[SOLVED] virus that tries to infect me with other malware

urrong · 11-26-2007, 09:09 AM

Hi,
this is my first post. My problem is That i constantly receive virus warnings from avast antivirus 4.7 pro. I had some malware that ware displaying fake popups saying my computer is infected and i also had the "best seller antivirus" installed widouth my knowlede and some toolbar "virus security 7" or something like that. So i founded the files that were doing all that and removed them from registry and computer drive but i still have a visrus that downloads other viruses and tryes to infect me. Luckily avast gets all the files before they infect me. But i guess that avast cant find the one that is downloading other ones. O, and i cant use my internet explorer cuz when i was infected the virus changed the exe of IE and IE terminated every time it started. Then i installed it again after the viruses and when IE is running the popups start to come. So this is my problem: 1. cant use IE, 2. Other malware tries to infect me. And i also have external hard drive that i only use on my computer, so there is also a possibility that the virus is on the external hard drive. I dont want to lose my data so my last thing is to format my hard drives. My log from dss (main):

Deckard's System Scanner v20071014.68
Run by Ernest on 2007-11-26 16:28:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
69: 2007-11-26 15:28:42 UTC - RP98 - Deckard's System Scanner Restore Point
68: 2007-11-25 21:41:09 UTC - RP97 - Removed Age of Empires III
67: 2007-11-25 13:28:42 UTC - RP96 - Installed DirectX
66: 2007-11-25 09:54:03 UTC - RP95 - System Checkpoint
65: 2007-11-23 23:09:07 UTC - RP94 - Installed Adobe Photoshop CS2

-- First Restore Point --
1: 2007-10-24 14:25:44 UTC - RP30 - Installed Windows Internet Explorer 7.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Ernest.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:28, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\dss.exe
C:\DOCUME~1\Ernest\Desktop\INTERN~1\Ernest.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\gesudpkr.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\lstfasmy.dll (file missing)
O2 - BHO: (no name) - {D4D846C2-DB94-457E-A15C-91D675BB7EF9} - C:\WINDOWS\system32\vtsqr.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Norton] C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\evpokhxx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: lstfasmy - lstfasmy.dll (file missing)
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 9350 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Ernest\Desktop\INTERN~1\backups\) -----

backup-20071022-205710-131 O1 - Hosts: 216.999.248.174 www.cia.gov
backup-20071022-205710-223 O13 - WWW Prefix: http://www.serial99.com/?
backup-20071022-205710-828 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\eugcvsin.dll
backup-20071024-151750-302 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\kqbnavia.dll",b
backup-20071024-151750-447 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-151750-770 O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
backup-20071024-151838-663 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-161508-943 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-161541-180 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-163025-839 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071030-161144-392 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll (file missing)
backup-20071030-161225-151 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\dymxsqmn.dll",b
backup-20071101-140629-455 O4 - HKLM\..\Run: [DriverUpdate] C:\WINDOWS\system32\UpdateDriver.exe
backup-20071101-140957-756 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\jwtyjepu.dll",b
backup-20071125-162020-117 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071125-162020-392 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
backup-20071125-162020-474 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071125-162020-557 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\gqvdsjbo.dll",b
backup-20071125-162020-578 O23 - Service: DomainService - - C:\WINDOWS\system32\kaskfral.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 PBParallel - c:\windows\system32\drivers\pbparallel.sys <Not Verified; Precise Biometrics AB; Precise 100>
R2 PBSmartcard - c:\windows\system32\drivers\pbsmartcard.sys <Not Verified; Precise Biometrics AB; Precise 100>
R3 Actrpcsc - c:\windows\system32\drivers\actrpcsc.sys <Not Verified; ActivCard; >
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 ACR (PC/SC ActivCard ActivReader) - c:\windows\system32\drivers\acr.sys <Not Verified; ActivCard S.A.; ActivCard PC/SC ActivReader Driver>
S2 ACTR (Smart Card Reader) - c:\windows\system32\drivers\actr.sys <Not Verified; ActivCard S.A.; ActivCard PC/SC SmartReader Driver>
S3 actccid (ActivCard USB Reader V2) - c:\windows\system32\drivers\actccid.sys <Not Verified; ActivCard; USB Reader V2>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 acautoreg (ActivCard Gold Autoregister) - c:\program files\common files\activcard\acautoreg.exe <Not Verified; ActivIdentity; ActivCard Gold>
R2 Accoca (ActivCard Gold service) - c:\program files\common files\activcard\accoca.exe <Not Verified; ActivCard; ActivCard Gold>
R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>

S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
S4 DomainService - c:\windows\system32\kaskfral.exe /service <Not Verified; ; DDC>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: Applied Networking Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

-- Scheduled Tasks -------------------------------------------------------------

2007-11-26 16:00:00 368 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
2007-11-10 09:11:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-10-26 and 2007-11-26 -----------------------------

