl) - https://lmr.partners.org/lmr/failsafe/failsafe.cab
O16 - DPF: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1} (LMRBase64.Converter) - https://lmr.partners.org/lmr/lmr2.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BCDD741A-3F0F-483F-AB50-345E464F3617} (WebTXProcessor.ctlWebTX) - https://lmr.partners.org/lmr/lmr2a.cab
O16 - DPF: {D40E7275-159D-419E-9AC1-46FD8884B464} (LMRWebPrint.PrintByTemplate) - https://lmr.partners.org/lmr/LMRWebPrint.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://harborcam.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {FDFB6B21-9F60-4C74-B540-32D83C4357D1} (Reg Class) - https://lmr.partners.org/lmr/LMRWebIESetting.cab
O16 - DPF: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61} (Link3f Class) - https://www.patientgateway.org/ptgw/ptcomp3f.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kutazuse.dll c:\windows\system32\honasani.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\honasani.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\honasani.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 16811 bytes
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm
Advertisement
Register to Remove

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby Odd dude » December 29th, 2008, 8:37 am

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you with your infection. However, it is important to take note of the following - quite the wall of text, I know, but please bear with me:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Only YOU must use these instructions, they are not suitable for any other computer, similar issues or not.
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you were to do the same. From this point, we're in this together ;)
    Because of this, you must reply within five days
    . I will post a reminder should you seem to fail to do this, however, if you fail to reply within five days then, unless I have been notified of your absence in advance, the topic shall be closed!
  • As I am still in training at the Malware Removal University, anything I do must be checked by an experienced malware fighter. This means there might be a slight delay in my answers.
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Please post back:
  • Uninstall list
  • New hijackthis log
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » December 29th, 2008, 12:00 pm

Thank you OD. Here is the Uninstall list:

Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dragon NaturallySpeaking 10
Fingerprint Sensor Minimum Install
First Step Guide
FlashAid
Franklin CDU680 USB Modem
Fujitsu Button Driver Component
Fujitsu Button Utilities
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu Pen Service
Fujitsu System Extension Utility
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ImageMixer VCD2
Ink Art
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 11
Logitech QuickCam Software
Logitech® Camera Driver
Magic Flute 2.1.1
Marvell Miniport Driver
McAfee SecurityCenter
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Silverlight
Microsoft Snipping Tool 2.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
MobileMe Control Panel
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
My Function Keys
mZConfig
O2Micro Flash Memory Card Windows Driver
O2Micro Smartcard Driver
OmniPass
Picture Package
PowerDVD
QuickTime
RealPlayer
Rhapsody Player Engine
Rhapsody Player Engine
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Panel Application
Security Panel Application for Supervisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Skype™ 3.8
Sony USB Driver
Synaptics Pointing Device Driver
Tablet PC Tutorials for Microsoft Windows XP SP2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ Runtime for Dragon NaturallySpeaking
Windows Driver Package - Fujitsu Computer Systems Corporation (FjBtnDrv) HIDClass 03/29/2006 2.0.0329.2006
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby Odd dude » December 31st, 2008, 4:07 am

ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without expert guidance.

ComboFix uses very brute tactics to rip malware off your system. Do not panic if your antivirus software warns you about the file.

:!: Please disable all your antivirus software, firewalls, and antispyware software BEFORE running ComboFix!! :!:


  • Download ComboFix from here and save it to your desktop
  • Disable ALL antivirus/antimalware programs before proceeding!
  • Now start ComboFix
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • Do not touch the computer AT ALL while ComboFix is running!
  • When finished, the report will open. Reenable your protection software and post the log in your next reply

If you cannot connect to the internet after running ComboFix, plug the cable/reciever/whatever you use to connect to the internet out and back in.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » December 31st, 2008, 1:47 pm

Thanks Dude. Here is the ComboFix.log :alien: :bigsmurf:
_______________________________________________________
ComboFix 08-12-30.02 - Raquel 2008-12-31 12:32:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1343 [GMT -5:00]
Running from: c:\documents and settings\Raquel\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\~.exe
c:\windows\system32\agazebur.ini
c:\windows\system32\ahefowez.ini
c:\windows\system32\akeyawam.ini
c:\windows\system32\amogirin.ini
c:\windows\system32\ayopafoh.ini
c:\windows\system32\azasakay.ini
c:\windows\system32\azugogum.ini
c:\windows\system32\bafazigi.dll
c:\windows\system32\Cache
c:\windows\system32\defurine.dll
c:\windows\system32\dugemovu.dll
c:\windows\system32\ebajipuw.ini
c:\windows\system32\ekejodij.ini
c:\windows\system32\erafenuj.ini
c:\windows\system32\etudotih.ini
c:\windows\system32\fetiyejo.dll
c:\windows\system32\gidogiso.dll
c:\windows\system32\honasani.dll
c:\windows\system32\hotiyado.dll
c:\windows\system32\hulefina.dll
c:\windows\system32\ifemogeh.ini
c:\windows\system32\ijatediy.ini
c:\windows\system32\ijutubap.ini
c:\windows\system32\iyusobib.ini
c:\windows\system32\jaregiyo.dll
c:\windows\system32\jidojeke.dll
c:\windows\system32\lidelepi.dll
c:\windows\system32\lovegogi.dll
c:\windows\system32\mulujuko.dll
c:\windows\system32\nehihega.dll
c:\windows\system32\ofudagif.ini
c:\windows\system32\ojeyitef.ini
c:\windows\system32\osohopad.ini
c:\windows\system32\oyigeraj.ini
c:\windows\system32\rubezaga.dll
c:\windows\system32\temeyuhu.dll
c:\windows\system32\tofevomu.dll
c:\windows\system32\uhulaley.ini
c:\windows\system32\ujetotub.ini
c:\windows\system32\ulepiluk.ini
c:\windows\system32\yakasaza.dll
c:\windows\system32\yidetaji.dll
c:\windows\system32\zaniwimo.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-21 13:44 . 2008-12-30 20:14 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-21 13:25 . 2008-12-21 13:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 12:06 . 2008-12-21 12:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 10:14 . 2008-12-20 10:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-20 09:37 . 2008-12-20 09:37 <DIR> d-------- c:\documents and settings\Raquel\Application Data\McAfee
2008-12-19 17:28 . 2008-12-19 17:28 33,832 --a------ c:\windows\system32\zwxqybmi.exe
2008-12-19 15:34 . 2008-12-19 15:52 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-17 22:10 . 1999-12-17 22:43 86,016 --------- c:\windows\unvise32.exe
2008-12-16 20:30 . 2008-12-16 20:30 268 --ah----- C:\sqmdata19.sqm
2008-12-16 20:30 . 2008-12-16 20:30 244 --ah----- C:\sqmnoopt19.sqm
2008-12-16 14:15 . 2008-12-16 14:15 268 --ah----- C:\sqmdata18.sqm
2008-12-16 14:15 . 2008-12-16 14:15 244 --ah----- C:\sqmnoopt18.sqm
2008-12-15 21:10 . 2008-12-15 21:10 268 --ah----- C:\sqmdata17.sqm
2008-12-15 21:10 . 2008-12-15 21:10 244 --ah----- C:\sqmnoopt17.sqm
2008-12-15 20:53 . 2008-12-15 20:53 268 --ah----- C:\sqmdata16.sqm
2008-12-15 20:53 . 2008-12-15 20:53 244 --ah----- C:\sqmnoopt16.sqm
2008-12-15 20:37 . 2008-12-15 20:37 268 --ah----- C:\sqmdata15.sqm
2008-12-15 20:37 . 2008-12-15 20:37 244 --ah----- C:\sqmnoopt15.sqm
2008-12-15 18:52 . 2008-12-15 18:52 268 --ah----- C:\sqmdata14.sqm
2008-12-15 18:52 . 2008-12-15 18:52 244 --ah----- C:\sqmnoopt14.sqm
2008-12-09 20:15 . 2008-12-09 20:15 268 --ah----- C:\sqmdata13.sqm
2008-12-09 20:15 . 2008-12-09 20:15 244 --ah----- C:\sqmnoopt13.sqm
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-02 18:57 . 2008-12-27 18:47 268 --ah----- C:\sqmdata12.sqm
2008-12-02 18:57 . 2008-12-27 18:47 244 --ah----- C:\sqmnoopt12.sqm
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\program files\iTunes
2008-12-02 18:35 . 2008-12-02 18:35 <DIR> d-------- c:\program files\iPod
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 18:33 . 2008-12-02 18:33 <DIR> d-------- c:\program files\QuickTime
2008-12-02 18:27 . 2008-12-02 18:27 <DIR> d-------- c:\program files\Safari
2008-11-30 20:01 . 2007-08-07 21:17 172,032 --a------ c:\windows\system32\igfxres.dll
2008-11-30 19:16 . 2007-08-07 22:29 5,776,864 --a------ c:\windows\system32\drivers\igxpmp32.sys
2008-11-30 19:16 . 2007-08-07 22:29 2,576,384 --a------ c:\windows\system32\igxpdx32.dll
2008-11-30 19:16 . 2007-08-07 22:28 1,615,904 --a------ c:\windows\system32\igxpdv32.dll
2008-11-30 19:16 . 2007-08-07 21:20 176,128 --a------ c:\windows\system32\igfxrsky.lrc
2008-11-30 19:16 . 2007-08-07 21:20 172,032 --a------ c:\windows\system32\igfxrslv.lrc
2008-11-30 19:16 . 2007-08-07 22:29 150,528 --a------ c:\windows\system32\igxpgd32.dll
2008-11-30 19:16 . 2007-08-07 22:57 147,456 --a------ c:\windows\system32\igfxCoIn_v4859.dll
2008-11-30 19:16 . 2007-08-07 22:29 57,344 --a------ c:\windows\system32\igxprd32.dll
2008-11-30 19:15 . 2008-11-30 19:15 <DIR> d-------- c:\windows\system32\Lang
2008-11-30 19:15 . 2008-11-30 19:15 <DIR> d-------- C:\Intel
2008-11-30 19:15 . 2007-08-17 09:38 920,088 --a------ c:\windows\system32\igxpun.exe
2008-11-30 19:15 . 2006-11-10 09:25 319,456 --a------ c:\windows\system32\difxapi.dll
2008-11-14 21:41 . 2008-12-27 17:03 268 --ah----- C:\sqmdata11.sqm
2008-11-14 21:41 . 2008-12-27 17:03 244 --ah----- C:\sqmnoopt11.sqm
2008-11-11 20:26 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:25 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 17:28 --------- d-----w c:\documents and settings\Raquel\Application Data\Skype
2008-12-31 16:56 --------- d-----w c:\documents and settings\Raquel\Application Data\skypePM
2008-12-27 22:19 --------- d-----w c:\program files\Google
2008-12-27 12:40 --------- d-----w c:\program files\Java
2008-12-20 17:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 15:16 2,914 ----a-w c:\documents and settings\Raquel\Application Data\SAS7_000.DAT
2008-12-20 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-20 13:49 --------- d-----w c:\program files\McAfee
2008-12-19 22:27 --------- d-----w c:\program files\mfk
2008-12-02 23:56 --------- d-----w c:\documents and settings\Raquel\Application Data\Apple Computer
2008-12-02 23:35 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 00:13 0 ----a-w c:\windows\system32\drivers\FUJITSU_AE3CJ1E605540000_WXPTPC.MKR
2008-02-26 01:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-03-01 03:11 284 ----a-w c:\documents and settings\Administrator\Application Data\ViewerApp.dat
2008-09-26 22:13 60,928 --sha-w c:\windows\system32\bogigipi.dll
2008-09-26 22:13 60,928 --sha-w c:\windows\system32\gulodedo.dll
2008-08-27 23:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]
"MyKeys"="c:\program files\mfk\MFK.EXE" [1999-04-18 541184]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-30 20480]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-20 61440]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-26 1908736]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-18 303104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-20 185896]
"CMO_V2_CDU680"="c:\program files\Franklin\CDU680DORA\BIN\RDVCHG.EXE" [2007-10-02 316664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 c:\windows\AGRSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-26 13:52 49152 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\AutoVideo.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Softex\\OmniPass\\OPXPApp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2006-05-17 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-02-21 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2005-09-23 28544]
R2 FlashDrv;FlashDrv;\??\c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [2006-05-17 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2006-05-17 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\Drivers\FUJ02E1.sys [2006-05-17 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-05-17 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\DRIVERS\hidpen.sys [2006-05-17 31104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\Drivers\bioschk.sys [2006-11-10 3909]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2008-05-10 87040]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-05-17 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-05-17 14208]
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-01-18 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-12-31 c:\windows\Tasks\User_Feed_Synchronization-{EEB93738-D9FC-4387-AE85-81C1F8AC70A3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{fbcd04a7-4569-4c41-abb3-8eba09cc5743} - c:\windows\system32\lezaredi.dll
HKLM-Run-hunugakava - c:\windows\system32\musafike.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate into English
Trusted Zone: *.download.microsoft.com
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: *.windowsupdate.com
Trusted Zone: *.windowsupdate.microsoft.com

