Tech Support Forum - View Single Post - [SOLVED] virus that tries to infect me with other malware

urrong · 11-29-2007, 12:57 PM

Hi,
Thanks for your reply. Here are the logs:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:15, on 30.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: lstfasmy - lstfasmy.dll (file missing)
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 9033 bytes

ComboFix:

ComboFix 07-11-30.3 - Ernest 2007-11-29 20:44:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT 1:00]
Running from: C:\Documents and Settings\Ernest\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Ernest\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\BestsellerAntivirus
C:\Program Files\Common Files\BestsellerAntivirus\bm.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ajgvqeyn.exe
C:\WINDOWS\system32\buxmbxsl.exe
C:\WINDOWS\system32\cdfnjlll.exe
C:\WINDOWS\system32\ciorspxi.exe
C:\WINDOWS\system32\cnpgnvxi.exe
C:\WINDOWS\system32\dfvbpmhr.exe
C:\WINDOWS\system32\drivers\fmtr.sys
C:\WINDOWS\system32\drskqjls.exe
C:\WINDOWS\system32\drsugmvo.exe
C:\WINDOWS\system32\dxfcvtbl.ini
C:\WINDOWS\system32\dymxsqmn.dll
C:\WINDOWS\system32\eixcsegt.ini
C:\WINDOWS\system32\eriwvpsl.exe
C:\WINDOWS\system32\evpokhxx.dll
C:\WINDOWS\system32\faraddtc.exe
C:\WINDOWS\system32\fnjikbhj.exe
C:\WINDOWS\system32\frvmvcgq.exe
C:\WINDOWS\system32\giqhmuuw.dll
C:\WINDOWS\system32\gqvdsjbo.dll
C:\WINDOWS\system32\jwpjmtes.exe
C:\WINDOWS\system32\kaskfral.exe
C:\WINDOWS\system32\lajiblrt.exe
C:\WINDOWS\system32\lbtvcfxd.dll
C:\WINDOWS\system32\lcubotlt.ini
C:\WINDOWS\system32\lihbpwjk.exe
C:\WINDOWS\system32\lstfasmy.dllbox
C:\WINDOWS\system32\mfwhgsul.exe
C:\WINDOWS\system32\ngihouvl.exe
C:\WINDOWS\system32\nlxricba.exe
C:\WINDOWS\system32\nmqsxmyd.ini
C:\WINDOWS\system32\objsdvqg.ini
C:\WINDOWS\system32\qofpaoch.exe
C:\WINDOWS\system32\rbexxemg.exe
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini2
C:\WINDOWS\system32\rqstv.tmp
C:\WINDOWS\system32\skatqjhv.exe
C:\WINDOWS\system32\sywkqhiq.exe
C:\WINDOWS\system32\tgescxie.dll
C:\WINDOWS\system32\tltobucl.dll
C:\WINDOWS\system32\ughmbuhv.exe
C:\WINDOWS\system32\uqalhqcn.exe
C:\WINDOWS\system32\usgbwjmv.exe
C:\WINDOWS\system32\utpesswp.exe
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\wuumhqig.ini
C:\WINDOWS\system32\xxhkopve.ini
C:\WINDOWS\system32\yytrfqpx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-29 16:28 . 2007-11-29 16:28 145,984 --a------ C:\WINDOWS\system32\booymxeg.dll
2007-11-28 16:25 . 2007-11-28 16:25 145,984 --a------ C:\WINDOWS\system32\ytexsifn.dll
2007-11-27 15:41 . 2007-11-27 15:41 <DIR> d-------- C:\Program Files\uTorrent
2007-11-27 15:41 . 2007-11-29 20:42 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\uTorrent
2007-11-27 15:16 . 2007-11-27 15:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 15:16 . 2007-11-27 15:16 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-27 15:15 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\iTunes
2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\iPod
2007-11-27 15:14 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\QuickTime
2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-26 16:28 . 2007-11-26 16:28 <DIR> d-------- C:\Deckard
2007-11-26 16:25 . 2007-11-26 16:25 145,984 --a------ C:\WINDOWS\system32\issdroln.dll
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\ie-spyad_zo
