Tech Support Forum - View Single Post - [SOLVED] virus that tries to infect me with other malware

urrong · 11-29-2007, 04:12 PM

The urrong.exe app hides all my files on USB stick so that no noe else can see them unless they know some stuff about computers (it only hides and make them system files). Cuz it is made in batch it is very simple. I go to computer related school but i am 1st grade middle school so i dont know that much about other programming languages. Here are the logs:

CF:

ComboFix 07-11-30.3 - Ernest 2007-11-30 23:58:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT 1:00]
Running from: C:\Documents and Settings\Ernest\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ernest\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aidaewvv.ini
C:\WINDOWS\system32\aniffnes.dll
C:\WINDOWS\system32\aonfvnqq.dll
C:\WINDOWS\system32\asivgnmu.dll
C:\WINDOWS\system32\cfpgnnoq.dll
C:\WINDOWS\system32\coiyiwox.ini
C:\WINDOWS\system32\cwbfltqe.ini
C:\WINDOWS\system32\dcnvdess.ini
C:\WINDOWS\system32\djlrjyri.ini
C:\WINDOWS\system32\dktlfsqs.dll
C:\WINDOWS\system32\dncwjpub.ini
C:\WINDOWS\system32\fdvevgxt.ini
C:\WINDOWS\system32\fmctsjeu.ini
C:\WINDOWS\system32\gdpckulr.dll
C:\WINDOWS\system32\hftisxgu.dll
C:\WINDOWS\system32\hiwwxlpx.dll
C:\WINDOWS\system32\hnbdslmb.dll
C:\WINDOWS\system32\icjaaxsw.dll
C:\WINDOWS\system32\iihalmyk.ini
C:\WINDOWS\system32\ingymkuo.dll
C:\WINDOWS\system32\itndobim.ini
C:\WINDOWS\system32\iuytwduf.dll
C:\WINDOWS\system32\iwjvjeib.dll
C:\WINDOWS\system32\kbijcpvd.dll
C:\WINDOWS\system32\kcwmlkrv.dll
C:\WINDOWS\system32\lylmmbgu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nibwkpxv.dll
C:\WINDOWS\system32\oaoquwca.dll
C:\WINDOWS\system32\oinqtsqm.dll
C:\WINDOWS\system32\ooktgwvg.ini
C:\WINDOWS\system32\oondmyno.dll
C:\WINDOWS\system32\pbubbjbc.ini
C:\WINDOWS\system32\prnykmsp.ini
C:\WINDOWS\system32\raodqnxe.ini
C:\WINDOWS\system32\rnrelimf.ini
C:\WINDOWS\system32\sfnpsnuo.dll
C:\WINDOWS\system32\sqydaakg.ini
C:\WINDOWS\system32\ssvgakum.dll
C:\WINDOWS\system32\vggdibqb.ini
C:\WINDOWS\system32\vhbyakhd.ini
C:\WINDOWS\system32\vjcrrtdk.ini
C:\WINDOWS\system32\vspyafby.dll
C:\WINDOWS\system32\wecfrgvg.ini
C:\WINDOWS\system32\wekfflas.ini
C:\WINDOWS\system32\wiskejbp.ini
C:\WINDOWS\system32\xjqfpule.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aidaewvv.ini
C:\WINDOWS\system32\aniffnes.dll
C:\WINDOWS\system32\aonfvnqq.dll
C:\WINDOWS\system32\asivgnmu.dll
C:\WINDOWS\system32\cfpgnnoq.dll
C:\WINDOWS\system32\coiyiwox.ini
C:\WINDOWS\system32\cwbfltqe.ini
C:\WINDOWS\system32\dcnvdess.ini
C:\WINDOWS\system32\dduiuyau.dll
C:\WINDOWS\system32\djlrjyri.ini
C:\WINDOWS\system32\dktlfsqs.dll
C:\WINDOWS\system32\dncwjpub.ini
C:\WINDOWS\system32\fdvevgxt.ini
C:\WINDOWS\system32\fmctsjeu.ini
C:\WINDOWS\system32\gdpckulr.dll
C:\WINDOWS\system32\hftisxgu.dll
C:\WINDOWS\system32\hiwwxlpx.dll
C:\WINDOWS\system32\hnbdslmb.dll
C:\WINDOWS\system32\icjaaxsw.dll
C:\WINDOWS\system32\iihalmyk.ini
C:\WINDOWS\system32\ingymkuo.dll
C:\WINDOWS\system32\issdroln.dll
C:\WINDOWS\system32\itndobim.ini
C:\WINDOWS\system32\iuytwduf.dll
C:\WINDOWS\system32\iwjvjeib.dll
C:\WINDOWS\system32\kbijcpvd.dll
C:\WINDOWS\system32\kcwmlkrv.dll
C:\WINDOWS\system32\lylmmbgu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nibwkpxv.dll
C:\WINDOWS\system32\oaoquwca.dll
C:\WINDOWS\system32\oinqtsqm.dll
C:\WINDOWS\system32\ooktgwvg.ini
C:\WINDOWS\system32\oondmyno.dll
C:\WINDOWS\system32\pbubbjbc.ini
C:\WINDOWS\system32\prnykmsp.ini
C:\WINDOWS\system32\raodqnxe.ini
C:\WINDOWS\system32\rnrelimf.ini
C:\WINDOWS\system32\rskcrkjt.dll
C:\WINDOWS\system32\sfnpsnuo.dll
C:\WINDOWS\system32\sqydaakg.ini
C:\WINDOWS\system32\ssvgakum.dll
C:\WINDOWS\system32\vggdibqb.ini
C:\WINDOWS\system32\vhbyakhd.ini
C:\WINDOWS\system32\vjcrrtdk.ini
C:\WINDOWS\system32\vspyafby.dll
C:\WINDOWS\system32\wecfrgvg.ini
C:\WINDOWS\system32\wekfflas.ini
C:\WINDOWS\system32\wiskejbp.ini
C:\WINDOWS\system32\xjqfpule.ini
C:\WINDOWS\system32\ytexsifn.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-29 16:28 . 2007-11-29 16:28 145,984 --a------ C:\WINDOWS\system32\booymxeg.dll
2007-11-27 15:41 . 2007-11-27 15:41 <DIR> d-------- C:\Program Files\uTorrent
2007-11-27 15:41 . 2007-11-29 20:42 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\uTorrent