c:\windows\system32\msxml3.dll - c:\windows\system32\riched32.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\comcat.dll
c:\windows\system32\MSCOMCTL.OCX
c:\windows\system32\ImgX61.ocx
c:\windows\system32\ImgXPrint61.dll
c:\windows\system32\AtalaImaging.dll
c:\windows\system32\ImgX61.dll
c:\windows\system32\ImgXTwain61.dll
c:\windows\Downloaded Program Files\PHScan.ocx
c:\windows\Downloaded Program Files\XMLtoRTF.ocx
c:\windows\system32\vsspell6.ocx
c:\windows\Downloaded Program Files\LMRWebTextEditor.ocx
O16 -: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2}
hxxps://lmr.partners.org/lmr/lmr.cab
c:\windows\Downloaded Program Files\lmr.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.geni.com/ImageUploader_5_5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\cvt.dll - O16 -: {61611A68-B68C-420E-8E4D-6C61E68C03C6}
hxxps://lmr.partners.org/lmr/cvt.cab

c:\windows\Downloaded Program Files\iemenu.ocx - O16 -: {7823A620-9DD9-11CF-A662-00AA00C066D2}
hxxps://athenanet.athenahealth.com/stat ... iemenu.cab
c:\windows\Downloaded Program Files\iemenu.INF

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR165.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\picn6520.dll
c:\windows\Downloaded Program Files\picn6420.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\amiviewer.ocx
O16 -: {895E51DC-866E-4090-AC7C-B557FBD29823}
hxxps://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
c:\windows\Downloaded Program Files\amiviewer.inf

c:\windows\Downloaded Program Files\failsafe.ocx - O16 -: {8CAF79C1-7DBE-47CC-A941-535B1E74A869}
hxxps://lmr.partners.org/lmr/failsafe/failsafe.cab
c:\windows\Downloaded Program Files\failsafe.INF

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\vsprint7.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\LMRBase64.dll
c:\windows\system32\correct.tlx
c:\windows\system32\userdic.tlx
c:\windows\system32\ssceam2.clx
c:\windows\system32\ssceam.tlx
c:\windows\system32\wspelldlg.hlp
c:\windows\system32\wspell.ocx
c:\windows\system32\tx12_xml.dll
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12.dll
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\WebTXProcessor.ocx
O16 -: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1}
hxxps://lmr.partners.org/lmr/lmr2.cab
c:\windows\Downloaded Program Files\lmr2.inf

c:\windows\Downloaded Program Files\CONFLICT.1\IR87.txt - c:\windows\Downloaded Program Files\CONFLICT.1\IR6.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR165.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR159.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR149.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR148.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR144.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR14.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR138.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR13.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR127.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR126.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR110.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR109.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR101.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR100.txt
c:\windows\Downloaded Program Files\CONFLICT.1\dict.dat
c:\windows\Downloaded Program Files\CONFLICT.1\unicows.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6920.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6520.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6420.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6320.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn9120.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn20.dll
c:\windows\Downloaded Program Files\CONFLICT.1\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.ocx
O16 -: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B}
hxxps://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.inf

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\WebTXProcessor.ocx
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\tx12.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_xml.dll
O16 -: {BCDD741A-3F0F-483F-AB50-345E464F3617}
hxxps://lmr.partners.org/lmr/lmr2a.cab
c:\windows\Downloaded Program Files\lmr2a.inf

c:\windows\Downloaded Program Files\LMRWebPrint.dll - O16 -: {D40E7275-159D-419E-9AC1-46FD8884B464}
hxxps://lmr.partners.org/lmr/LMRWebPrint.cab
c:\windows\Downloaded Program Files\LMRWebPrint.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://harborcam.axiscam.net:9000/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

c:\windows\Downloaded Program Files\LMRWebIESetting.dll - O16 -: {FDFB6B21-9F60-4C74-B540-32D83C4357D1}
hxxps://lmr.partners.org/lmr/LMRWebIESetting.cab
c:\windows\Downloaded Program Files\LMRWebIESetting.inf

c:\windows\Downloaded Program Files\ptcomp3f.dll - O16 -: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61}
hxxps://www.patientgateway.org/ptgw/ptcomp3f.cab
c:\windows\Downloaded Program Files\ptcomp3f.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 12:39:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Owner=Administrator
@Denied: (A 2) (Everyone)
@Denied: (A 2) (S-1-5-7)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@Owner=Administrator
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@Owner=Administrator

[HKEY_LOCAL_MACHINE\software\SigmaTel\GlobalState]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=Administrators
@Denied: (Full) (Guests)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (B 1 2 3 4 5) (S-1-5-4)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\program files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\digtizer.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\windows\system32\o2flash.exe
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wisptis.exe
c:\windows\system32\tabbtnu.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\program files\Fujitsu\Utils\FjDspMon.exe
c:\program files\Fujitsu\Utils\FjEvents.exe
c:\program files\Fujitsu\Utils\FjMnuIco.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-31 12:43:17 - machine was rebooted [Raquel]
ComboFix-quarantined-files.txt 2008-12-31 17:43:13

Pre-Run: 52,815,994,880 bytes free
Post-Run: 55,025,147,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

513 --- E O F --- 2008-12-09 22:43:32
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby Odd dude » January 1st, 2009, 1:22 pm

Happy new year!

Run CFScript
Open notepad and copy/paste the following to it:

Code: Select all
File::
c:\windows\system32\zwxqybmi.exe
c:\windows\system32\gulodedo.dll
c:\windows\system32\bogigipi.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=-


Save this to your desktop as "CFScript.txt".

Disconnect from the internet, disable your antimalware software like you did before, and drag CFScript into ComboFix

Image

ComboFix will run again, please be patient and post the log like usual.

Update your Adobe Reader
Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.