2007-11-25 16:22 . 2007-11-25 16:22 145,984 --a------ C:\WINDOWS\system32\rskcrkjt.dll
2007-11-25 16:18 . 2007-11-25 16:18 145,984 --a------ C:\WINDOWS\system32\dduiuyau.dll
2007-11-25 16:06 . 2007-11-25 16:06 145,984 --a------ C:\WINDOWS\system32\cfpgnnoq.dll
2007-11-25 16:03 . 2007-11-25 16:03 145,984 --a------ C:\WINDOWS\system32\iwjvjeib.dll
2007-11-25 12:22 . 2007-11-25 12:22 38 --a------ C:\WINDOWS\DeskToppers.ini
2007-11-25 12:15 . 2007-11-25 12:22 <DIR> d-------- C:\Program Files\ScreenMates
2007-11-24 11:50 . 2007-11-25 10:55 888,650 --ahs---- C:\WINDOWS\system32\vjcrrtdk.ini
2007-11-24 11:45 . 2007-11-24 11:45 145,984 --a------ C:\WINDOWS\system32\hnbdslmb.dll
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-23 17:51 . 2007-11-24 11:45 956,339 --ahs---- C:\WINDOWS\system32\coiyiwox.ini
2007-11-23 17:48 . 2007-11-23 17:48 145,984 --a------ C:\WINDOWS\system32\oaoquwca.dll
2007-11-23 03:00 . 2007-11-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-22 17:50 . 2007-11-23 17:50 996,395 --ahs---- C:\WINDOWS\system32\prnykmsp.ini
2007-11-22 17:49 . 2007-11-22 17:49 145,984 --a------ C:\WINDOWS\system32\gdpckulr.dll
2007-11-21 17:52 . 2007-11-21 17:52 851,700 --ahs---- C:\WINDOWS\system32\djlrjyri.ini
2007-11-21 17:49 . 2007-11-21 17:49 145,984 --a------ C:\WINDOWS\system32\kcwmlkrv.dll
2007-11-20 17:47 . 2007-11-21 17:47 905,362 --ahs---- C:\WINDOWS\system32\lylmmbgu.ini
2007-11-20 17:47 . 2007-11-20 17:47 145,984 --a------ C:\WINDOWS\system32\iuytwduf.dll
2007-11-20 00:13 . 2007-11-20 00:13 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-19 17:51 . 2007-11-20 13:53 689,780 --ahs---- C:\WINDOWS\system32\aidaewvv.ini
2007-11-19 17:48 . 2007-11-19 17:48 145,984 --a------ C:\WINDOWS\system32\dktlfsqs.dll
2007-11-18 17:53 . 2007-11-19 15:27 678,220 --ahs---- C:\WINDOWS\system32\fmctsjeu.ini
2007-11-18 17:50 . 2007-11-18 17:50 145,984 --a------ C:\WINDOWS\system32\asivgnmu.dll
2007-11-18 12:27 . 2007-11-18 12:27 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield
2007-11-18 12:26 . 2007-11-18 12:27 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-18 12:24 . 2007-11-18 12:25 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-18 12:24 . 2007-11-18 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-18 12:24 . 2007-11-18 12:24 24,192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys
2007-11-17 17:55 . 2007-11-18 17:53 678,100 --ahs---- C:\WINDOWS\system32\dncwjpub.ini
2007-11-17 17:52 . 2007-11-17 17:52 145,984 --a------ C:\WINDOWS\system32\vspyafby.dll
2007-11-17 16:52 . 2007-11-17 16:52 677,980 --ahs---- C:\WINDOWS\system32\fdvevgxt.ini
2007-11-16 10:14 . 2007-11-17 16:46 294 --ahs---- C:\WINDOWS\system32\wiskejbp.ini
2007-11-16 10:11 . 2007-11-16 10:11 145,984 --a------ C:\WINDOWS\system32\ingymkuo.dll
2007-11-15 10:16 . 2007-11-16 08:23 598,510 --ahs---- C:\WINDOWS\system32\rnrelimf.ini
2007-11-15 10:13 . 2007-11-15 10:13 145,984 --a------ C:\WINDOWS\system32\hiwwxlpx.dll
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 20:49 . 2007-11-15 09:10 595,002 --ahs---- C:\WINDOWS\system32\wekfflas.ini
2007-11-14 20:43 . 2007-11-14 20:43 145,984 --a------ C:\WINDOWS\system32\hftisxgu.dll
2007-11-13 20:45 . 2007-11-14 20:45 594,822 --ahs---- C:\WINDOWS\system32\iihalmyk.ini
2007-11-13 20:42 . 2007-11-13 20:42 145,984 --a------ C:\WINDOWS\system32\oondmyno.dll
2007-11-13 18:47 . 2007-11-19 21:30 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2