2007-11-27 15:16 . 2007-11-30 20:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 15:16 . 2007-11-27 15:16 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-27 15:15 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\iTunes
2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\iPod
2007-11-27 15:14 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\QuickTime
2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-26 16:28 . 2007-11-26 16:28 <DIR> d-------- C:\Deckard
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\ie-spyad_zo
2007-11-25 12:22 . 2007-11-25 12:22 38 --a------ C:\WINDOWS\DeskToppers.ini
2007-11-25 12:15 . 2007-11-25 12:22 <DIR> d-------- C:\Program Files\ScreenMates
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-23 03:00 . 2007-11-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-18 12:27 . 2007-11-18 12:27 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield
2007-11-18 12:26 . 2007-11-18 12:27 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-18 12:24 . 2007-11-18 12:25 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-18 12:24 . 2007-11-18 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-18 12:24 . 2007-11-18 12:24 24,192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-13 18:47 . 2007-11-19 21:30 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2
2007-11-13 18:45 . 2007-11-13 18:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-13 18:11 . 2007-11-13 18:12 <DIR> d-------- C:\visioowriter
2007-11-12 16:42 . 2007-11-13 08:14 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-12 16:32 . 2007-11-12 16:32 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-12 16:32 . 2007-11-12 16:46 <DIR> d-------- C:\Program Files\VentSrv
2007-11-10 22:38 . 2007-11-10 22:39 <DIR> d-------- C:\Half-Life Editing
2007-11-10 22:37 . 2007-11-10 22:37 <DIR> d-------- C:\hl-edit
2007-11-09 21:02 . 2007-11-09 21:07 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\GSC
2007-11-08 10:32 . 2007-11-30 21:29 <DIR> d-------- C:\csdecals
2007-11-07 19:41 . 2007-11-07 19:41 <DIR> d-------- C:\USAF Mini Pro
2007-11-06 19:45 . 2007-11-06 19:45 <DIR> d-------- C:\NVIDIA
2007-11-04 12:03 . 2007-11-04 12:03 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM
2007-11-02 18:35 . 2007-11-02 18:35 <DIR> d-------- C:\Program Files\Hamachi
2007-11-02 18:35 . 2007-11-05 23:31 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi
2007-11-02 18:35 . 2007-11-02 18:35 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-30 14:54 . 2007-11-25 14:29 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab
2007-10-30 10:48 . 2007-10-30 10:48 65,536 --a------ C:\WINDOWS\system32\akpg.dll
2007-10-30 10:48 . 2007-10-30 10:48 40,960 --a------ C:\WINDOWS\system32\akins.dll
2007-10-30 10:48 . 2007-10-30 10:48 16,566 --a------ C:\WINDOWS\system32\drivers\smartusb.sys
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Precise Biometrics
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\SCR331 PCSC Driver
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\SCR201 PCSC Driver
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\ActivCard
2007-10-30 10:42 . 2007-10-30 10:48 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-10-29 23:13 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 23:13 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-29 23:13 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-29 23:13 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-29 23:13 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-29 23:13 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-29 23:13 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-10-29 23:13 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-29 23:13 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-29 23:13 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-29 23:13 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-29 23:13 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-29 23:12 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-10-29 23:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-10-29 23:12 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-10-29 23:12 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-10-29 23:12 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-10-29 23:12 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-29 23:05 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-10-29 18:06 . 2007-10-29 18:06 <DIR> d-------- C:\Program Files\ActivCard