Then post a new hijackthis log and a new uninstall list.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » January 1st, 2009, 9:35 pm

Thanks again OD. Here are the 3 files: Combofix, HJT, uninstall:
_______________________________________________________________
ComboFix 08-12-30.02 - Raquel 2009-01-01 20:06:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1262 [GMT -5:00]
Running from: c:\documents and settings\Raquel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Raquel\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\bogigipi.dll
c:\windows\system32\gulodedo.dll
c:\windows\system32\zwxqybmi.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bogigipi.dll
c:\windows\system32\gulodedo.dll
c:\windows\system32\zwxqybmi.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-21 13:44 . 2008-12-31 12:42 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-21 13:25 . 2008-12-21 13:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 12:06 . 2008-12-21 12:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 10:14 . 2008-12-20 10:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-20 09:37 . 2008-12-20 09:37 <DIR> d-------- c:\documents and settings\Raquel\Application Data\McAfee
2008-12-19 15:34 . 2008-12-19 15:52 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-17 22:10 . 1999-12-17 22:43 86,016 --------- c:\windows\unvise32.exe
2008-12-16 20:30 . 2008-12-16 20:30 268 --ah----- C:\sqmdata19.sqm
2008-12-16 20:30 . 2008-12-16 20:30 244 --ah----- C:\sqmnoopt19.sqm
2008-12-16 14:15 . 2008-12-16 14:15 268 --ah----- C:\sqmdata18.sqm
2008-12-16 14:15 . 2008-12-16 14:15 244 --ah----- C:\sqmnoopt18.sqm
2008-12-15 21:10 . 2008-12-15 21:10 268 --ah----- C:\sqmdata17.sqm
2008-12-15 21:10 . 2008-12-15 21:10 244 --ah----- C:\sqmnoopt17.sqm
2008-12-15 20:53 . 2008-12-15 20:53 268 --ah----- C:\sqmdata16.sqm
2008-12-15 20:53 . 2008-12-15 20:53 244 --ah----- C:\sqmnoopt16.sqm
2008-12-15 20:37 . 2008-12-15 20:37 268 --ah----- C:\sqmdata15.sqm
2008-12-15 20:37 . 2008-12-15 20:37 244 --ah----- C:\sqmnoopt15.sqm
2008-12-15 18:52 . 2008-12-15 18:52 268 --ah----- C:\sqmdata14.sqm
2008-12-15 18:52 . 2008-12-15 18:52 244 --ah----- C:\sqmnoopt14.sqm
2008-12-09 20:15 . 2008-12-09 20:15 268 --ah----- C:\sqmdata13.sqm
2008-12-09 20:15 . 2008-12-09 20:15 244 --ah----- C:\sqmnoopt13.sqm
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-02 18:57 . 2008-12-27 18:47 268 --ah----- C:\sqmdata12.sqm
2008-12-02 18:57 . 2008-12-27 18:47 244 --ah----- C:\sqmnoopt12.sqm
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\program files\iTunes
2008-12-02 18:35 . 2008-12-02 18:35 <DIR> d-------- c:\program files\iPod
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 18:33 . 2008-12-02 18:33 <DIR> d-------- c:\program files\QuickTime
2008-12-02 18:27 . 2008-12-02 18:27 <DIR> d-------- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 00:57 --------- d-----w c:\documents and settings\Raquel\Application Data\Skype
2009-01-01 23:10 --------- d-----w c:\documents and settings\Raquel\Application Data\skypePM
2008-12-27 22:19 --------- d-----w c:\program files\Google
2008-12-27 12:40 --------- d-----w c:\program files\Java
2008-12-20 17:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 15:16 2,914 ----a-w c:\documents and settings\Raquel\Application Data\SAS7_000.DAT
2008-12-20 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-20 13:49 --------- d-----w c:\program files\McAfee
2008-12-19 22:27 --------- d-----w c:\program files\mfk
2008-12-02 23:56 --------- d-----w c:\documents and settings\Raquel\Application Data\Apple Computer
2008-12-02 23:35 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 00:13 0 ----a-w c:\windows\system32\drivers\FUJITSU_AE3CJ1E605540000_WXPTPC.MKR
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-02-26 01:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-03-01 03:11 284 ----a-w c:\documents and settings\Administrator\Application Data\ViewerApp.dat
2008-08-27 23:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_12.42.31.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]
"MyKeys"="c:\program files\mfk\MFK.EXE" [1999-04-18 541184]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-30 20480]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-20 61440]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-26 1908736]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-18 303104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-20 185896]
"CMO_V2_CDU680"="c:\program files\Franklin\CDU680DORA\BIN\RDVCHG.EXE" [2007-10-02 316664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 c:\windows\AGRSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-26 13:52 49152 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\AutoVideo.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Softex\\OmniPass\\OPXPApp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2006-05-17 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-02-21 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2005-09-23 28544]
R2 FlashDrv;FlashDrv;\??\c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [2006-05-17 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2006-05-17 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\Drivers\FUJ02E1.sys [2006-05-17 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-05-17 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\DRIVERS\hidpen.sys [2006-05-17 31104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\Drivers\bioschk.sys [2006-11-10 3909]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2008-05-10 87040]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-05-17 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-05-17 14208]
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-01-18 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{EEB93738-D9FC-4387-AE85-81C1F8AC70A3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate into English
Trusted Zone: *.download.microsoft.com
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: *.windowsupdate.com
Trusted Zone: *.windowsupdate.microsoft.com

c:\windows\system32\msxml3.dll - c:\windows\system32\riched32.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\comcat.dll
c:\windows\system32\MSCOMCTL.OCX
c:\windows\system32\ImgX61.ocx
c:\windows\system32\ImgXPrint61.dll
c:\windows\system32\AtalaImaging.dll
c:\windows\system32\ImgX61.dll
c:\windows\system32\ImgXTwain61.dll
c:\windows\Downloaded Program Files\PHScan.ocx
c:\windows\Downloaded Program Files\XMLtoRTF.ocx
c:\windows\system32\vsspell6.ocx
c:\windows\Downloaded Program Files\LMRWebTextEditor.ocx
O16 -: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2}
hxxps://lmr.partners.org/lmr/lmr.cab
c:\windows\Downloaded Program Files\lmr.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.geni.com/ImageUploader_5_5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\cvt.dll - O16 -: {61611A68-B68C-420E-8E4D-6C61E68C03C6}
hxxps://lmr.partners.org/lmr/cvt.cab

c:\windows\Downloaded Program Files\iemenu.ocx - O16 -: {7823A620-9DD9-11CF-A662-00AA00C066D2}
hxxps://athenanet.athenahealth.com/stat ... iemenu.cab
c:\windows\Downloaded Program Files\iemenu.INF

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR165.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\picn6520.dll
c:\windows\Downloaded Program Files\picn6420.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\amiviewer.ocx
O16 -: {895E51DC-866E-4090-AC7C-B557FBD29823}
hxxps://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
c:\windows\Downloaded Program Files\amiviewer.inf

c:\windows\Downloaded Program Files\failsafe.ocx - O16 -: {8CAF79C1-7DBE-47CC-A941-535B1E74A869}
hxxps://lmr.partners.org/lmr/failsafe/failsafe.cab
c:\windows\Downloaded Program Files\failsafe.INF

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\vsprint7.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\LMRBase64.dll
c:\windows\system32\correct.tlx
c:\windows\system32\userdic.tlx
c:\windows\system32\ssceam2.clx
c:\windows\system32\ssceam.tlx
c:\windows\system32\wspelldlg.hlp
c:\windows\system32\wspell.ocx
c:\windows\system32\tx12_xml.dll
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12.dll
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\WebTXProcessor.ocx
O16 -: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1}
hxxps://lmr.partners.org/lmr/lmr2.cab
c:\windows\Downloaded Program Files\lmr2.inf

c:\windows\Downloaded Program Files\CONFLICT.1\IR87.txt - c:\windows\Downloaded Program Files\CONFLICT.1\IR6.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR165.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR159.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR149.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR148.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR144.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR14.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR138.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR13.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR127.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR126.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR110.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR109.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR101.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR100.txt
c:\windows\Downloaded Program Files\CONFLICT.1\dict.dat
c:\windows\Downloaded Program Files\CONFLICT.1\unicows.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6920.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6520.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6420.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6320.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn9120.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn20.dll
c:\windows\Downloaded Program Files\CONFLICT.1\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.ocx
O16 -: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B}
hxxps://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.inf

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\WebTXProcessor.ocx
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\tx12.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_xml.dll
O16 -: {BCDD741A-3F0F-483F-AB50-345E464F3617}
hxxps://lmr.partners.org/lmr/lmr2a.cab
c:\windows\Downloaded Program Files\lmr2a.inf

c:\windows\Downloaded Program Files\LMRWebPrint.dll - O16 -: {D40E7275-159D-419E-9AC1-46FD8884B464}
hxxps://lmr.partners.org/lmr/LMRWebPrint.cab
c:\windows\Downloaded Program Files\LMRWebPrint.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://harborcam.axiscam.net:9000/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

c:\windows\Downloaded Program Files\LMRWebIESetting.dll - O16 -: {FDFB6B21-9F60-4C74-B540-32D83C4357D1}
hxxps://lmr.partners.org/lmr/LMRWebIESetting.cab
c:\windows\Downloaded Program Files\LMRWebIESetting.inf

c:\windows\Downloaded Program Files\ptcomp3f.dll - O16 -: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61}
hxxps://www.patientgateway.org/ptgw/ptcomp3f.cab
c:\windows\Downloaded Program Files\ptcomp3f.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 20:07:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-01-01 20:08:58
ComboFix-quarantined-files.txt 2009-01-02 01:08:38
ComboFix2.txt 2008-12-31 17:43:19