2007-11-13 18:45 . 2007-11-13 18:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-13 18:11 . 2007-11-13 18:12 <DIR> d-------- C:\visioowriter
2007-11-12 20:43 . 2007-11-13 20:44 630,955 --ahs---- C:\WINDOWS\system32\pbubbjbc.ini
2007-11-12 20:37 . 2007-11-12 20:37 145,984 --a------ C:\WINDOWS\system32\aniffnes.dll
2007-11-12 16:42 . 2007-11-13 08:14 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-12 16:32 . 2007-11-12 16:32 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-12 16:32 . 2007-11-12 16:46 <DIR> d-------- C:\Program Files\VentSrv
2007-11-11 20:41 . 2007-11-12 20:42 551,964 --ahs---- C:\WINDOWS\system32\itndobim.ini
2007-11-11 20:38 . 2007-11-11 20:38 145,984 --a------ C:\WINDOWS\system32\ssvgakum.dll
2007-11-10 22:38 . 2007-11-10 22:39 <DIR> d-------- C:\Half-Life Editing
2007-11-10 22:37 . 2007-11-10 22:37 <DIR> d-------- C:\hl-edit
2007-11-10 20:47 . 2007-11-10 20:48 545,634 --ahs---- C:\WINDOWS\system32\wecfrgvg.ini
2007-11-10 20:41 . 2007-11-10 20:41 145,984 --a------ C:\WINDOWS\system32\nibwkpxv.dll
2007-11-09 21:02 . 2007-11-09 21:07 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\GSC
2007-11-09 20:42 . 2007-11-10 20:43 545,574 --ahs---- C:\WINDOWS\system32\vhbyakhd.ini
2007-11-09 20:36 . 2007-11-09 20:36 145,984 --a------ C:\WINDOWS\system32\sfnpsnuo.dll
2007-11-08 20:42 . 2007-11-09 15:58 578,989 --ahs---- C:\WINDOWS\system32\sqydaakg.ini
2007-11-08 20:36 . 2007-11-08 20:36 145,984 --a------ C:\WINDOWS\system32\icjaaxsw.dll
2007-11-08 17:27 . 2007-11-08 17:27 145,984 --a------ C:\WINDOWS\system32\aonfvnqq.dll
2007-11-08 10:32 . 2007-11-25 17:26 <DIR> d-------- C:\csdecals
2007-11-07 19:41 . 2007-11-07 19:41 <DIR> d-------- C:\USAF Mini Pro
2007-11-07 17:26 . 2007-11-08 17:31 565,190 --ahs---- C:\WINDOWS\system32\vggdibqb.ini
2007-11-07 17:20 . 2007-11-07 17:20 145,984 --a------ C:\WINDOWS\system32\oinqtsqm.dll
2007-11-06 19:45 . 2007-11-06 19:45 <DIR> d-------- C:\NVIDIA
2007-11-06 17:24 . 2007-11-06 17:24 145,984 --a------ C:\WINDOWS\system32\kbijcpvd.dll
2007-11-05 17:26 . 2007-11-06 17:26 570,229 --ahs---- C:\WINDOWS\system32\cwbfltqe.ini
2007-11-04 17:23 . 2007-11-05 17:23 576,904 --ahs---- C:\WINDOWS\system32\ooktgwvg.ini
2007-11-04 12:03 . 2007-11-04 12:03 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM
2007-11-03 17:28 . 2007-11-04 10:53 577,085 --ahs---- C:\WINDOWS\system32\raodqnxe.ini
2007-11-02 18:35 . 2007-11-02 18:35 <DIR> d-------- C:\Program Files\Hamachi
2007-11-02 18:35 . 2007-11-05 23:31 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi
2007-11-02 18:35 . 2007-11-02 18:35 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-02 17:25 . 2007-11-03 17:25 576,905 --ahs---- C:\WINDOWS\system32\xjqfpule.ini
2007-10-31 13:57 . 2007-11-01 12:50 577,737 --ahs---- C:\WINDOWS\system32\dcnvdess.ini
2007-10-30 14:54 . 2007-11-25 14:29 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab
2007-10-30 10:48 . 2007-10-30 10:48 65,536 --a------ C:\WINDOWS\system32\akpg.dll
2007-10-30 10:48 . 2007-10-30 10:48 40,960 --a------ C:\WINDOWS\system32\akins.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 09:48 9,493 ----a-w C:\WINDOWS\system32\drivers\akpcsc.sys
2007-10-23 21:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 22:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-22 21:57 --------- d-----w C:\Program Files\Analog Devices