2007-11-26 16:28:27 85056 --a------ C:\WINDOWS\system32\evpokhxx.dll
2007-11-26 16:25:28 71232 --a------ C:\WINDOWS\system32\lajiblrt.exe <Not Verified; ; DDC>
2007-11-26 16:25:28 145984 --a------ C:\WINDOWS\system32\issdroln.dll
2007-11-26 16:14:37 0 d-------- C:\ie-spyad_zo
2007-11-26 16:14:21 0 d-------- C:\Program Files\SpywareBlaster
2007-11-25 16:28:27 85056 -----n--- C:\WINDOWS\system32\lbtvcfxd.dll
2007-11-25 16:25:27 71232 --a------ C:\WINDOWS\system32\faraddtc.exe <Not Verified; ; DDC>
2007-11-25 16:22:56 145984 --a------ C:\WINDOWS\system32\rskcrkjt.dll
2007-11-25 16:18:41 145984 --a------ C:\WINDOWS\system32\dduiuyau.dll
2007-11-25 16:16:10 71232 --a------ C:\WINDOWS\system32\ughmbuhv.exe <Not Verified; ; DDC>
2007-11-25 16:09:06 71232 --a------ C:\WINDOWS\system32\dfvbpmhr.exe <Not Verified; ; DDC>
2007-11-25 16