Pre-Run: 55,571,189,760 bytes free
Post-Run: 55,578,349,568 bytes free

399 --- E O F --- 2008-12-09 22:43:32
_____________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:40 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\windows\system32\KADxMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\mfk\MFK.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [KADxMain] C:\windows\system32\KADxMain.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMO_V2_CDU680] C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyKeys] "C:\Program Files\mfk\MFK.EXE" /M
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2} (XMLtoRTF.XML) - https://lmr.partners.org/lmr/lmr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.geni.com/ImageUploader_5_5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {61611A68-B68C-420E-8E4D-6C61E68C03C6} (Cu2a Object) - https://lmr.partners.org/lmr/cvt.cab
O16 - DPF: {6D3CF4F3-C2F3-46E7-A126-3E53102A6B91} (Pegasus ImagXpress Control v7.0) - https://lmr.partners.org/lmr/diagram.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2332286109
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://athenanet.athenahealth.com/stat ... iemenu.cab
O16 - DPF: {895E51DC-866E-4090-AC7C-B557FBD29823} (AMI Pictorial Control CWeb 2.1 SPa01) - https://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
O16 - DPF: {8CAF79C1-7DBE-47CC-A941-535B1E74A869} (Project1.FailSafeCtl) - https://lmr.partners.org/lmr/failsafe/failsafe.cab
O16 - DPF: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1} (LMRBase64.Converter) - https://lmr.partners.org/lmr/lmr2.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BCDD741A-3F0F-483F-AB50-345E464F3617} (WebTXProcessor.ctlWebTX) - https://lmr.partners.org/lmr/lmr2a.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D40E7275-159D-419E-9AC1-46FD8884B464} (LMRWebPrint.PrintByTemplate) - https://lmr.partners.org/lmr/LMRWebPrint.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://harborcam.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {FDFB6B21-9F60-4C74-B540-32D83C4357D1} (Reg Class) - https://lmr.partners.org/lmr/LMRWebIESetting.cab
O16 - DPF: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61} (Link3f Class) - https://www.patientgateway.org/ptgw/ptcomp3f.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 16217 bytes
_____________________________________________________________________
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe LiveCycle Designer 7.1
Adobe Reader 9
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
AXIS Media Control Embedded
Bonjour
BUM
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dragon NaturallySpeaking 10
Fingerprint Sensor Minimum Install
First Step Guide
FlashAid
Franklin CDU680 USB Modem
Fujitsu Button Driver Component
Fujitsu Button Utilities
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu Pen Service
Fujitsu System Extension Utility
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ImageMixer VCD2
Ink Art
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 11
Logitech QuickCam Software
Logitech® Camera Driver
Magic Flute 2.1.1
Marvell Miniport Driver
McAfee SecurityCenter
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Silverlight
Microsoft Snipping Tool 2.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
MobileMe Control Panel
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
My Function Keys
mZConfig
O2Micro Flash Memory Card Windows Driver
O2Micro Smartcard Driver
OmniPass
Picture Package
PowerDVD
QuickTime
RealPlayer
Rhapsody Player Engine
Rhapsody Player Engine
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Panel Application
Security Panel Application for Supervisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Skype™ 3.8
Sony USB Driver
Synaptics Pointing Device Driver
Tablet PC Tutorials for Microsoft Windows XP SP2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ Runtime for Dragon NaturallySpeaking
Windows Driver Package - Fujitsu Computer Systems Corporation (FjBtnDrv) HIDClass 03/29/2006 2.0.0329.2006
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » January 1st, 2009, 9:35 pm

Thanks again OD. Here are the 3 files: Combofix, HJT, uninstall:
_______________________________________________________________
ComboFix 08-12-30.02 - Raquel 2009-01-01 20:06:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1262 [GMT -5:00]
Running from: c:\documents and settings\Raquel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Raquel\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\bogigipi.dll
c:\windows\system32\gulodedo.dll
c:\windows\system32\zwxqybmi.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bogigipi.dll
c:\windows\system32\gulodedo.dll
c:\windows\system32\zwxqybmi.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-21 13:44 . 2008-12-31 12:42 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-21 13:25 . 2008-12-21 13:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 12:06 . 2008-12-21 12:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 10:14 . 2008-12-20 10:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-20 09:37 . 2008-12-20 09:37 <DIR> d-------- c:\documents and settings\Raquel\Application Data\McAfee
2008-12-19 15:34 . 2008-12-19 15:52 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-17 22:10 . 1999-12-17 22:43 86,016 --------- c:\windows\unvise32.exe
2008-12-16 20:30 . 2008-12-16 20:30 268 --ah----- C:\sqmdata19.sqm
2008-12-16 20:30 . 2008-12-16 20:30 244 --ah----- C:\sqmnoopt19.sqm
2008-12-16 14:15 . 2008-12-16 14:15 268 --ah----- C:\sqmdata18.sqm
2008-12-16 14:15 . 2008-12-16 14:15 244 --ah----- C:\sqmnoopt18.sqm
2008-12-15 21:10 . 2008-12-15 21:10 268 --ah----- C:\sqmdata17.sqm
2008-12-15 21:10 . 2008-12-15 21:10 244 --ah----- C:\sqmnoopt17.sqm
2008-12-15 20:53 . 2008-12-15 20:53 268 --ah----- C:\sqmdata16.sqm
2008-12-15 20:53 . 2008-12-15 20:53 244 --ah----- C:\sqmnoopt16.sqm
2008-12-15 20:37 . 2008-12-15 20:37 268 --ah----- C:\sqmdata15.sqm
2008-12-15 20:37 . 2008-12-15 20:37 244 --ah----- C:\sqmnoopt15.sqm
2008-12-15 18:52 . 2008-12-15 18:52 268 --ah----- C:\sqmdata14.sqm
2008-12-15 18:52 . 2008-12-15 18:52 244 --ah----- C:\sqmnoopt14.sqm
2008-12-09 20:15 . 2008-12-09 20:15 268 --ah----- C:\sqmdata13.sqm
2008-12-09 20:15 . 2008-12-09 20:15 244 --ah----- C:\sqmnoopt13.sqm
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-02 18:57 . 2008-12-27 18:47 268 --ah----- C:\sqmdata12.sqm
2008-12-02 18:57 . 2008-12-27 18:47 244 --ah----- C:\sqmnoopt12.sqm
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\program files\iTunes
2008-12-02 18:35 . 2008-12-02 18:35 <DIR> d-------- c:\program files\iPod
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 18:33 . 2008-12-02 18:33 <DIR> d-------- c:\program files\QuickTime
2008-12-02 18:27 . 2008-12-02 18:27 <DIR> d-------- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 00:57 --------- d-----w c:\documents and settings\Raquel\Application Data\Skype
2009-01-01 23:10 --------- d-----w c:\documents and settings\Raquel\Application Data\skypePM
2008-12-27 22:19 --------- d-----w c:\program files\Google
2008-12-27 12:40 --------- d-----w c:\program files\Java
2008-12-20 17:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 15:16 2,914 ----a-w c:\documents and settings\Raquel\Application Data\SAS7_000.DAT
2008-12-20 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-20 13:49 --------- d-----w c:\program files\McAfee
2008-12-19 22:27 --------- d-----w c:\program files\mfk
2008-12-02 23:56 --------- d-----w c:\documents and settings\Raquel\Application Data\Apple Computer
2008-12-02 23:35 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 00:13 0 ----a-w c:\windows\system32\drivers\FUJITSU_AE3CJ1E605540000_WXPTPC.MKR
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-02-26 01:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-03-01 03:11 284 ----a-w c:\documents and settings\Administrator\Application Data\ViewerApp.dat
2008-08-27 23:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_12.42.31.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]
"MyKeys"="c:\program files\mfk\MFK.EXE" [1999-04-18 541184]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-30 20480]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-20 61440]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-26 1908736]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-18 303104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-20 185896]
"CMO_V2_CDU680"="c:\program files\Franklin\CDU680DORA\BIN\RDVCHG.EXE" [2007-10-02 316664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 c:\windows\AGRSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-26 13:52 49152 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\AutoVideo.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Softex\\OmniPass\\OPXPApp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2006-05-17 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-02-21 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2005-09-23 28544]
R2 FlashDrv;FlashDrv;\??\c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [2006-05-17 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2006-05-17 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\Drivers\FUJ02E1.sys [2006-05-17 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-05-17 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\DRIVERS\hidpen.sys [2006-05-17 31104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\Drivers\bioschk.sys [2006-11-10 3909]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2008-05-10 87040]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-05-17 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-05-17 14208]
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-01-18 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{EEB93738-D9FC-4387-AE85-81C1F8AC70A3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate into English
Trusted Zone: *.download.microsoft.com
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: *.windowsupdate.com
Trusted Zone: *.windowsupdate.microsoft.com

c:\windows\system32\msxml3.dll - c:\windows\system32\riched32.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\comcat.dll
c:\windows\system32\MSCOMCTL.OCX
c:\windows\system32\ImgX61.ocx
c:\windows\system32\ImgXPrint61.dll
c:\windows\system32\AtalaImaging.dll
c:\windows\system32\ImgX61.dll
c:\windows\system32\ImgXTwain61.dll
c:\windows\Downloaded Program Files\PHScan.ocx
c:\windows\Downloaded Program Files\XMLtoRTF.ocx
c:\windows\system32\vsspell6.ocx
c:\windows\Downloaded Program Files\LMRWebTextEditor.ocx
O16 -: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2}
hxxps://lmr.partners.org/lmr/lmr.cab
c:\windows\Downloaded Program Files\lmr.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.geni.com/ImageUploader_5_5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\cvt.dll - O16 -: {61611A68-B68C-420E-8E4D-6C61E68C03C6}
hxxps://lmr.partners.org/lmr/cvt.cab

c:\windows\Downloaded Program Files\iemenu.ocx - O16 -: {7823A620-9DD9-11CF-A662-00AA00C066D2}
hxxps://athenanet.athenahealth.com/stat ... iemenu.cab
c:\windows\Downloaded Program Files\iemenu.INF