2007-10-22 21:55 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-22 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-22 21:51 --------- d-----w C:\Program Files\ASUSTeK
2007-10-22 21:37 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Felix"="C:\Program Files\ScreenMates\felix.exe" [2007-11-25 12:13]
"KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [2007-11-25 12:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 22:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2005-01-06 19:01]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy]
lstfasmy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll

R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe
R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe
R2 PBParallel;PBParallel;C:\WINDOWS\system32\drivers\PBParallel.sys
R2 PBSmartcard;PBSmartcard;C:\WINDOWS\system32\drivers\PBSmartcard.sys
R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys
R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys
R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
S2 ACR;PC/SC ActivCard ActivReader;C:\WINDOWS\system32\DRIVERS\acr.sys
S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys
S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys
S3 AKSIM;ActivKey Sim;C:\WINDOWS\system32\drivers\aksim.sys
S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR24X.sys
S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}]
\Shell\AutoRun\command - H:\Urrong.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 20:49:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 20:50:47 - machine was rebooted
.
--- E O F ---

11-29-2007, 12:57 PM	#4 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware Hi, Thanks for your reply. Here are the logs: Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:52:15, on 30.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ActivCard\acautoreg.exe C:\Program Files\Common Files\ActivCard\accoca.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: lstfasmy - lstfasmy.dll (file missing) O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) -- End of file - 9033 bytes ComboFix: ComboFix 07-11-30.3 - Ernest 2007-11-29 20:44:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT 1:00] Running from: C:\Documents and Settings\Ernest\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Ernest\Favorites\Online Security Guide.lnk C:\Program Files\Common Files\BestsellerAntivirus C:\Program Files\Common Files\BestsellerAntivirus\bm.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\ajgvqeyn.exe C:\WINDOWS\system32\buxmbxsl.exe C:\WINDOWS\system32\cdfnjlll.exe C:\WINDOWS\system32\ciorspxi.exe C:\WINDOWS\system32\cnpgnvxi.exe C:\WINDOWS\system32\dfvbpmhr.exe C:\WINDOWS\system32\drivers\fmtr.sys C:\WINDOWS\system32\drskqjls.exe C:\WINDOWS\system32\drsugmvo.exe C:\WINDOWS\system32\dxfcvtbl.ini C:\WINDOWS\system32\dymxsqmn.dll C:\WINDOWS\system32\eixcsegt.ini C:\WINDOWS\system32\eriwvpsl.exe C:\WINDOWS\system32\evpokhxx.dll C:\WINDOWS\system32\faraddtc.exe C:\WINDOWS\system32\fnjikbhj.exe C:\WINDOWS\system32\frvmvcgq.exe C:\WINDOWS\system32\giqhmuuw.dll C:\WINDOWS\system32\gqvdsjbo.dll C:\WINDOWS\system32\jwpjmtes.exe C:\WINDOWS\system32\kaskfral.exe C:\WINDOWS\system32\lajiblrt.exe C:\WINDOWS\system32\lbtvcfxd.dll C:\WINDOWS\system32\lcubotlt.ini C:\WINDOWS\system32\lihbpwjk.exe C:\WINDOWS\system32\lstfasmy.dllbox C:\WINDOWS\system32\mfwhgsul.exe C:\WINDOWS\system32\ngihouvl.exe