2007-10-29 17:23 . 2007-10-29 17:23 <DIR> d-------- C:\Program Files\ActivIdentity
2007-10-29 17:23 . 2006-05-31 17:12 86,093 --a------ C:\WINDOWS\system32\akspg.dll
2007-10-29 17:23 . 2006-05-31 17:11 73,807 --a------ C:\WINDOWS\system32\aksins.dll
2007-10-28 14:11 . 2007-10-30 11:15 <DIR> d-------- C:\Program Files\HLSW
2007-10-28 10:30 . 2007-10-29 11:52 694,681 --ahs---- C:\WINDOWS\system32\amlfvypu.ini
2007-10-27 10:42 . 2007-11-18 17:03 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-27 10:32 . 2007-10-27 10:32 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-10-27 09:42 . 2004-08-03 22:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-10-27 09:42 . 2004-08-03 23:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-27 09:42 . 2004-08-03 21:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-10-27 09:42 . 2004-08-03 22:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-10-27 09:42 . 2004-08-03 23:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-27 09:42 . 2004-08-03 22:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-10-27 09:42 . 2004-08-03 22:10 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-10-27 09:42 . 2004-08-03 23:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-27 09:42 . 2004-08-03 23:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-10-26 20:51 . 2007-11-10 19:26 <DIR> d-------- C:\Program Files\Valve
2007-10-26 18:13 . 2007-11-08 08:53 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\DivX
2007-10-26 08:27 . 2007-10-28 10:27 694,381 --ahs---- C:\WINDOWS\system32\lpaguwal.ini
2007-10-25 19:43 . 2007-11-30 21:21 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Skype
2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Program Files\Skype
2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-25 19:26 . 2007-11-12 16:46 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Ventrilo
2007-10-25 07:56 . 2007-10-26 08:21 693,721 --ahs---- C:\WINDOWS\system32\emjuxglr.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 09:48 9,493 ----a-w C:\WINDOWS\system32\drivers\akpcsc.sys
2007-10-23 21:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 22:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-22 21:57 --------- d-----w C:\Program Files\Analog Devices
2007-10-22 21:55 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-22 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-22 21:51 --------- d-----w C:\Program Files\ASUSTeK
2007-10-22 21:37 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2007-11-30_20.50.01.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 23:01:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_688.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Felix"="C:\Program Files\ScreenMates\felix.exe" [2007-11-25 12:13]
"KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [2007-11-25 12:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 22:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2005-01-06 19:01]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]

R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe
R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe
R2 PBParallel;PBParallel;C:\WINDOWS\system32\drivers\PBParallel.sys
R2 PBSmartcard;PBSmartcard;C:\WINDOWS\system32\drivers\PBSmartcard.sys
R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys
R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys
R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
S2 ACR;PC/SC ActivCard ActivReader;C:\WINDOWS\system32\DRIVERS\acr.sys
S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys
S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys
S3 AKSIM;ActivKey Sim;C:\WINDOWS\system32\drivers\aksim.sys
S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR24X.sys
S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}]
\Shell\AutoRun\command - H:\Urrong.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 00:01:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01 0:02:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-30 20:50
.