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR165.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\picn6520.dll
c:\windows\Downloaded Program Files\picn6420.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\amiviewer.ocx
O16 -: {895E51DC-866E-4090-AC7C-B557FBD29823}
hxxps://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
c:\windows\Downloaded Program Files\amiviewer.inf

c:\windows\Downloaded Program Files\failsafe.ocx - O16 -: {8CAF79C1-7DBE-47CC-A941-535B1E74A869}
hxxps://lmr.partners.org/lmr/failsafe/failsafe.cab
c:\windows\Downloaded Program Files\failsafe.INF

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\vsprint7.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\LMRBase64.dll
c:\windows\system32\correct.tlx
c:\windows\system32\userdic.tlx
c:\windows\system32\ssceam2.clx
c:\windows\system32\ssceam.tlx
c:\windows\system32\wspelldlg.hlp
c:\windows\system32\wspell.ocx
c:\windows\system32\tx12_xml.dll
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12.dll
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\WebTXProcessor.ocx
O16 -: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1}
hxxps://lmr.partners.org/lmr/lmr2.cab
c:\windows\Downloaded Program Files\lmr2.inf

c:\windows\Downloaded Program Files\CONFLICT.1\IR87.txt - c:\windows\Downloaded Program Files\CONFLICT.1\IR6.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR165.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR159.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR149.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR148.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR144.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR14.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR138.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR13.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR127.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR126.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR110.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR109.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR101.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR100.txt
c:\windows\Downloaded Program Files\CONFLICT.1\dict.dat
c:\windows\Downloaded Program Files\CONFLICT.1\unicows.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6920.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6520.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6420.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6320.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn9120.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn20.dll
c:\windows\Downloaded Program Files\CONFLICT.1\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.ocx
O16 -: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B}
hxxps://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.inf

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\WebTXProcessor.ocx
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\tx12.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_xml.dll
O16 -: {BCDD741A-3F0F-483F-AB50-345E464F3617}
hxxps://lmr.partners.org/lmr/lmr2a.cab
c:\windows\Downloaded Program Files\lmr2a.inf

c:\windows\Downloaded Program Files\LMRWebPrint.dll - O16 -: {D40E7275-159D-419E-9AC1-46FD8884B464}
hxxps://lmr.partners.org/lmr/LMRWebPrint.cab
c:\windows\Downloaded Program Files\LMRWebPrint.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://harborcam.axiscam.net:9000/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

c:\windows\Downloaded Program Files\LMRWebIESetting.dll - O16 -: {FDFB6B21-9F60-4C74-B540-32D83C4357D1}
hxxps://lmr.partners.org/lmr/LMRWebIESetting.cab
c:\windows\Downloaded Program Files\LMRWebIESetting.inf

c:\windows\Downloaded Program Files\ptcomp3f.dll - O16 -: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61}
hxxps://www.patientgateway.org/ptgw/ptcomp3f.cab
c:\windows\Downloaded Program Files\ptcomp3f.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 20:07:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-01-01 20:08:58
ComboFix-quarantined-files.txt 2009-01-02 01:08:38
ComboFix2.txt 2008-12-31 17:43:19

Pre-Run: 55,571,189,760 bytes free
Post-Run: 55,578,349,568 bytes free

399 --- E O F --- 2008-12-09 22:43:32
_____________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:40 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\windows\system32\KADxMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\mfk\MFK.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [KADxMain] C:\windows\system32\KADxMain.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMO_V2_CDU680] C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyKeys] "C:\Program Files\mfk\MFK.EXE" /M
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2} (XMLtoRTF.XML) - https://lmr.partners.org/lmr/lmr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.geni.com/ImageUploader_5_5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {61611A68-B68C-420E-8E4D-6C61E68C03C6} (Cu2a Object) - https://lmr.partners.org/lmr/cvt.cab
O16 - DPF: {6D3CF4F3-C2F3-46E7-A126-3E53102A6B91} (Pegasus ImagXpress Control v7.0) - https://lmr.partners.org/lmr/diagram.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2332286109
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://athenanet.athenahealth.com/stat ... iemenu.cab
O16 - DPF: {895E51DC-866E-4090-AC7C-B557FBD29823} (AMI Pictorial Control CWeb 2.1 SPa01) - https://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
O16 - DPF: {8CAF79C1-7DBE-47CC-A941-535B1E74A869} (Project1.FailSafeCtl) - https://lmr.partners.org/lmr/failsafe/failsafe.cab
O16 - DPF: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1} (LMRBase64.Converter) - https://lmr.partners.org/lmr/lmr2.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BCDD741A-3F0F-483F-AB50-345E464F3617} (WebTXProcessor.ctlWebTX) - https://lmr.partners.org/lmr/lmr2a.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D40E7275-159D-419E-9AC1-46FD8884B464} (LMRWebPrint.PrintByTemplate) - https://lmr.partners.org/lmr/LMRWebPrint.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://harborcam.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {FDFB6B21-9F60-4C74-B540-32D83C4357D1} (Reg Class) - https://lmr.partners.org/lmr/LMRWebIESetting.cab
O16 - DPF: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61} (Link3f Class) - https://www.patientgateway.org/ptgw/ptcomp3f.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 16217 bytes
_____________________________________________________________________
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe LiveCycle Designer 7.1
Adobe Reader 9
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
AXIS Media Control Embedded
Bonjour
BUM
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dragon NaturallySpeaking 10
Fingerprint Sensor Minimum Install
First Step Guide
FlashAid
Franklin CDU680 USB Modem
Fujitsu Button Driver Component
Fujitsu Button Utilities
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu Pen Service
Fujitsu System Extension Utility
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ImageMixer VCD2
Ink Art
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 11
Logitech QuickCam Software
Logitech® Camera Driver
Magic Flute 2.1.1
Marvell Miniport Driver
McAfee SecurityCenter
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Silverlight
Microsoft Snipping Tool 2.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
MobileMe Control Panel
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
My Function Keys
mZConfig
O2Micro Flash Memory Card Windows Driver
O2Micro Smartcard Driver
OmniPass
Picture Package
PowerDVD
QuickTime
RealPlayer
Rhapsody Player Engine
Rhapsody Player Engine
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Panel Application
Security Panel Application for Supervisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Skype™ 3.8
Sony USB Driver
Synaptics Pointing Device Driver
Tablet PC Tutorials for Microsoft Windows XP SP2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ Runtime for Dragon NaturallySpeaking
Windows Driver Package - Fujitsu Computer Systems Corporation (FjBtnDrv) HIDClass 03/29/2006 2.0.0329.2006
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » January 1st, 2009, 9:36 pm