C:\WINDOWS\system32\nlxricba.exe C:\WINDOWS\system32\nmqsxmyd.ini C:\WINDOWS\system32\objsdvqg.ini C:\WINDOWS\system32\qofpaoch.exe C:\WINDOWS\system32\rbexxemg.exe C:\WINDOWS\system32\rqstv.bak1 C:\WINDOWS\system32\rqstv.bak2 C:\WINDOWS\system32\rqstv.ini C:\WINDOWS\system32\rqstv.ini2 C:\WINDOWS\system32\rqstv.tmp C:\WINDOWS\system32\skatqjhv.exe C:\WINDOWS\system32\sywkqhiq.exe C:\WINDOWS\system32\tgescxie.dll C:\WINDOWS\system32\tltobucl.dll C:\WINDOWS\system32\ughmbuhv.exe C:\WINDOWS\system32\uqalhqcn.exe C:\WINDOWS\system32\usgbwjmv.exe C:\WINDOWS\system32\utpesswp.exe C:\WINDOWS\system32\vtsqr.dll C:\WINDOWS\system32\wuumhqig.ini C:\WINDOWS\system32\xxhkopve.ini C:\WINDOWS\system32\yytrfqpx.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-29 16:28 . 2007-11-29 16:28 145,984 --a------ C:\WINDOWS\system32\booymxeg.dll 2007-11-28 16:25 . 2007-11-28 16:25 145,984 --a------ C:\WINDOWS\system32\ytexsifn.dll 2007-11-27 15:41 . 2007-11-27 15:41 <DIR> d-------- C:\Program Files\uTorrent 2007-11-27 15:41 . 2007-11-29 20:42 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\uTorrent 2007-11-27 15:16 . 2007-11-27 15:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-27 15:16 . 2007-11-27 15:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-27 15:15 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\iTunes 2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\iPod 2007-11-27 15:14 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\QuickTime 2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-11-26 16:28 . 2007-11-26 16:28 <DIR> d-------- C:\Deckard 2007-11-26 16:25 . 2007-11-26 16:25 145,984 --a------ C:\WINDOWS\system32\issdroln.dll 2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\ie-spyad_zo 2007-11-25 16:22 . 2007-11-25 16:22 145,984 --a------ C:\WINDOWS\system32\rskcrkjt.dll 2007-11-25 16:18 . 2007-11-25 16:18 145,984 --a------ C:\WINDOWS\system32\dduiuyau.dll 2007-11-25 16:06 . 2007-11-25 16:06 145,984 --a------ C:\WINDOWS\system32\cfpgnnoq.dll 2007-11-25 16:03 . 2007-11-25 16:03 145,984 --a------ C:\WINDOWS\system32\iwjvjeib.dll 2007-11-25 12:22 . 2007-11-25 12:22 38 --a------ C:\WINDOWS\DeskToppers.ini 2007-11-25 12:15 . 2007-11-25 12:22 <DIR> d-------- C:\Program Files\ScreenMates 2007-11-24 11:50 . 2007-11-25 10:55 888,650 --ahs---- C:\WINDOWS\system32\vjcrrtdk.ini 2007-11-24 11:45 . 2007-11-24 11:45 145,984 --a------ C:\WINDOWS\system32\hnbdslmb.dll 2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-11-23 17:51 . 2007-11-24 11:45 956,339 --ahs---- C:\WINDOWS\system32\coiyiwox.ini 2007-11-23 17:48 . 2007-11-23 17:48 145,984 --a------ C:\WINDOWS\system32\oaoquwca.dll 2007-11-23 03:00 . 2007-11-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-22 17:50 . 2007-11-23 17:50 996,395 --ahs---- C:\WINDOWS\system32\prnykmsp.ini 2007-11-22 17:49 . 2007-11-22 17:49 145,984 --a------ C:\WINDOWS\system32\gdpckulr.dll 2007-11-21 17:52 . 2007-11-21 17:52 851,700 --ahs---- C:\WINDOWS\system32\djlrjyri.ini 2007-11-21 17:49 . 2007-11-21 17:49 145,984 --a------ C:\WINDOWS\system32\kcwmlkrv.dll 2007-11-20 17:47 . 2007-11-21 17:47 905,362 --ahs---- C:\WINDOWS\system32\lylmmbgu.ini 2007-11-20 17:47 . 2007-11-20 17:47 145,984 --a------ C:\WINDOWS\system32\iuytwduf.dll 2007-11-20 00:13 . 2007-11-20 00:13 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-19 17:51 . 2007-11-20 13:53 689,780 --ahs---- C:\WINDOWS\system32\aidaewvv.ini 2007-11-19 17:48 . 