--- E O F ---

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:07:39, on 1.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 8763 bytes

11-29-2007, 04:12 PM	#13 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware The urrong.exe app hides all my files on USB stick so that no noe else can see them unless they know some stuff about computers (it only hides and make them system files). Cuz it is made in batch it is very simple. I go to computer related school but i am 1st grade middle school so i dont know that much about other programming languages. Here are the logs: CF: ComboFix 07-11-30.3 - Ernest 2007-11-30 23:58:06.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT 1:00] Running from: C:\Documents and Settings\Ernest\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Ernest\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\aidaewvv.ini C:\WINDOWS\system32\aniffnes.dll C:\WINDOWS\system32\aonfvnqq.dll C:\WINDOWS\system32\asivgnmu.dll C:\WINDOWS\system32\cfpgnnoq.dll C:\WINDOWS\system32\coiyiwox.ini C:\WINDOWS\system32\cwbfltqe.ini C:\WINDOWS\system32\dcnvdess.ini C:\WINDOWS\system32\djlrjyri.ini C:\WINDOWS\system32\dktlfsqs.dll C:\WINDOWS\system32\dncwjpub.ini C:\WINDOWS\system32\fdvevgxt.ini C:\WINDOWS\system32\fmctsjeu.ini C:\WINDOWS\system32\gdpckulr.dll C:\WINDOWS\system32\hftisxgu.dll C:\WINDOWS\system32\hiwwxlpx.dll C:\WINDOWS\system32\hnbdslmb.dll C:\WINDOWS\system32\icjaaxsw.dll C:\WINDOWS\system32\iihalmyk.ini C:\WINDOWS\system32\ingymkuo.dll C:\WINDOWS\system32\itndobim.ini C:\WINDOWS\system32\iuytwduf.dll C:\WINDOWS\system32\iwjvjeib.dll C:\WINDOWS\system32\kbijcpvd.dll C:\WINDOWS\system32\kcwmlkrv.dll C:\WINDOWS\system32\lylmmbgu.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nibwkpxv.dll C:\WINDOWS\system32\oaoquwca.dll C:\WINDOWS\system32\oinqtsqm.dll C:\WINDOWS\system32\ooktgwvg.ini C:\WINDOWS\system32\oondmyno.dll C:\WINDOWS\system32\pbubbjbc.ini C:\WINDOWS\system32\prnykmsp.ini C:\WINDOWS\system32\raodqnxe.ini C:\WINDOWS\system32\rnrelimf.ini C:\WINDOWS\system32\sfnpsnuo.dll C:\WINDOWS\system32\sqydaakg.ini C:\WINDOWS\system32\ssvgakum.dll C:\WINDOWS\system32\vggdibqb.ini C:\WINDOWS\system32\vhbyakhd.ini C:\WINDOWS\system32\vjcrrtdk.ini C:\WINDOWS\system32\vspyafby.dll C:\WINDOWS\system32\wecfrgvg.ini C:\WINDOWS\system32\wekfflas.ini C:\WINDOWS\system32\wiskejbp.ini C:\WINDOWS\system32\xjqfpule.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\aidaewvv.ini C:\WINDOWS\system32\aniffnes.dll C:\WINDOWS\system32\aonfvnqq.dll C:\WINDOWS\system32\asivgnmu.dll C:\WINDOWS\system32\cfpgnnoq.dll C:\WINDOWS\system32\coiyiwox.ini C:\WINDOWS\system32\cwbfltqe.ini C:\WINDOWS\system32\dcnvdess.ini C:\WINDOWS\system32\dduiuyau.dll C:\WINDOWS\system32\djlrjyri.ini C:\WINDOWS\system32\dktlfsqs.dll C:\WINDOWS\system32\dncwjpub.ini C:\WINDOWS\system32\fdvevgxt.ini C:\WINDOWS\system32\fmctsjeu.ini C:\WINDOWS\system32\gdpckulr.dll C:\WINDOWS\system32\hftisxgu.dll C:\WINDOWS\system32\hiwwxlpx.dll C:\WINDOWS\system32\hnbdslmb.dll C:\WINDOWS\system32\icjaaxsw.dll C:\WINDOWS\system32\iihalmyk.ini C:\WINDOWS\system32\ingymkuo.dll C:\WINDOWS\system32\issdroln.dll C:\WINDOWS\system32\itndobim.ini C:\WINDOWS\system32\iuytwduf.dll C:\WINDOWS\system32\iwjvjeib.dll C:\WINDOWS\system32\kbijcpvd.dll C:\WINDOWS\system32\kcwmlkrv.dll C:\WINDOWS\system32\lylmmbgu.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nibwkpxv.dll C:\WINDOWS\system32\oaoquwca.dll C:\WINDOWS\system32\oinqtsqm.dll C:\WINDOWS\system32\ooktgwvg.ini C:\WINDOWS\system32\oondmyno.dll C:\WINDOWS\system32\pbubbjbc.ini C:\WINDOWS\system32\prnykmsp.ini C:\WINDOWS\system32\raodqnxe.ini C:\WINDOWS\system32\rnrelimf.ini C:\WINDOWS\system32\rskcrkjt.dll C:\WINDOWS\system32\sfnpsnuo.dll C:\WINDOWS\system32\sqydaakg.ini C:\WINDOWS\system32\ssvgakum.dll C:\WINDOWS\system32\vggdibqb.ini C:\WINDOWS\system32\vhbyakhd.ini C:\WINDOWS\system32\vjcrrtdk.ini C:\WINDOWS\system32\vspyafby.dll C:\WINDOWS\system32\wecfrgvg.ini C:\WINDOWS\system32\wekfflas.ini C:\WINDOWS\system32\wiskejbp.ini C:\WINDOWS\system32\xjqfpule.ini C:\WINDOWS\system32\ytexsifn.dll . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-29 16:28 . 2007-11-29 16:28 145,984 --a------ C:\WINDOWS\system32\booymxeg.dll 2007-11-27 15:41 . 2007-11-27 15:41 <DIR> d-------- C:\Program Files\uTorrent 2007-11-27 15:41 . 2007-11-29 20:42 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\uTorrent 2007-11-27 15:16 . 2007-11-30 20:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-27 15:16 . 