Thanks again OD. Here are the 3 files: Combofix, HJT, uninstall:
_______________________________________________________________
ComboFix 08-12-30.02 - Raquel 2009-01-01 20:06:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1262 [GMT -5:00]
Running from: c:\documents and settings\Raquel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Raquel\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\bogigipi.dll
c:\windows\system32\gulodedo.dll
c:\windows\system32\zwxqybmi.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bogigipi.dll
c:\windows\system32\gulodedo.dll
c:\windows\system32\zwxqybmi.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-21 13:44 . 2008-12-31 12:42 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-21 13:25 . 2008-12-21 13:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 12:06 . 2008-12-21 12:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 10:14 . 2008-12-20 10:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-20 09:37 . 2008-12-20 09:37 <DIR> d-------- c:\documents and settings\Raquel\Application Data\McAfee
2008-12-19 15:34 . 2008-12-19 15:52 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-17 22:10 . 1999-12-17 22:43 86,016 --------- c:\windows\unvise32.exe
2008-12-16 20:30 . 2008-12-16 20:30 268 --ah----- C:\sqmdata19.sqm
2008-12-16 20:30 . 2008-12-16 20:30 244 --ah----- C:\sqmnoopt19.sqm
2008-12-16 14:15 . 2008-12-16 14:15 268 --ah----- C:\sqmdata18.sqm
2008-12-16 14:15 . 2008-12-16 14:15 244 --ah----- C:\sqmnoopt18.sqm
2008-12-15 21:10 . 2008-12-15 21:10 268 --ah----- C:\sqmdata17.sqm
2008-12-15 21:10 . 2008-12-15 21:10 244 --ah----- C:\sqmnoopt17.sqm
2008-12-15 20:53 . 2008-12-15 20:53 268 --ah----- C:\sqmdata16.sqm
2008-12-15 20:53 . 2008-12-15 20:53 244 --ah----- C:\sqmnoopt16.sqm
2008-12-15 20:37 . 2008-12-15 20:37 268 --ah----- C:\sqmdata15.sqm
2008-12-15 20:37 . 2008-12-15 20:37 244 --ah----- C:\sqmnoopt15.sqm
2008-12-15 18:52 . 2008-12-15 18:52 268 --ah----- C:\sqmdata14.sqm
2008-12-15 18:52 . 2008-12-15 18:52 244 --ah----- C:\sqmnoopt14.sqm
2008-12-09 20:15 . 2008-12-09 20:15 268 --ah----- C:\sqmdata13.sqm
2008-12-09 20:15 . 2008-12-09 20:15 244 --ah----- C:\sqmnoopt13.sqm
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a------ c:\windows\system32\hidserv.dll
2008-12-05 20:19 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-02 18:57 . 2008-12-27 18:47 268 --ah----- C:\sqmdata12.sqm
2008-12-02 18:57 . 2008-12-27 18:47 244 --ah----- C:\sqmnoopt12.sqm
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\program files\iTunes
2008-12-02 18:35 . 2008-12-02 18:35 <DIR> d-------- c:\program files\iPod
2008-12-02 18:35 . 2008-12-02 18:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 18:33 . 2008-12-02 18:33 <DIR> d-------- c:\program files\QuickTime
2008-12-02 18:27 . 2008-12-02 18:27 <DIR> d-------- c:\program files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 00:57 --------- d-----w c:\documents and settings\Raquel\Application Data\Skype
2009-01-01 23:10 --------- d-----w c:\documents and settings\Raquel\Application Data\skypePM
2008-12-27 22:19 --------- d-----w c:\program files\Google
2008-12-27 12:40 --------- d-----w c:\program files\Java
2008-12-20 17:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 15:16 2,914 ----a-w c:\documents and settings\Raquel\Application Data\SAS7_000.DAT
2008-12-20 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-20 13:49 --------- d-----w c:\program files\McAfee
2008-12-19 22:27 --------- d-----w c:\program files\mfk
2008-12-02 23:56 --------- d-----w c:\documents and settings\Raquel\Application Data\Apple Computer
2008-12-02 23:35 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 00:13 0 ----a-w c:\windows\system32\drivers\FUJITSU_AE3CJ1E605540000_WXPTPC.MKR
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-02-26 01:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-03-01 03:11 284 ----a-w c:\documents and settings\Administrator\Application Data\ViewerApp.dat
2008-08-27 23:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_12.42.31.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 00:58:15 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]
"MyKeys"="c:\program files\mfk\MFK.EXE" [1999-04-18 541184]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-30 20480]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-20 61440]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-26 1908736]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-18 303104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-20 185896]
"CMO_V2_CDU680"="c:\program files\Franklin\CDU680DORA\BIN\RDVCHG.EXE" [2007-10-02 316664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 c:\windows\AGRSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-26 13:52 49152 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\AutoVideo.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Softex\\OmniPass\\OPXPApp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2006-05-17 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-02-21 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2005-09-23 28544]
R2 FlashDrv;FlashDrv;\??\c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [2006-05-17 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2006-05-17 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\Drivers\FUJ02E1.sys [2006-05-17 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-05-17 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\DRIVERS\hidpen.sys [2006-05-17 31104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\Drivers\bioschk.sys [2006-11-10 3909]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2008-05-10 87040]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-05-17 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-05-17 14208]
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-01-18 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-02 c:\windows\Tasks\User_Feed_Synchronization-{EEB93738-D9FC-4387-AE85-81C1F8AC70A3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate into English
Trusted Zone: *.download.microsoft.com
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: *.windowsupdate.com
Trusted Zone: *.windowsupdate.microsoft.com

c:\windows\system32\msxml3.dll - c:\windows\system32\riched32.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\comcat.dll
c:\windows\system32\MSCOMCTL.OCX
c:\windows\system32\ImgX61.ocx
c:\windows\system32\ImgXPrint61.dll
c:\windows\system32\AtalaImaging.dll
c:\windows\system32\ImgX61.dll
c:\windows\system32\ImgXTwain61.dll
c:\windows\Downloaded Program Files\PHScan.ocx
c:\windows\Downloaded Program Files\XMLtoRTF.ocx
c:\windows\system32\vsspell6.ocx
c:\windows\Downloaded Program Files\LMRWebTextEditor.ocx
O16 -: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2}
hxxps://lmr.partners.org/lmr/lmr.cab
c:\windows\Downloaded Program Files\lmr.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.geni.com/ImageUploader_5_5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\cvt.dll - O16 -: {61611A68-B68C-420E-8E4D-6C61E68C03C6}
hxxps://lmr.partners.org/lmr/cvt.cab

c:\windows\Downloaded Program Files\iemenu.ocx - O16 -: {7823A620-9DD9-11CF-A662-00AA00C066D2}
hxxps://athenanet.athenahealth.com/stat ... iemenu.cab
c:\windows\Downloaded Program Files\iemenu.INF

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR165.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\picn6520.dll
c:\windows\Downloaded Program Files\picn6420.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\amiviewer.ocx
O16 -: {895E51DC-866E-4090-AC7C-B557FBD29823}
hxxps://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
c:\windows\Downloaded Program Files\amiviewer.inf

c:\windows\Downloaded Program Files\failsafe.ocx - O16 -: {8CAF79C1-7DBE-47CC-A941-535B1E74A869}
hxxps://lmr.partners.org/lmr/failsafe/failsafe.cab
c:\windows\Downloaded Program Files\failsafe.INF

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\vsprint7.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\LMRBase64.dll
c:\windows\system32\correct.tlx
c:\windows\system32\userdic.tlx
c:\windows\system32\ssceam2.clx
c:\windows\system32\ssceam.tlx
c:\windows\system32\wspelldlg.hlp
c:\windows\system32\wspell.ocx
c:\windows\system32\tx12_xml.dll
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12.dll
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\WebTXProcessor.ocx
O16 -: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1}
hxxps://lmr.partners.org/lmr/lmr2.cab
c:\windows\Downloaded Program Files\lmr2.inf

c:\windows\Downloaded Program Files\CONFLICT.1\IR87.txt - c:\windows\Downloaded Program Files\CONFLICT.1\IR6.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR165.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR159.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR149.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR148.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR144.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR14.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR138.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR13.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR127.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR126.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR110.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR109.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR101.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR100.txt
c:\windows\Downloaded Program Files\CONFLICT.1\dict.dat
c:\windows\Downloaded Program Files\CONFLICT.1\unicows.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6920.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6520.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6420.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6320.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn9120.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn20.dll
c:\windows\Downloaded Program Files\CONFLICT.1\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.ocx
O16 -: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B}
hxxps://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.inf

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\WebTXProcessor.ocx
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\tx12.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_xml.dll
O16 -: {BCDD741A-3F0F-483F-AB50-345E464F3617}
hxxps://lmr.partners.org/lmr/lmr2a.cab
c:\windows\Downloaded Program Files\lmr2a.inf

c:\windows\Downloaded Program Files\LMRWebPrint.dll - O16 -: {D40E7275-159D-419E-9AC1-46FD8884B464}
hxxps://lmr.partners.org/lmr/LMRWebPrint.cab
c:\windows\Downloaded Program Files\LMRWebPrint.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://harborcam.axiscam.net:9000/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

c:\windows\Downloaded Program Files\LMRWebIESetting.dll - O16 -: {FDFB6B21-9F60-4C74-B540-32D83C4357D1}
hxxps://lmr.partners.org/lmr/LMRWebIESetting.cab
c:\windows\Downloaded Program Files\LMRWebIESetting.inf

c:\windows\Downloaded Program Files\ptcomp3f.dll - O16 -: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61}
hxxps://www.patientgateway.org/ptgw/ptcomp3f.cab
c:\windows\Downloaded Program Files\ptcomp3f.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 20:07:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-01-01 20:08:58
ComboFix-quarantined-files.txt 2009-01-02 01:08:38
ComboFix2.txt 2008-12-31 17:43:19

Pre-Run: 55,571,189,760 bytes free
Post-Run: 55,578,349,568 bytes free

399 --- E O F --- 2008-12-09 22:43:32
_____________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:40 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\windows\system32\KADxMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMnuIco.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\mfk\MFK.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [KADxMain] C:\windows\system32\KADxMain.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMO_V2_CDU680] C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyKeys] "C:\Program Files\mfk\MFK.EXE" /M
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2} (XMLtoRTF.XML) - https://lmr.partners.org/lmr/lmr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.geni.com/ImageUploader_5_5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {61611A68-B68C-420E-8E4D-6C61E68C03C6} (Cu2a Object) - https://lmr.partners.org/lmr/cvt.cab
O16 - DPF: {6D3CF4F3-C2F3-46E7-A126-3E53102A6B91} (Pegasus ImagXpress Control v7.0) - https://lmr.partners.org/lmr/diagram.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2332286109
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://athenanet.athenahealth.com/stat ... iemenu.cab
O16 - DPF: {895E51DC-866E-4090-AC7C-B557FBD29823} (AMI Pictorial Control CWeb 2.1 SPa01) - https://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
O16 - DPF: {8CAF79C1-7DBE-47CC-A941-535B1E74A869} (Project1.FailSafeCtl) - https://lmr.partners.org/lmr/failsafe/failsafe.cab
O16 - DPF: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1} (LMRBase64.Converter) - https://lmr.partners.org/lmr/lmr2.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BCDD741A-3F0F-483F-AB50-345E464F3617} (WebTXProcessor.ctlWebTX) - https://lmr.partners.org/lmr/lmr2a.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D40E7275-159D-419E-9AC1-46FD8884B464} (LMRWebPrint.PrintByTemplate) - https://lmr.partners.org/lmr/LMRWebPrint.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://harborcam.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {FDFB6B21-9F60-4C74-B540-32D83C4357D1} (Reg Class) - https://lmr.partners.org/lmr/LMRWebIESetting.cab
O16 - DPF: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61} (Link3f Class) - https://www.patientgateway.org/ptgw/ptcomp3f.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 16217 bytes
_____________________________________________________________________
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe LiveCycle Designer 7.1
Adobe Reader 9
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
AXIS Media Control Embedded
Bonjour
BUM
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Dragon NaturallySpeaking 10
Fingerprint Sensor Minimum Install
First Step Guide
FlashAid
Franklin CDU680 USB Modem
Fujitsu Button Driver Component
Fujitsu Button Utilities
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu Pen Service
Fujitsu System Extension Utility
Garmin City Navigator North America NT 2009 Update
Garmin Communicator Plugin
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ImageMixer VCD2
Ink Art
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 11
Logitech QuickCam Software
Logitech® Camera Driver
Magic Flute 2.1.1
Marvell Miniport Driver
McAfee SecurityCenter
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Energy Blue Theme Pack
Microsoft Experience Pack for Tablet PC
Microsoft Ink Crossword
Microsoft Ink Desktop
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Transfer
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Silverlight
Microsoft Snipping Tool 2.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIWA
mLogView
mMHouse
MobileMe Control Panel
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
My Function Keys
mZConfig
O2Micro Flash Memory Card Windows Driver
O2Micro Smartcard Driver
OmniPass
Picture Package
PowerDVD
QuickTime
RealPlayer
Rhapsody Player Engine
Rhapsody Player Engine
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Panel Application
Security Panel Application for Supervisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SigmaTel Audio
Skype™ 3.8
Sony USB Driver
Synaptics Pointing Device Driver
Tablet PC Tutorials for Microsoft Windows XP SP2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visual C++ Runtime for Dragon NaturallySpeaking
Windows Driver Package - Fujitsu Computer Systems Corporation (FjBtnDrv) HIDClass 03/29/2006 2.0.0329.2006
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB887626 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby Odd dude » January 2nd, 2009, 7:41 am