2007-11-19 17:48 145,984 --a------ C:\WINDOWS\system32\dktlfsqs.dll 2007-11-18 17:53 . 2007-11-19 15:27 678,220 --ahs---- C:\WINDOWS\system32\fmctsjeu.ini 2007-11-18 17:50 . 2007-11-18 17:50 145,984 --a------ C:\WINDOWS\system32\asivgnmu.dll 2007-11-18 12:27 . 2007-11-18 12:27 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield 2007-11-18 12:26 . 2007-11-18 12:27 <DIR> d-------- C:\Program Files\Avanquest update 2007-11-18 12:24 . 2007-11-18 12:25 <DIR> d-------- C:\Program Files\Motorola Phone Tools 2007-11-18 12:24 . 2007-11-18 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-11-18 12:24 . 2007-11-18 12:24 24,192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys 2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys 2007-11-17 17:55 . 2007-11-18 17:53 678,100 --ahs---- C:\WINDOWS\system32\dncwjpub.ini 2007-11-17 17:52 . 2007-11-17 17:52 145,984 --a------ C:\WINDOWS\system32\vspyafby.dll 2007-11-17 16:52 . 2007-11-17 16:52 677,980 --ahs---- C:\WINDOWS\system32\fdvevgxt.ini 2007-11-16 10:14 . 2007-11-17 16:46 294 --ahs---- C:\WINDOWS\system32\wiskejbp.ini 2007-11-16 10:11 . 2007-11-16 10:11 145,984 --a------ C:\WINDOWS\system32\ingymkuo.dll 2007-11-15 10:16 . 2007-11-16 08:23 598,510 --ahs---- C:\WINDOWS\system32\rnrelimf.ini 2007-11-15 10:13 . 2007-11-15 10:13 145,984 --a------ C:\WINDOWS\system32\hiwwxlpx.dll 2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-14 20:49 . 2007-11-15 09:10 595,002 --ahs---- C:\WINDOWS\system32\wekfflas.ini 2007-11-14 20:43 . 2007-11-14 20:43 145,984 --a------ C:\WINDOWS\system32\hftisxgu.dll 2007-11-13 20:45 . 2007-11-14 20:45 594,822 --ahs---- C:\WINDOWS\system32\iihalmyk.ini 2007-11-13 20:42 . 2007-11-13 20:42 145,984 --a------ C:\WINDOWS\system32\oondmyno.dll 2007-11-13 18:47 . 2007-11-19 21:30 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2 2007-11-13 18:45 . 2007-11-13 18:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-13 18:11 . 2007-11-13 18:12 <DIR> d-------- C:\visioowriter 2007-11-12 20:43 . 2007-11-13 20:44 630,955 --ahs---- C:\WINDOWS\system32\pbubbjbc.ini 2007-11-12 20:37 . 2007-11-12 20:37 145,984 --a------ C:\WINDOWS\system32\aniffnes.dll 2007-11-12 16:42 . 2007-11-13 08:14 <DIR> d-------- C:\Program Files\Ventrilo 2007-11-12 16:32 . 2007-11-12 16:32 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-12 16:32 . 2007-11-12 16:46 <DIR> d-------- C:\Program Files\VentSrv 2007-11-11 20:41 . 2007-11-12 20:42 551,964 --ahs---- C:\WINDOWS\system32\itndobim.ini 2007-11-11 20:38 . 2007-11-11 20:38 145,984 --a------ C:\WINDOWS\system32\ssvgakum.dll 2007-11-10 22:38 . 2007-11-10 22:39 <DIR> d-------- C:\Half-Life Editing 2007-11-10 22:37 . 2007-11-10 22:37 <DIR> d-------- C:\hl-edit 2007-11-10 20:47 . 2007-11-10 20:48 545,634 --ahs---- C:\WINDOWS\system32\wecfrgvg.ini 2007-11-10 20:41 . 2007-11-10 20:41 145,984 --a------ C:\WINDOWS\system32\nibwkpxv.dll 2007-11-09 21:02 . 2007-11-09 21:07 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\GSC 2007-11-09 20:42 . 2007-11-10 20:43 545,574 --ahs---- C:\WINDOWS\system32\vhbyakhd.ini 2007-11-09 20:36 . 2007-11-09 20:36 145,984 --a------ C:\WINDOWS\system32\sfnpsnuo.dll 2007-11-08 20:42 . 2007-11-09 15:58 578,989 --ahs---- C:\WINDOWS\system32\sqydaakg.ini 2007-11-08 20:36 . 2007-11-08 20:36 145,984 --a------ C:\WINDOWS\system32\icjaaxsw.dll 2007-11-08 17:27 . 