2007-11-27 15:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-27 15:15 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\iTunes 2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\iPod 2007-11-27 15:14 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\QuickTime 2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-11-26 16:28 . 2007-11-26 16:28 <DIR> d-------- C:\Deckard 2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\ie-spyad_zo 2007-11-25 12:22 . 2007-11-25 12:22 38 --a------ C:\WINDOWS\DeskToppers.ini 2007-11-25 12:15 . 2007-11-25 12:22 <DIR> d-------- C:\Program Files\ScreenMates 2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-11-23 03:00 . 2007-11-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-18 12:27 . 2007-11-18 12:27 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield 2007-11-18 12:26 . 2007-11-18 12:27 <DIR> d-------- C:\Program Files\Avanquest update 2007-11-18 12:24 . 2007-11-18 12:25 <DIR> d-------- C:\Program Files\Motorola Phone Tools 2007-11-18 12:24 . 2007-11-18 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-11-18 12:24 . 2007-11-18 12:24 24,192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys 2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys 2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-13 18:47 . 2007-11-19 21:30 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2 2007-11-13 18:45 . 2007-11-13 18:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-13 18:11 . 2007-11-13 18:12 <DIR> d-------- C:\visioowriter 2007-11-12 16:42 . 2007-11-13 08:14 <DIR> d-------- C:\Program Files\Ventrilo 2007-11-12 16:32 . 2007-11-12 16:32 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-12 16:32 . 2007-11-12 16:46 <DIR> d-------- C:\Program Files\VentSrv 2007-11-10 22:38 . 2007-11-10 22:39 <DIR> d-------- C:\Half-Life Editing 2007-11-10 22:37 . 2007-11-10 22:37 <DIR> d-------- C:\hl-edit 2007-11-09 21:02 . 2007-11-09 21:07 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\GSC 2007-11-08 10:32 . 2007-11-30 21:29 <DIR> d-------- C:\csdecals 2007-11-07 19:41 . 2007-11-07 19:41 <DIR> d-------- C:\USAF Mini Pro 2007-11-06 19:45 . 2007-11-06 19:45 <DIR> d-------- C:\NVIDIA 2007-11-04 12:03 . 2007-11-04 12:03 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM 2007-11-02 18:35 . 2007-11-02 18:35 <DIR> d-------- C:\Program Files\Hamachi 2007-11-02 18:35 . 2007-11-05 23:31 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi 2007-11-02 18:35 . 2007-11-02 18:35 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-10-30 14:54 . 2007-11-25 14:29 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\WINDOWS\Sun 2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab 2007-10-30 10:48 . 2007-10-30 10:48 65,536 --a------ C:\WINDOWS\system32\akpg.dll 2007-10-30 10:48 . 2007-10-30 10:48 40,960 --a------ C:\WINDOWS\system32\akins.dll 2007-10-30 10:48 . 2007-10-30 10:48 16,566 --a------ C:\WINDOWS\system32\drivers\smartusb.sys 2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Precise Biometrics 2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\SCR331 PCSC Driver 2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\SCR201 PCSC Driver 2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\ActivCard 2007-10-30 10:42 . 2007-10-30 10:48 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-10-29 23:13 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2007-10-29 23:13 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll 2007-10-29 23:13 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-10-29 23:13 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-29 23:13 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-10-29 23:13 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-10-29 23:13 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2007-10-29 23:13 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll 2007-10-29 23:13 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-10-29 23:13 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll 2007-10-29 23:13 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-10-29 23:13 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-10-29 23:12 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-10-29 23:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-10-29 23:12 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-10-29 23:12 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-10-29 23:12 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-10-29 23:12 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-10-29 23:05 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-10-29 18:06 . 