Run CFScript
Open notepad and copy/paste the following to it:

Code: Select all
File::
c:\documents and settings\All Users\Application Data\ezsid.dat
Folder::
c:\windows\Downloaded Program Files\CONFLICT.1
Registry::
[-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]


Save this to your desktop as "CFScript.txt".

Disconnect from the internet, disable your antimalware software like you did before, and drag CFScript into ComboFix

Image

ComboFix will run again, please be patient and post the log like usual.
Also post a new hijackthis log.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby Odd dude » January 4th, 2009, 1:01 pm

How're you doing?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » January 5th, 2009, 2:06 pm

No more pop-ups Dude. It is great!

I didn't know if you thought the computer was already clean or wanted/ needed to check the follow-up logs that I posted. I am very happy and thankful.

Simon
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby Odd dude » January 5th, 2009, 2:54 pm

Did you run that last CFScript?

If you haven't already, please do so and then post a new hijackthis log. There may be one or two small things we will have to clean up (however things are looking good right now). Then I will give you some tips to prevent reinfection in the future.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » January 5th, 2009, 3:11 pm

Oh, good. Will do tonight (at work right now), and post.

Simon
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm

Re: Hijacked!. can't stop the pop-ups. Here is the HJT file

Unread postby slw » January 5th, 2009, 9:22 pm

Here are 2 files: first Combofix then HJT (Dude, you re a genius!)
_______________________________________________________________
ComboFix 08-12-30.02 - Raquel 2009-01-05 20:14:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.967 [GMT -5:00]
Running from: c:\documents and settings\Raquel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Raquel\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ezsid.dat
c:\windows\Downloaded Program Files\CONFLICT.1
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.inf
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\dict.dat
c:\windows\Downloaded Program Files\CONFLICT.1\IR100.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR101.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR109.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR110.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR126.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR127.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR13.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR138.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR14.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR144.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR148.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR149.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR159.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR165.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR6.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR87.txt
c:\windows\Downloaded Program Files\CONFLICT.1\picn20.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6320.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6420.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6520.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6920.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn9120.dll
c:\windows\Downloaded Program Files\CONFLICT.1\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\unicows.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-01 20:20 . 2009-01-05 20:13 <DIR> d-------- c:\program files\NOS
2009-01-01 20:20 . 2009-01-05 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-21 13:44 . 2009-01-01 20:20 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-21 13:25 . 2008-12-21 13:25 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 12:06 . 2008-12-21 12:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 10:14 . 2008-12-20 10:14 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-20 09:37 . 2008-12-20 09:37 <DIR> d-------- c:\documents and settings\Raquel\Application Data\McAfee
2008-12-19 15:34 . 2008-12-19 15:52 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-17 22:10 . 1999-12-17 22:43 86,016 --------- c:\windows\unvise32.exe
2008-12-16 20:30 . 2008-12-16 20:30 268 --ah----- C:\sqmdata19.sqm
2008-12-16 20:30 . 2008-12-16 20:30 244 --ah----- C:\sqmnoopt19.sqm
2008-12-16 14:15 . 2008-12-16 14:15 268 --ah----- C:\sqmdata18.sqm
2008-12-16 14:15 . 2008-12-16 14:15 244 --ah----- C:\sqmnoopt18.sqm
2008-12-15 21:10 . 2008-12-15 21:10 268 --ah----- C:\sqmdata17.sqm
2008-12-15 21:10 . 2008-12-15 21:10 244 --ah----- C:\sqmnoopt17.sqm
2008-12-15 20:53 . 2008-12-15 20:53 268 --ah----- C:\sqmdata16.sqm
2008-12-15 20:53 . 2008-12-15 20:53 244 --ah----- C:\sqmnoopt16.sqm
2008-12-15 20:37 . 2008-12-15 20:37 268 --ah----- C:\sqmdata15.sqm
2008-12-15 20:37 . 2008-12-15 20:37 244 --ah----- C:\sqmnoopt15.sqm
2008-12-15 18:52 . 2008-12-15 18:52 268 --ah----- C:\sqmdata14.sqm
2008-12-15 18:52 . 2008-12-15 18:52 244 --ah----- C:\sqmnoopt14.sqm
2008-12-09 20:15 . 2008-12-09 20:15 268 --ah----- C:\sqmdata13.sqm
2008-12-09 20:15 . 2008-12-09 20:15 244 --ah----- C:\sqmnoopt13.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 01:07 --------- d-----w c:\documents and settings\Raquel\Application Data\Skype
2009-01-02 14:07 --------- d-----w c:\documents and settings\Raquel\Application Data\skypePM
2009-01-02 01:24 --------- d-----w c:\program files\Common Files\Adobe
2008-12-27 22:19 --------- d-----w c:\program files\Google
2008-12-27 12:40 --------- d-----w c:\program files\Java
2008-12-20 17:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 15:16 2,914 ----a-w c:\documents and settings\Raquel\Application Data\SAS7_000.DAT
2008-12-20 14:42 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-20 13:49 --------- d-----w c:\program files\McAfee
2008-12-19 22:27 --------- d-----w c:\program files\mfk
2008-12-02 23:56 --------- d-----w c:\documents and settings\Raquel\Application Data\Apple Computer
2008-12-02 23:36 --------- d-----w c:\program files\iTunes
2008-12-02 23:36 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 23:35 --------- d-----w c:\program files\iPod
2008-12-02 23:35 --------- d-----w c:\program files\Common Files\Apple
2008-12-02 23:33 --------- d-----w c:\program files\QuickTime
2008-12-02 23:27 --------- d-----w c:\program files\Safari
2008-12-01 00:13 0 ----a-w c:\windows\system32\drivers\FUJITSU_AE3CJ1E605540000_WXPTPC.MKR
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2007-03-01 03:11 284 ----a-w c:\documents and settings\Administrator\Application Data\ViewerApp.dat
2008-08-27 23:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-31_12.42.31.73 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-03 19:57:32 1,660,928 ----a-w c:\windows\Downloaded Program Files\genipublisher.dll
+ 2007-12-12 20:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-06 00:54:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-06 00:54:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-31 17:37:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-06 00:54:16 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-31 17:41:05 216,571 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-01-02 01:18:53 216,571 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-01-02 01:15:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2009-01-02 15:13:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f78.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 68856]
"MyKeys"="c:\program files\mfk\MFK.EXE" [1999-04-18 541184]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-01-27 73728]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2006-03-30 20480]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2005-09-10 81920]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2003-08-20 61440]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-04-05 270336]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-25 68296]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2006-04-26 1908736]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\fjdvrupd.exe" [2005-11-18 303104]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-20 185896]
"CMO_V2_CDU680"="c:\program files\Franklin\CDU680DORA\BIN\RDVCHG.EXE" [2007-10-02 316664]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-17 137752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AGRSMMSG"="AGRSMMSG.exe" [2006-01-17 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-26 13:52 49152 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\AutoVideo.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Softex\\OmniPass\\OPXPApp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [2006-05-17 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-02-21 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2005-09-23 28544]
R2 FlashDrv;FlashDrv;\??\c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [2006-05-17 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2006-05-17 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\Drivers\FUJ02E1.sys [2006-05-17 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-05-17 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\DRIVERS\hidpen.sys [2006-05-17 31104]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\Drivers\bioschk.sys [2006-11-10 3909]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2008-05-10 87040]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2006-05-17 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2006-05-17 14208]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2007-01-18 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-06 c:\windows\Tasks\User_Feed_Synchronization-{EEB93738-D9FC-4387-AE85-81C1F8AC70A3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: Similar Pages
IE: Translate into English
Trusted Zone: *.download.microsoft.com
Trusted Zone: *.internet
Trusted Zone: *.mcafee.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: *.update.microsoft.com
Trusted Zone: *.windowsupdate.com
Trusted Zone: *.windowsupdate.microsoft.com

c:\windows\Downloaded Program Files\genipublisher.dll - O16 -: Geni Publisher
hxxp://www.geni.com/plugins/genipublisher.CAB
c:\windows\Downloaded Program Files\genipublisher.OSD

c:\windows\system32\msxml3.dll - c:\windows\system32\riched32.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\comcat.dll
c:\windows\system32\MSCOMCTL.OCX
c:\windows\system32\ImgX61.ocx
c:\windows\system32\ImgXPrint61.dll
c:\windows\system32\AtalaImaging.dll
c:\windows\system32\ImgX61.dll
c:\windows\system32\ImgXTwain61.dll
c:\windows\Downloaded Program Files\PHScan.ocx
c:\windows\Downloaded Program Files\XMLtoRTF.ocx
c:\windows\system32\vsspell6.ocx
c:\windows\Downloaded Program Files\LMRWebTextEditor.ocx
O16 -: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2}
hxxps://lmr.partners.org/lmr/lmr.cab
c:\windows\Downloaded Program Files\lmr.inf