2007-11-08 17:27 145,984 --a------ C:\WINDOWS\system32\aonfvnqq.dll 2007-11-08 10:32 . 2007-11-25 17:26 <DIR> d-------- C:\csdecals 2007-11-07 19:41 . 2007-11-07 19:41 <DIR> d-------- C:\USAF Mini Pro 2007-11-07 17:26 . 2007-11-08 17:31 565,190 --ahs---- C:\WINDOWS\system32\vggdibqb.ini 2007-11-07 17:20 . 2007-11-07 17:20 145,984 --a------ C:\WINDOWS\system32\oinqtsqm.dll 2007-11-06 19:45 . 2007-11-06 19:45 <DIR> d-------- C:\NVIDIA 2007-11-06 17:24 . 2007-11-06 17:24 145,984 --a------ C:\WINDOWS\system32\kbijcpvd.dll 2007-11-05 17:26 . 2007-11-06 17:26 570,229 --ahs---- C:\WINDOWS\system32\cwbfltqe.ini 2007-11-04 17:23 . 2007-11-05 17:23 576,904 --ahs---- C:\WINDOWS\system32\ooktgwvg.ini 2007-11-04 12:03 . 2007-11-04 12:03 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM 2007-11-03 17:28 . 2007-11-04 10:53 577,085 --ahs---- C:\WINDOWS\system32\raodqnxe.ini 2007-11-02 18:35 . 2007-11-02 18:35 <DIR> d-------- C:\Program Files\Hamachi 2007-11-02 18:35 . 2007-11-05 23:31 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi 2007-11-02 18:35 . 2007-11-02 18:35 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-11-02 17:25 . 2007-11-03 17:25 576,905 --ahs---- C:\WINDOWS\system32\xjqfpule.ini 2007-10-31 13:57 . 2007-11-01 12:50 577,737 --ahs---- C:\WINDOWS\system32\dcnvdess.ini 2007-10-30 14:54 . 2007-11-25 14:29 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\WINDOWS\Sun 2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab 2007-10-30 10:48 . 2007-10-30 10:48 65,536 --a------ C:\WINDOWS\system32\akpg.dll 2007-10-30 10:48 . 2007-10-30 10:48 40,960 --a------ C:\WINDOWS\system32\akins.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-30 09:48 9,493 ----a-w C:\WINDOWS\system32\drivers\akpcsc.sys 2007-10-23 21:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-22 22:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-22 21:57 --------- d-----w C:\Program Files\Analog Devices 2007-10-22 21:55 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-10-22 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-22 21:51 --------- d-----w C:\Program Files\ASUSTeK 2007-10-22 21:37 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Felix"="C:\Program Files\ScreenMates\felix.exe" [2007-11-25 12:13] "KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [2007-11-25 12:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 22:04] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl] "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2005-01-06 19:01] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy] lstfasmy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe R2 PBParallel;PBParallel;C:\WINDOWS\system32\drivers\PBParallel.sys R2 PBSmartcard;PBSmartcard;C:\WINDOWS\system32\drivers\PBSmartcard.sys R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys S2 ACR;PC/SC ActivCard ActivReader;C:\WINDOWS\system32\DRIVERS\acr.sys S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys S3 AKSIM;ActivKey Sim;C:\WINDOWS\system32\drivers\aksim.sys S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR24X.sys S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}] \Shell\AutoRun\command - H:\Urrong.exe . Contents of the 'Scheduled Tasks' folder "2007-11-10 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-29 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 20:49:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-30 20:50:47 - machine was rebooted . --- E O F ---