2007-10-29 18:06 <DIR> d-------- C:\Program Files\ActivCard 2007-10-29 17:23 . 2007-10-29 17:23 <DIR> d-------- C:\Program Files\ActivIdentity 2007-10-29 17:23 . 2006-05-31 17:12 86,093 --a------ C:\WINDOWS\system32\akspg.dll 2007-10-29 17:23 . 2006-05-31 17:11 73,807 --a------ C:\WINDOWS\system32\aksins.dll 2007-10-28 14:11 . 2007-10-30 11:15 <DIR> d-------- C:\Program Files\HLSW 2007-10-28 10:30 . 2007-10-29 11:52 694,681 --ahs---- C:\WINDOWS\system32\amlfvypu.ini 2007-10-27 10:42 . 2007-11-18 17:03 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-27 10:32 . 2007-10-27 10:32 <DIR> d-------- C:\Program Files\Common Files\DirectX 2007-10-27 09:42 . 2004-08-03 22:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys 2007-10-27 09:42 . 2004-08-03 23:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe 2007-10-27 09:42 . 2004-08-03 21:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys 2007-10-27 09:42 . 2004-08-03 22:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys 2007-10-27 09:42 . 2004-08-03 23:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll 2007-10-27 09:42 . 2004-08-03 22:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS 2007-10-27 09:42 . 2004-08-03 22:10 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys 2007-10-27 09:42 . 2004-08-03 23:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-10-27 09:42 . 2004-08-03 23:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll 2007-10-26 20:51 . 2007-11-10 19:26 <DIR> d-------- C:\Program Files\Valve 2007-10-26 18:13 . 2007-11-08 08:53 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\DivX 2007-10-26 08:27 . 2007-10-28 10:27 694,381 --ahs---- C:\WINDOWS\system32\lpaguwal.ini 2007-10-25 19:43 . 2007-11-30 21:21 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Skype 2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Program Files\Skype 2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype 2007-10-25 19:26 . 2007-11-12 16:46 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Ventrilo 2007-10-25 07:56 . 2007-10-26 08:21 693,721 --ahs---- C:\WINDOWS\system32\emjuxglr.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-30 09:48 9,493 ----a-w C:\WINDOWS\system32\drivers\akpcsc.sys 2007-10-23 21:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-22 22:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-22 21:57 --------- d-----w C:\Program Files\Analog Devices 2007-10-22 21:55 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-10-22 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-22 21:51 --------- d-----w C:\Program Files\ASUSTeK 2007-10-22 21:37 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((( snapshot@2007-11-30_20.50.01.00 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-30 23:01:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_688.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Felix"="C:\Program Files\ScreenMates\felix.exe" [2007-11-25 12:13] "KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [2007-11-25 12:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 22:04] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl] "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2005-01-06 19:01] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24] R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe R2 PBParallel;PBParallel;C:\WINDOWS\system32\drivers\PBParallel.sys R2 PBSmartcard;PBSmartcard;C:\WINDOWS\system32\drivers\PBSmartcard.sys R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys S2 ACR;PC/SC ActivCard ActivReader;C:\WINDOWS\system32\DRIVERS\acr.sys S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys S3 AKSIM;ActivKey Sim;C:\WINDOWS\system32\drivers\aksim.sys S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR24X.sys S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}] \Shell\AutoRun\command - H:\Urrong.exe . Contents of the 'Scheduled Tasks' folder "2007-11-10 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-29 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-01 00:01:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-01 0:02:53 - machine was rebooted C:\ComboFix2.txt ... 2007-11-30 20:50 . --- E O F --- HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:07:39, on 1.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ActivCard\acautoreg.exe C:\Program Files\Common Files\ActivCard\accoca.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) -- End of file - 8763 bytes Last edited by tetonbob; 11-29-2007 at 04:15 PM. Reason: revised order of logs for my ease of viewing