06 145984 --a------ C:\WINDOWS\system32\cfpgnnoq.dll
2007-11-25 16:03:36 145984 --a------ C:\WINDOWS\system32\iwjvjeib.dll
2007-11-25 12:15:28 0 d-------- C:\Program Files\ScreenMates
2007-11-25 11:04:08 85056 --a------ C:\WINDOWS\system32\gqvdsjbo.dll
2007-11-25 11:01:08 71232 --a------ C:\WINDOWS\system32\fnjikbhj.exe <Not Verified; ; DDC>
2007-11-25 10:58:08 145984 --a------ C:\WINDOWS\system32\tapaaxbg.dll
2007-11-24 11:47:35 71232 --a------ C:\WINDOWS\system32\sywkqhiq.exe <Not Verified; ; DDC>
2007-11-24 11:45:05 145984 --a------ C:\WINDOWS\system32\hnbdslmb.dll
2007-11-24 00:10:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-24 00:10:00 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-23 17:48:29 145984 --a------ C:\WINDOWS\system32\oaoquwca.dll
2007-11-23 17:48:28 71232 --a------ C:\WINDOWS\system32\yytrfqpx.exe <Not Verified; ; DDC>
2007-11-23 03:00:35 0 d-------- C:\Program Files\MSXML 4.0
2007-11-22 17:52:36 0 --a------ C:\WINDOWS\system32\sgwsujsd.exe
2007-11-22 17:49:58 71232 --a------ C:\WINDOWS\system32\ajgvqeyn.exe <Not Verified; ; DDC>
2007-11-22 17:49:34 145984 --a------ C:\WINDOWS\system32\gdpckulr.dll
2007-11-21 17:52:32 0 --a------ C:\WINDOWS\system32\qghtdycg.exe
2007-11-21 17:49:32 71232 --a------ C:\WINDOWS\system32\qofpaoch.exe <Not Verified; ; DDC>
2007-11-21 17:49:32 145984 --a------ C:\WINDOWS\system32\kcwmlkrv.dll
2007-11-20 17:47:07 145984 --a------ C:\WINDOWS\system32\iuytwduf.dll
2007-11-20 17:47:06 71232 --a------ C:\WINDOWS\system32\lihbpwjk.exe <Not Verified; ; DDC>
2007-11-19 17:48:17 145984 --a------ C:\WINDOWS\system32\dktlfsqs.dll
2007-11-19 17:48:16 71232 --a------ C:\WINDOWS\system32\mfwhgsul.exe <Not Verified; ; DDC>
2007-11-18 17:50:21 145984 --a------ C:\WINDOWS\system32\asivgnmu.dll
2007-11-18 17:47:21 71232 --a------ C:\WINDOWS\system32\skatqjhv.exe <Not Verified; ; DDC>
2007-11-18 12:27:36 0 d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield
2007-11-18 12:26:20 0 d-------- C:\Program Files\Avanquest update
2007-11-18 12:24:35 0 d-------- C:\Program Files\Motorola Phone Tools
2007-11-18 12:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-18 12:24:25 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-18 12:24:25 24192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-18 12:24:25 22768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-17 17:52:07 145984 --a------ C:\WINDOWS\system32\vspyafby.dll
2007-11-17 17:49:07 71232 --a------ C:\WINDOWS\system32\ciorspxi.exe <Not Verified; ; DDC>
2007-11-16 10:11:14 145984 --a------ C:\WINDOWS\system32\ingymkuo.dll
2007-11-16 10:11:13 71232 --a------ C:\WINDOWS\system32\drsugmvo.exe <Not Verified; ; DDC>
2007-11-15 10:13:16 71232 --a------ C:\WINDOWS\system32\usgbwjmv.exe <Not Verified; ; DDC>
2007-11-15 10:13:16 145984 --a------ C:\WINDOWS\system32\hiwwxlpx.dll
2007-11-14 20:43:06 145984 --a------ C:\WINDOWS\system32\hftisxgu.dll
2007-11-14 20:40:06 71232 --a------ C:\WINDOWS\system32\nlxricba.exe <Not Verified; ; DDC>
2007-11-13 20:42:09 145984 --a------ C:\WINDOWS\system32\oondmyno.dll
2007-11-13 20:39:09 71232 --a------ C:\WINDOWS\system32\eriwvpsl.exe <Not Verified; ; DDC>
2007-11-13 18:47:00 0 d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2
2007-11-13 18:45:07 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-13 18:11:03 0 d-------- C:\visioowriter
2007-11-12 20:40:58 71232 --a------ C:\WINDOWS\system32\rbexxemg.exe <Not Verified; ; DDC>
2007-11-12 20:37:59 145984 --a------ C:\WINDOWS\system32\aniffnes.dll
2007-11-12 16:42:01 0 d-------- C:\Program Files\Ventrilo
2007-11-12 16:32:40 0 d--h----- C:\WINDOWS\PIF
2007-11-12 16:32:40 0 d-------- C:\Program Files\VentSrv
2007-11-11 20:38:58 145984 --a------ C:\WINDOWS\system32\ssvgakum.dll
2007-11-11 20:38:58 71232 --a------ C:\WINDOWS\system32\ngihouvl.exe <Not Verified; ; DDC>
2007-11-10 22:38:27 0 d-------- C:\Half-Life Editing
2007-11-10 22:37:31 0 d-------- C:\hl-edit
2007-11-10 20:41:57 145984 --a------ C:\WINDOWS\system32\nibwkpxv.dll
2007-11-10 20:38:57 71232 --a------ C:\WINDOWS\system32\uqalhqcn.exe <Not Verified; ; DDC>
2007-11-09 21:02:00 0 d-------- C:\Documents and Settings\Ernest\Application Data\GSC
2007-11-09 20:39:50 71232 --a------ C:\WINDOWS\system32\jwpjmtes.exe <Not Verified; ; DDC>
2007-11-09 20:36:50 145984 --a------ C:\WINDOWS\system32\sfnpsnuo.dll
2007-11-08 20:39:51 71232 --a------ C:\WINDOWS\system32\cnpgnvxi.exe <Not Verified; ; DDC>
2007-11-08 20:36:51 145984 --a------ C:\WINDOWS\system32\icjaaxsw.dll
2007-11-08 17:28:13 71232 --a------ C:\WINDOWS\system32\frvmvcgq.exe <Not Verified; ; DDC>
2007-11-08 17:27:51 145984 --a------ C:\WINDOWS\system32\aonfvnqq.dll
2007-11-08 10:32:42 0 d-------- C:\csdecals
2007-11-07 19:41:21 0 d-------- C:\USAF Mini Pro
2007-11-07 17:20:39 145984 --a------ C:\WINDOWS\system32\oinqtsqm.dll
2007-11-07 17:20:39 71232 --a------ C:\WINDOWS\system32\drskqjls.exe <Not Verified; ; DDC>
2007-11-06 19:45:40 0 d-------- C:\NVIDIA
2007-11-06 17:24:24 145984 --a------ C:\WINDOWS\system32\kbijcpvd.dll
2007-11-06 17:21:24 71232 --a------ C:\WINDOWS\system32\kaskfral.exe <Not Verified; ; DDC>
2007-11-04 12:03:37 0 d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM
2007-11-02 18:35:43 0 d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi
2007-11-02 18:35:26 0 d-------- C:\Program Files\Hamachi
2007-11-01 13:57:38 0 d-------- C:\WINDOWS\pss
2007-10-30 14:54:07 0 d-------- C:\WINDOWS\LastGood
2007-10-30 14:44:57 0 d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab
2007-10-30 14:44:48 0 d-------- C:\WINDOWS\Sun
2007-10-30 14:44:48 0 d-------- C:\Documents and Settings\Ernest\Application Data\Sun
2007-10-30 13:56:48 84544 --a------ C:\WINDOWS\system32\dymxsqmn.dll
2007-10-30 10:46:45 0 d-------- C:\Program Files\Common Files\SCR331 PCSC Driver
2007-10-30 10:46:43 0 d-------- C:\Program Files\Common Files\SCR201 PCSC Driver
2007-10-30 10:46:34 0 d-------- C:\Program Files\Common Files\ActivCard
2007-10-30 10:46:27 0 d-------- C:\Program Files\Precise Biometrics
2007-10-30 10:42:39 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-10-29 18

05 0 d-------- C:\Program Files\ActivCard
2007-10-29 17:35:50 0 d-------- C:\WINDOWS\system32\appmgmt
2007-10-29 17:23:40 0 d-------- C:\Program Files\ActivIdentity
2007-10-28 14:11:22 0 d-------- C:\Program Files\HLSW
2007-10-27 10:32:25 0 d-------- C:\Program Files\Common Files\DirectX
2007-10-26 20:51:28 0 d-------- C:\Program Files\Valve
2007-10-26 18:13:26 0 d-------- C:\Documents and Settings\Ernest\Application Data\DivX