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
hxxp://www.geni.com/ImageUploader_5_5.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf

c:\windows\Downloaded Program Files\cvt.dll - O16 -: {61611A68-B68C-420E-8E4D-6C61E68C03C6}
hxxps://lmr.partners.org/lmr/cvt.cab

c:\windows\Downloaded Program Files\iemenu.ocx - O16 -: {7823A620-9DD9-11CF-A662-00AA00C066D2}
hxxps://athenanet.athenahealth.com/stat ... iemenu.cab
c:\windows\Downloaded Program Files\iemenu.INF

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR165.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\picn6520.dll
c:\windows\Downloaded Program Files\picn6420.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\amiviewer.ocx
O16 -: {895E51DC-866E-4090-AC7C-B557FBD29823}
hxxps://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
c:\windows\Downloaded Program Files\amiviewer.inf

c:\windows\Downloaded Program Files\failsafe.ocx - O16 -: {8CAF79C1-7DBE-47CC-A941-535B1E74A869}
hxxps://lmr.partners.org/lmr/failsafe/failsafe.cab
c:\windows\Downloaded Program Files\failsafe.INF

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\vsprint7.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\LMRBase64.dll
c:\windows\system32\correct.tlx
c:\windows\system32\userdic.tlx
c:\windows\system32\ssceam2.clx
c:\windows\system32\ssceam.tlx
c:\windows\system32\wspelldlg.hlp
c:\windows\system32\wspell.ocx
c:\windows\system32\tx12_xml.dll
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12.dll
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\WebTXProcessor.ocx
O16 -: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1}
hxxps://lmr.partners.org/lmr/lmr2.cab
c:\windows\Downloaded Program Files\lmr2.inf

c:\windows\Downloaded Program Files\CONFLICT.1\IR87.txt - c:\windows\Downloaded Program Files\CONFLICT.1\IR6.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR165.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR159.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR149.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR148.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR144.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR14.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR138.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR13.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR127.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR126.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR110.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR109.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR101.txt
c:\windows\Downloaded Program Files\CONFLICT.1\IR100.txt
c:\windows\Downloaded Program Files\CONFLICT.1\dict.dat
c:\windows\Downloaded Program Files\CONFLICT.1\unicows.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6920.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6520.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6420.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn6320.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn9120.dll
c:\windows\Downloaded Program Files\CONFLICT.1\picn20.dll
c:\windows\Downloaded Program Files\CONFLICT.1\PictorialIndexWV.ocx
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.ocx
O16 -: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B}
hxxps://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
c:\windows\Downloaded Program Files\CONFLICT.1\amiviewer.inf

c:\windows\system32\comctl32.ocx - c:\windows\system32\RICHED32.DLL
c:\windows\system32\msvbvm60.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\stdole2.tlb
c:\windows\system32\COMCAT.DLL
c:\windows\system32\WebTXProcessor.ocx
c:\windows\system32\RICHTX32.OCX
c:\windows\system32\tx4ole12.ocx
c:\windows\system32\MSSTKPRP.DLL
c:\windows\system32\tx12.dll
c:\windows\system32\tx12_bmp.flt
c:\windows\system32\tx12_css.dll
c:\windows\system32\tx12_doc.dll
c:\windows\system32\tx12_gif.flt
c:\windows\system32\tx12_htm.dll
c:\windows\system32\tx12_ic.dll
c:\windows\system32\tx12_ic.ini
c:\windows\system32\tx12_jpg.flt
c:\windows\system32\tx12_obj.dll
c:\windows\system32\tx12_pdf.dll
c:\windows\system32\tx12_png.flt
c:\windows\system32\tx12_rtf.dll
c:\windows\system32\tx12_tif.flt
c:\windows\system32\tx12_tls.dll
c:\windows\system32\tx12_wmf.flt
c:\windows\system32\tx12_wnd.dll
c:\windows\system32\tx12_xml.dll
O16 -: {BCDD741A-3F0F-483F-AB50-345E464F3617}
hxxps://lmr.partners.org/lmr/lmr2a.cab
c:\windows\Downloaded Program Files\lmr2a.inf

c:\windows\Downloaded Program Files\LMRWebPrint.dll - O16 -: {D40E7275-159D-419E-9AC1-46FD8884B464}
hxxps://lmr.partners.org/lmr/LMRWebPrint.cab
c:\windows\Downloaded Program Files\LMRWebPrint.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://harborcam.axiscam.net:9000/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

c:\windows\Downloaded Program Files\LMRWebIESetting.dll - O16 -: {FDFB6B21-9F60-4C74-B540-32D83C4357D1}
hxxps://lmr.partners.org/lmr/LMRWebIESetting.cab
c:\windows\Downloaded Program Files\LMRWebIESetting.inf

c:\windows\Downloaded Program Files\ptcomp3f.dll - O16 -: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61}
hxxps://www.patientgateway.org/ptgw/ptcomp3f.cab
c:\windows\Downloaded Program Files\ptcomp3f.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 20:15:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Owner=Administrator
@Denied: (A 2) (Everyone)
@Denied: (A 2) (S-1-5-7)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@Owner=Administrator
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@Owner=Administrator

[HKEY_LOCAL_MACHINE\software\SigmaTel\GlobalState]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=Administrators
@Denied: (Full) (Guests)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (B 1 2 3 4 5) (S-1-5-4)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2009-01-05 20:16:28
ComboFix-quarantined-files.txt 2009-01-06 01:16:15
ComboFix2.txt 2009-01-02 01:08:59
ComboFix3.txt 2008-12-31 17:43:19

Pre-Run: 55,252,500,480 bytes free
Post-Run: 55,305,408,512 bytes free

452 --- E O F --- 2008-12-09 22:43:32
___________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:13 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\mfk\MFK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [FjStrtAp] c:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [KADxMain] C:\windows\system32\KADxMain.exe
O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CMO_V2_CDU680] C:\Program Files\Franklin\CDU680DORA\BIN\RDVCHG.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyKeys] "C:\Program Files\mfk\MFK.EXE" /M
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: Geni Publisher - http://www.geni.com/plugins/genipublisher.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2FAD241F-D04F-43A4-9356-BF78AEBEFAD2} (XMLtoRTF.XML) - https://lmr.partners.org/lmr/lmr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.geni.com/ImageUploader_5_5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {61611A68-B68C-420E-8E4D-6C61E68C03C6} (Cu2a Object) - https://lmr.partners.org/lmr/cvt.cab
O16 - DPF: {6D3CF4F3-C2F3-46E7-A126-3E53102A6B91} (Pegasus ImagXpress Control v7.0) - https://lmr.partners.org/lmr/diagram.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2332286109
O16 - DPF: {7823A620-9DD9-11CF-A662-00AA00C066D2} (PopupMenu Object) - https://athenanet.athenahealth.com/stat ... iemenu.cab
O16 - DPF: {895E51DC-866E-4090-AC7C-B557FBD29823} (AMI Pictorial Control CWeb 2.1 SPa01) - https://pacsweb2.bidmc.harvard.edu/ami/ ... viewer.cab
O16 - DPF: {8CAF79C1-7DBE-47CC-A941-535B1E74A869} (Project1.FailSafeCtl) - https://lmr.partners.org/lmr/failsafe/failsafe.cab
O16 - DPF: {96C524F5-F7BE-42C8-B8C7-89E55CD1FEB1} (LMRBase64.Converter) - https://lmr.partners.org/lmr/lmr2.cab
O16 - DPF: {A8B3A7FE-9C8D-4F15-9B01-8805BDF43B1B} (AMI Pictorial Control CWeb 2.1 SPa06) - https://pacsweb.bidmc.harvard.edu/ami/i ... viewer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BCDD741A-3F0F-483F-AB50-345E464F3617} (WebTXProcessor.ctlWebTX) - https://lmr.partners.org/lmr/lmr2a.cab
O16 - DPF: {D40E7275-159D-419E-9AC1-46FD8884B464} (LMRWebPrint.PrintByTemplate) - https://lmr.partners.org/lmr/LMRWebPrint.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://harborcam.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {FDFB6B21-9F60-4C74-B540-32D83C4357D1} (Reg Class) - https://lmr.partners.org/lmr/LMRWebIESetting.cab
O16 - DPF: {FE28FA1A-E046-42DC-9DE7-605DC53A1B61} (Link3f Class) - https://www.patientgateway.org/ptgw/ptcomp3f.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 15797 bytes
slw
Active Member
 
Posts: 10
Joined: December 27th, 2008, 6:31 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 489 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware