Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Error


  • Please log in to reply
1 reply to this topic

#1 ltx

ltx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 14 February 2008 - 10:39 PM

I keep getting this pop up "System error! Your computer was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the anti-spyware program to clean your system! (Recommended). I have read other post having the same problems System Error Popup. I have tried to follow the steps to solve but am unfamiliar with hijackthis. I have run combofix and hijackthis. would really need some help. these are the logs:

ComboFix 08-02-15.1 - adminNUS 2008-02-15 11:23:07.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1192 [GMT 8:00]
Running from: C:\Users\adminNUS\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\adminNUS\AppData\Roaming\macromedia\Flash Player\#SharedObjects\AHXJFSWD\www.inter-focus.cn
C:\Users\adminNUS\AppData\Roaming\macromedia\Flash Player\#SharedObjects\AHXJFSWD\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Users\adminNUS\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Users\adminNUS\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-14 23:59 . 2006-11-02 17:44 320,000 --a------ C:\kmd.exe
2008-02-14 23:58 . 2008-02-14 23:58 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-14 23:58 . 2008-02-15 11:11 <DIR> d-------- C:\Users\adminNUS\AppData\Roaming\SUPERAntiSpyware.com
2008-02-14 23:58 . 2008-02-14 23:58 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-14 23:58 . 2008-02-15 11:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-14 23:21 . 2008-02-14 23:21 <DIR> d-------- C:\Users\adminNUS\AppData\Roaming\Uniblue
2008-02-14 18:51 . 2008-02-15 11:01 <DIR> d-------- C:\Windows\System32\HouseCall 6.6
2008-02-14 17:34 . 2007-08-01 16:47 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-02-14 09:26 . 2008-02-09 11:20 31,280 --a------ C:\Windows\System32\rrMon.sys
2008-02-14 01:21 . 2008-02-14 01:22 433 --a------ C:\Windows\wininit.ini
2008-02-13 23:33 . 2008-02-13 23:33 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 23:33 . 2008-02-13 23:33 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 23:30 . 2008-02-13 23:31 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-02-13 23:30 . 2008-02-13 23:30 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-13 23:30 . 2008-02-13 23:30 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-02-13 23:27 . 2008-02-14 14:31 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-02-13 21:35 . 2008-02-13 21:35 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-13 21:35 . 2008-02-13 21:35 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-13 21:22 . 2008-02-13 21:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-13 20:32 . 2008-02-15 11:02 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-13 20:32 . 2008-02-15 11:02 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-13 01:15 . 2008-02-13 01:15 231,424 --a------ C:\Windows\AcroIEHelper.dll
2008-02-13 01:15 . 2008-02-13 01:15 53 --a------ C:\tmp.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 15:35 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-13 15:35 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 15:35 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-13 15:35 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 15:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-13 15:35 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 15:35 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 15:35 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 15:35 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 15:35 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 15:35 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 15:35 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 15:35 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 15:35 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 15:35 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 15:35 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 15:35 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 15:35 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 15:35 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 15:35 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 15:35 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 15:35 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 15:35 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 15:35 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 15:35 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 15:35 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 15:35 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 15:35 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 15:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-13 15:33 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 15:33 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 15:33 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 15:33 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 15:31 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 15:31 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 13:41 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 13:41 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 13:41 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 13:41 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 13:41 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 13:41 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 13:41 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 13:41 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 13:41 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 13:41 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 13:41 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 13:41 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 13:41 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 13:41 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-26 15:46 --------- d-----w C:\Program Files\Canon
2008-01-20 16:37 --------- d-----w C:\ProgramData\FLEXnet
2008-01-14 01:54 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 10:08 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-13 10:08 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-13 10:08 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-13 10:08 --------- d-----w C:\Program Files\Windows Sidebar
2007-12-20 16:45 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-20 16:45 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-20 16:45 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-20 16:44 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-20 16:44 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-20 16:44 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-20 16:44 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-09-08 16:41 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8607BAF-0EB3-473C-84C9-F3A5B901A796}]
2008-02-13 01:15 231424 --a------ C:\Windows\AcroIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 18:08 1232896]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-12 02:35 1006264]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-18 06:38 80688]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-08 05:45 97072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-10 05:32 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-10 05:32 133912]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-02 05:38 4390912 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-24 04:15 827392]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [ ]
"TvOutSwitch"="c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-04-17 09:08 86016]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2005-07-22 05:21 242688]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-07-22 05:20 61440]
"PSUtility"="c:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 16:37 136744]
"SSUtility"="c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-13 03:02 239144]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 13:26 68640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 13:17 52256]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\updnavi\updatenv.exe" [2007-01-11 08:09 163840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [2006-11-11 03:12 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2007-05-16 03:13]
R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2006-10-04 05:23]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2006-10-13 02:47]
R2 FJSPA;FJSPA;C:\Program Files\Fujitsu\FJSPA\FJSPA.sys [2006-12-07 17:18]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\Program Files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 16:37]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-03 05:56]
R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2007-01-11 08:09]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 19:59]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-31 02:57]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-14 20:40]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 15:30]
R3 tap0901;TAP-Win32 Adapter V9;C:\Windows\system32\DRIVERS\tap0901.sys [2007-04-26 07:53]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-30 00:16]
S3 ADVNTDRV;ADVNTDRV;C:\Windows\system32\drivers\ADVNTDRV.SYS [1999-11-18 17:20]
S3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 17:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f139507-7159-11dc-adc9-00037acb2be3}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d79b448-607a-11dc-b5a8-00037acb2be3}]
\shell\Auto\command - setup.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 11:25:12
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 11:26:00
ComboFix-quarantined-files.txt 2008-02-15 03:25:59
.
2008-02-15 01:08:33 --- E O F ---


this is the HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:56 AM, on 15/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {A8607BAF-0EB3-473C-84C9-F3A5B901A796} - C:\Windows\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [SSUtility] c:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: o2flash - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

--
End of file - 9289 bytes

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 23 February 2008 - 04:55 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments or inside code boxes,thanks.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users