-- Find3M Report ---------------------------------------------------------------

2007-11-26 16:30:57 104251 ---hs---- C:\WINDOWS\system32\rqstv.ini2
2007-11-26 16:23:05 102745 ---hs---- C:\WINDOWS\system32\rqstv.bak1
2007-11-26 16:08:44 0 d-------- C:\Program Files\Azureus
2007-11-26 16:08:38 0 d-------- C:\Documents and Settings\Ernest\Application Data\Azureus
2007-11-25 22:44:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 18:30:37 0 d-------- C:\Documents and Settings\Ernest\Application Data\Skype
2007-11-25 16:22:55 103459 ---hs---- C:\WINDOWS\system32\rqstv.bak2
2007-11-24 12:13:11 0 d-------- C:\Documents and Settings\Ernest\Application Data\Adobe
2007-11-24 00:12:10 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-24 00:10:00 0 d-------- C:\Program Files\Common Files
2007-11-13 18:44:47 0 d-------- C:\Program Files\Java
2007-11-12 16:46:49 0 d-------- C:\Documents and Settings\Ernest\Application Data\Ventrilo
2007-10-31 12:53:21 1542 --a------ C:\WINDOWS\mozver.dat
2007-10-30 15:02:21 0 d-------- C:\Program Files\Xfire
2007-10-30 11:17:13 0 d-------- C:\Documents and Settings\Ernest\Application Data\Xfire
2007-10-25 19:42:50 0 d-------- C:\Program Files\Skype
2007-10-25 19:42:45 0 d-------- C:\Program Files\Common Files\Skype
2007-10-24 14:59:02 0 d-------- C:\Program Files\wlm
2007-10-24 13:38:22 0 d-------- C:\Program Files\Common Files\BestsellerAntivirus
2007-10-23 18:45:05 0 d-------- C:\Program Files\Messenger
2007-10-23 18:35:05 0 d-------- C:\Program Files\PowerISO
2007-10-23 18:31:24 0 d-------- C:\Program Files\Ahead
2007-10-23 18:31:16 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-23 17:20:27 0 d-------- C:\Program Files\Common Files\L&H
2007-10-23 17:20:15 0 d-------- C:\Program Files\Microsoft.NET
2007-10-23 17:20:01 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-23 17:19:25 0 d-------- C:\Program Files\Microsoft Works
2007-10-23 17:15:52 318048 --a------ C:\WINDOWS\system32\vtsqr.dll
2007-10-23 17:11:44 0 --------- C:\WINDOWS\system32\opnkifg.dll
2007-10-23 17:04:21 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 17:01:18 0 d-------- C:\Documents and Settings\Ernest\Application Data\Macromedia
2007-10-23 16:56:16 0 d-------- C:\Documents and Settings\Ernest\Application Data\Apple Computer
2007-10-23 16:47:43 0 d-------- C:\Program Files\MSN Messenger
2007-10-23 16:33:42 0 d-------- C:\Program Files\XP Codec Pack
2007-10-23 16:33:26 0 d-------- C:\Program Files\QuickTime
2007-10-23 16:32:45 0 d-------- C:\Program Files\Xilisoft
2007-10-23 16:32:40 0 d-------- C:\Program Files\Apple Software Update
2007-10-23 16:29:59 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-23 16:29:57 0 d-------- C:\Documents and Settings\Ernest\Application Data\Mozilla
2007-10-23 16:29:17 0 d-------- C:\Program Files\DivX
2007-10-23 15:57:08 0 d-------- C:\Program Files\ASUS
2007-10-23 15:21:38 0 d-------- C:\Program Files\Alwil Software
2007-10-23 15:02:57 0 d-------- C:\Program Files\Alcohol Soft
2007-10-23 14:55:22 70273 --a------ C:\WINDOWS\hpoins05.dat
2007-10-23 14:54:52 0 d-------- C:\Program Files\HP
2007-10-23 14:54:52 0 d-------- C:\Program Files\Common Files\HP
2007-10-23 14:54:28 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-23 14:53:51 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-23 00:28:45 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-23 00:28:43 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-23 00:28:21 62 --ahs---- C:\Documents and Settings\Ernest\Application Data\desktop.ini
2007-10-22 23:07:47 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-22 22:57:55 0 d-------- C:\Program Files\Analog Devices
2007-10-22 22:55:29 22 --a------ C:\WINDOWS\FileName
2007-10-22 22:55:22 0 d-------- C:\Program Files\NVIDIA Corporation
2007-10-22 22:51:15 0 d-------- C:\Program Files\ASUSTeK
2007-10-22 22:41:04 0 d-------- C:\Documents and Settings\Ernest\Application Data\Identities
2007-10-22 22:37:25 0 d-------- C:\Program Files\microsoft frontpage
2007-10-22 22:37:12 0 -rahs---- C:\MSDOS.SYS
2007-10-22 22:37:12 0 -rahs---- C:\IO.SYS
2007-10-22 22:37:12 0 --a------ C:\CONFIG.SYS
2007-10-22 22:37:12 0 --a------ C:\AUTOEXEC.BAT
2007-10-22 22:36:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-22 22:35:28 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-22 22:35:21 0 d-------- C:\Program Files\Movie Maker
2007-10-22 22:34:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-22 22:34:23 0 d-------- C:\Program Files\Online Services
2007-10-22 22:34:14 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-22 22:34:06 0 d-------- C:\Program Files\Windows NT
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
C:\WINDOWS\system32\gesudpkr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
C:\WINDOWS\system32\lstfasmy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4D846C2-DB94-457E-A15C-91D675BB7EF9}]
23.10.2007 17:15 318048 --a------ C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAAD2038-C371-473D-86F1-5B11D39C3775}]
C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\lstfasmy.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04.10.2007 17:14]
"nwiz"="nwiz.exe" [04.10.2007 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.07.2006 22:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13.07.2006 07:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [13.09.2004 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06.09.2007 11:06]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [24.02.2004 12:17]
"Norton"="C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe" [24.02.2004 21:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01.09.2006 14:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20.01.2007 08:09]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [06.01.2005 19:01]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04.10.2007 17:14]
"f04dfea0"="C:\WINDOWS\system32\evpokhxx.dll" [26.11.2007 16:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 13:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [17.08.2007 02:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 17:24]
"Felix"="C:\Program Files\ScreenMates\felix.exe" [25.11.2007 12:13]
"KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [25.11.2007 12:17]

C:\Documents and Settings\Ernest\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 3:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4.11.2004 18:28:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy]
lstfasmy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}]
AutoRun\command- H:\Urrong.exe

-- End of Deckard's System Scanner: finished at 2007-11-26 16:31:18 ------------

Now extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1023.29 MiB / 442.74 MiB
Pagefile Memory (total/avail): 2461.39 MiB / 1908.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 4.27 GiB free.
D: is Fixed (FAT32) - 152.25 GiB total, 102.78 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
O: is Fixed (NTFS) - 279.46 GiB total, 35.55 GiB free.

\\.\PHYSICALDRIVE0 - ST3250820AS - 232.88 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended Partition - 203.59 GiB - D:

\\.\PHYSICALDRIVE1 - ST330062 0A USB Device - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.46 GiB - O:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled
AV: avast! antivirus 4.7.1043 [VPS 071125-0] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Windows\\games\\Half-Life\\hl.exe"="D:\\Windows\\games\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"D:\\Windows\\games\\cod 2\\CoD2MP_s.exe"="D:\\Windows\\games\\cod 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Windows\\games\\cs\\hl.exe"="D:\\Windows\\games\\cs\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW"
"D:\\Windows\\games\\nfsu2\\speed2.exe"="D:\\Windows\\games\\nfsu2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\Valve\\Counter-Strike 1.6\\hlds.exe"="C:\\Program Files\\Valve\\Counter-Strike 1.6\\hlds.exe:*:Enabled:HLDS Launcher"
"F:\\Games\\Games\\PC_Call of Duty 1 -(.rip.)-(ToeD)\\Call of Duty\\The Call of Duty\\CoDMP.exe"="F:\\Games\\Games\\PC_Call of Duty 1 -(.rip.)-(ToeD)\\Call of Duty\\The Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\WINDOWS\\system32\\kaskfral.exe"="C:\\WINDOWS\\system32\\kas"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ernest\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=URRONG-B06A951C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\URRONG-B06A951C
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ActivCard\ActivCard Gold\resources;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ernest\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ernest\LOCALS~1\Temp
USERDOMAIN=URRONG-B06A951C
USERNAME=Ernest
USERPROFILE=C:\Documents and Settings\Ernest
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Ernest (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivCard Gold --> MsiExec.exe /I{4C35ABDE-E901-4142-A973-94C4A16EDA6A}
ActivIdentity Device Installer --> MsiExec.exe /I{BB28BFD5-65B9-43F2-BD33-541123C35F82}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
ASUS WLAN Card Utilities/Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9
AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Counter-Strike 1.6 --> C:\Program Files\Valve\Counter-Strike 1.6\Uninstal.exe
Desert Storm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C1212D0-9B68-474A-A376-EF01DCD204F1}\setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Half-Life Compile Tool Package --> C:\Half-Life Editing\uninstall_HL-Compiled.exe
Half-Life editing 0.9b --> c:\hl-edit\uninst.exe
Hamachi 1.0.1.1 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HijackThis.exe" /uninstall
HLSW v1.1.0 --> "C:\Program Files\HLSW\unins000.exe"
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{8F7A4D82-B168-4F89-99C2-B9873EC877AF}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.9) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Need for Speed Underground 2 --> D:\Windows\games\nfsu2\EAUninstall.exe
Need for Speed™ Carbon --> D:\Windows\games\nfsc\EAUninstall.exe
Need for Speed™ Most Wanted --> D:\Windows\games\nfsmw\EAUninstall.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Ventrilo --> C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG
VisiooWriter 0.6.1 --> C:\visioowriter\uninst.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1133 / Error
Event Submitted/Written: 11/25/2007 07:28:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Catz.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1129 / Error
Event Submitted/Written: 11/25/2007 04:16:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module vtsqr.dll, version 0.0.0.0, fault address 0x0005f5c3.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type1128 / Error
Event Submitted/Written: 11/25/2007 04:16:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module vtsqr.dll, version 0.0.0.0, fault address 0x0005f5c3.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type1124 / Error
Event Submitted/Written: 11/25/2007 04:11:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hammer.exe, version 0.2.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1121 / Error
Event Submitted/Written: 11/25/2007 03:59:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type4325 / Warning
Event Submitted/Written: 11/26/2007 06:02:01 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type4289 / Error
Event Submitted/Written: 11/25/2007 04:22:48 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.2,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type4261 / Error
Event Submitted/Written: 11/25/2007 04:22:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ventrilo service failed to start due to the following error:
%%2

Event Record #/Type4260 / Error
Event Submitted/Written: 11/25/2007 04:22:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Smart Card Reader service failed to start due to the following error:
%%20

Event Record #/Type4259 / Error
Event Submitted/Written: 11/25/2007 04:22:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC/SC ActivCard ActivReader service failed to start due to the following error:
%%20

-- End of Deckard's System Scanner: finished at 2007-11-26 16:31:18 ------------

If you need anything else just say. Thanks in advance.

Urrong

urrong · 11-28-2007, 04:40 PM

bump...

tetonbob · 11-29-2007, 12:20 PM

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop
Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall
Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Re-establish an internet connection.
Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

urrong · 11-29-2007, 12:57 PM

Hi,
Thanks for your reply. Here are the logs:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:15, on 30.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: lstfasmy - lstfasmy.dll (file missing)
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 9033 bytes

ComboFix:

ComboFix 07-11-30.3 - Ernest 2007-11-29 20:44:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT 1:00]
Running from: C:\Documents and Settings\Ernest\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Ernest\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\BestsellerAntivirus
C:\Program Files\Common Files\BestsellerAntivirus\bm.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ajgvqeyn.exe
C:\WINDOWS\system32\buxmbxsl.exe
C:\WINDOWS\system32\cdfnjlll.exe
C:\WINDOWS\system32\ciorspxi.exe
C:\WINDOWS\system32\cnpgnvxi.exe
C:\WINDOWS\system32\dfvbpmhr.exe
C:\WINDOWS\system32\drivers\fmtr.sys
C:\WINDOWS\system32\drskqjls.exe
C:\WINDOWS\system32\drsugmvo.exe
C:\WINDOWS\system32\dxfcvtbl.ini
C:\WINDOWS\system32\dymxsqmn.dll
C:\WINDOWS\system32\eixcsegt.ini
C:\WINDOWS\system32\eriwvpsl.exe
C:\WINDOWS\system32\evpokhxx.dll
C:\WINDOWS\system32\faraddtc.exe
C:\WINDOWS\system32\fnjikbhj.exe
C:\WINDOWS\system32\frvmvcgq.exe
C:\WINDOWS\system32\giqhmuuw.dll
C:\WINDOWS\system32\gqvdsjbo.dll
C:\WINDOWS\system32\jwpjmtes.exe
C:\WINDOWS\system32\kaskfral.exe
C:\WINDOWS\system32\lajiblrt.exe
C:\WINDOWS\system32\lbtvcfxd.dll
C:\WINDOWS\system32\lcubotlt.ini
C:\WINDOWS\system32\lihbpwjk.exe
C:\WINDOWS\system32\lstfasmy.dllbox
C:\WINDOWS\system32\mfwhgsul.exe
C:\WINDOWS\system32\ngihouvl.exe
C:\WINDOWS\system32\nlxricba.exe
C:\WINDOWS\system32\nmqsxmyd.ini
C:\WINDOWS\system32\objsdvqg.ini
C:\WINDOWS\system32\qofpaoch.exe
C:\WINDOWS\system32\rbexxemg.exe
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini2
C:\WINDOWS\system32\rqstv.tmp
C:\WINDOWS\system32\skatqjhv.exe
C:\WINDOWS\system32\sywkqhiq.exe
C:\WINDOWS\system32\tgescxie.dll
C:\WINDOWS\system32\tltobucl.dll
C:\WINDOWS\system32\ughmbuhv.exe
C:\WINDOWS\system32\uqalhqcn.exe
C:\WINDOWS\system32\usgbwjmv.exe
C:\WINDOWS\system32\utpesswp.exe
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\wuumhqig.ini
C:\WINDOWS\system32\xxhkopve.ini
C:\WINDOWS\system32\yytrfqpx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-29 16:28 . 2007-11-29 16:28 145,984 --a------ C:\WINDOWS\system32\booymxeg.dll
2007-11-28 16:25 . 2007-11-28 16:25 145,984 --a------ C:\WINDOWS\system32\ytexsifn.dll
2007-11-27 15:41 . 2007-11-27 15:41 <DIR> d-------- C:\Program Files\uTorrent
2007-11-27 15:41 . 2007-11-29 20:42 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\uTorrent
2007-11-27 15:16 . 2007-11-27 15:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 15:16 . 2007-11-27 15:16 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-27 15:15 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\iTunes
2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\iPod
2007-11-27 15:14 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\QuickTime
2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-26 16:28 . 2007-11-26 16:28 <DIR> d-------- C:\Deckard
2007-11-26 16:25 . 2007-11-26 16:25 145,984 --a------ C:\WINDOWS\system32\issdroln.dll
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\ie-spyad_zo
2007-11-25 16:22 . 2007-11-25 16:22 145,984 --a------ C:\WINDOWS\system32\rskcrkjt.dll
2007-11-25 16:18 . 2007-11-25 16:18 145,984 --a------ C:\WINDOWS\system32\dduiuyau.dll
2007-11-25 16:06 . 2007-11-25 16:06 145,984 --a------ C:\WINDOWS\system32\cfpgnnoq.dll
2007-11-25 16:03 . 2007-11-25 16:03 145,984 --a------ C:\WINDOWS\system32\iwjvjeib.dll
2007-11-25 12:22 . 2007-11-25 12:22 38 --a------ C:\WINDOWS\DeskToppers.ini
2007-11-25 12:15 . 2007-11-25 12:22 <DIR> d-------- C:\Program Files\ScreenMates
2007-11-24 11:50 . 2007-11-25 10:55 888,650 --ahs---- C:\WINDOWS\system32\vjcrrtdk.ini
2007-11-24 11:45 . 2007-11-24 11:45 145,984 --a------ C:\WINDOWS\system32\hnbdslmb.dll
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-23 17:51 . 2007-11-24 11:45 956,339 --ahs---- C:\WINDOWS\system32\coiyiwox.ini
2007-11-23 17:48 . 2007-11-23 17:48 145,984 --a------ C:\WINDOWS\system32\oaoquwca.dll
2007-11-23 03:00 . 2007-11-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-22 17:50 . 2007-11-23 17:50 996,395 --ahs---- C:\WINDOWS\system32\prnykmsp.ini
2007-11-22 17:49 . 2007-11-22 17:49 145,984 --a------ C:\WINDOWS\system32\gdpckulr.dll
2007-11-21 17:52 . 2007-11-21 17:52 851,700 --ahs---- C:\WINDOWS\system32\djlrjyri.ini
2007-11-21 17:49 . 2007-11-21 17:49 145,984 --a------ C:\WINDOWS\system32\kcwmlkrv.dll
2007-11-20 17:47 . 2007-11-21 17:47 905,362 --ahs---- C:\WINDOWS\system32\lylmmbgu.ini
2007-11-20 17:47 . 2007-11-20 17:47 145,984 --a------ C:\WINDOWS\system32\iuytwduf.dll
2007-11-20 00:13 . 2007-11-20 00:13 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-19 17:51 . 2007-11-20 13:53 689,780 --ahs---- C:\WINDOWS\system32\aidaewvv.ini
2007-11-19 17:48 . 2007-11-19 17:48 145,984 --a------ C:\WINDOWS\system32\dktlfsqs.dll
2007-11-18 17:53 . 2007-11-19 15:27 678,220 --ahs---- C:\WINDOWS\system32\fmctsjeu.ini
2007-11-18 17:50 . 2007-11-18 17:50 145,984 --a------ C:\WINDOWS\system32\asivgnmu.dll
2007-11-18 12:27 . 2007-11-18 12:27 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield
2007-11-18 12:26 . 2007-11-18 12:27 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-18 12:24 . 2007-11-18 12:25 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-18 12:24 . 2007-11-18 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-18 12:24 . 2007-11-18 12:24 24,192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys
2007-11-17 17:55 . 2007-11-18 17:53 678,100 --ahs---- C:\WINDOWS\system32\dncwjpub.ini
2007-11-17 17:52 . 2007-11-17 17:52 145,984 --a------ C:\WINDOWS\system32\vspyafby.dll
2007-11-17 16:52 . 2007-11-17 16:52 677,980 --ahs---- C:\WINDOWS\system32\fdvevgxt.ini
2007-11-16 10:14 . 2007-11-17 16:46 294 --ahs---- C:\WINDOWS\system32\wiskejbp.ini
2007-11-16 10:11 . 2007-11-16 10:11 145,984 --a------ C:\WINDOWS\system32\ingymkuo.dll
2007-11-15 10:16 . 2007-11-16 08:23 598,510 --ahs---- C:\WINDOWS\system32\rnrelimf.ini
2007-11-15 10:13 . 2007-11-15 10:13 145,984 --a------ C:\WINDOWS\system32\hiwwxlpx.dll
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-14 20:49 . 2007-11-15 09:10 595,002 --ahs---- C:\WINDOWS\system32\wekfflas.ini
2007-11-14 20:43 . 2007-11-14 20:43 145,984 --a------ C:\WINDOWS\system32\hftisxgu.dll
2007-11-13 20:45 . 2007-11-14 20:45 594,822 --ahs---- C:\WINDOWS\system32\iihalmyk.ini
2007-11-13 20:42 . 2007-11-13 20:42 145,984 --a------ C:\WINDOWS\system32\oondmyno.dll
2007-11-13 18:47 . 2007-11-19 21:30 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2
2007-11-13 18:45 . 2007-11-13 18:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-13 18:11 . 2007-11-13 18:12 <DIR> d-------- C:\visioowriter
2007-11-12 20:43 . 2007-11-13 20:44 630,955 --ahs---- C:\WINDOWS\system32\pbubbjbc.ini
2007-11-12 20:37 . 2007-11-12 20:37 145,984 --a------ C:\WINDOWS\system32\aniffnes.dll
2007-11-12 16:42 . 2007-11-13 08:14 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-12 16:32 . 2007-11-12 16:32 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-12 16:32 . 2007-11-12 16:46 <DIR> d-------- C:\Program Files\VentSrv
2007-11-11 20:41 . 2007-11-12 20:42 551,964 --ahs---- C:\WINDOWS\system32\itndobim.ini
2007-11-11 20:38 . 2007-11-11 20:38 145,984 --a------ C:\WINDOWS\system32\ssvgakum.dll
2007-11-10 22:38 . 2007-11-10 22:39 <DIR> d-------- C:\Half-Life Editing
2007-11-10 22:37 . 2007-11-10 22:37 <DIR> d-------- C:\hl-edit
2007-11-10 20:47 . 2007-11-10 20:48 545,634 --ahs---- C:\WINDOWS\system32\wecfrgvg.ini
2007-11-10 20:41 . 2007-11-10 20:41 145,984 --a------ C:\WINDOWS\system32\nibwkpxv.dll
2007-11-09 21:02 . 2007-11-09 21:07 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\GSC
2007-11-09 20:42 . 2007-11-10 20:43 545,574 --ahs---- C:\WINDOWS\system32\vhbyakhd.ini
2007-11-09 20:36 . 2007-11-09 20:36 145,984 --a------ C:\WINDOWS\system32\sfnpsnuo.dll
2007-11-08 20:42 . 2007-11-09 15:58 578,989 --ahs---- C:\WINDOWS\system32\sqydaakg.ini
2007-11-08 20:36 . 2007-11-08 20:36 145,984 --a------ C:\WINDOWS\system32\icjaaxsw.dll
2007-11-08 17:27 . 2007-11-08 17:27 145,984 --a------ C:\WINDOWS\system32\aonfvnqq.dll
2007-11-08 10:32 . 2007-11-25 17:26 <DIR> d-------- C:\csdecals
2007-11-07 19:41 . 2007-11-07 19:41 <DIR> d-------- C:\USAF Mini Pro
2007-11-07 17:26 . 2007-11-08 17:31 565,190 --ahs---- C:\WINDOWS\system32\vggdibqb.ini
2007-11-07 17:20 . 2007-11-07 17:20 145,984 --a------ C:\WINDOWS\system32\oinqtsqm.dll
2007-11-06 19:45 . 2007-11-06 19:45 <DIR> d-------- C:\NVIDIA
2007-11-06 17:24 . 2007-11-06 17:24 145,984 --a------ C:\WINDOWS\system32\kbijcpvd.dll
2007-11-05 17:26 . 2007-11-06 17:26 570,229 --ahs---- C:\WINDOWS\system32\cwbfltqe.ini
2007-11-04 17:23 . 2007-11-05 17:23 576,904 --ahs---- C:\WINDOWS\system32\ooktgwvg.ini
2007-11-04 12:03 . 2007-11-04 12:03 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM
2007-11-03 17:28 . 2007-11-04 10:53 577,085 --ahs---- C:\WINDOWS\system32\raodqnxe.ini
2007-11-02 18:35 . 2007-11-02 18:35 <DIR> d-------- C:\Program Files\Hamachi
2007-11-02 18:35 . 2007-11-05 23:31 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi
2007-11-02 18:35 . 2007-11-02 18:35 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-02 17:25 . 2007-11-03 17:25 576,905 --ahs---- C:\WINDOWS\system32\xjqfpule.ini
2007-10-31 13:57 . 2007-11-01 12:50 577,737 --ahs---- C:\WINDOWS\system32\dcnvdess.ini
2007-10-30 14:54 . 2007-11-25 14:29 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab
2007-10-30 10:48 . 2007-10-30 10:48 65,536 --a------ C:\WINDOWS\system32\akpg.dll
2007-10-30 10:48 . 2007-10-30 10:48 40,960 --a------ C:\WINDOWS\system32\akins.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 09:48 9,493 ----a-w C:\WINDOWS\system32\drivers\akpcsc.sys
2007-10-23 21:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 22:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-22 21:57 --------- d-----w C:\Program Files\Analog Devices
2007-10-22 21:55 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-22 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-22 21:51 --------- d-----w C:\Program Files\ASUSTeK
2007-10-22 21:37 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Felix"="C:\Program Files\ScreenMates\felix.exe" [2007-11-25 12:13]
"KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [2007-11-25 12:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 22:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2005-01-06 19:01]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy]
lstfasmy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll

R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe
R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe
R2 PBParallel;PBParallel;C:\WINDOWS\system32\drivers\PBParallel.sys
R2 PBSmartcard;PBSmartcard;C:\WINDOWS\system32\drivers\PBSmartcard.sys
R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys
R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys
R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
S2 ACR;PC/SC ActivCard ActivReader;C:\WINDOWS\system32\DRIVERS\acr.sys
S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys
S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys
S3 AKSIM;ActivKey Sim;C:\WINDOWS\system32\drivers\aksim.sys
S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR24X.sys
S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}]
\Shell\AutoRun\command - H:\Urrong.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 20:49:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-30 20:50:47 - machine was rebooted
.
--- E O F ---

tetonbob · 11-29-2007, 01:49 PM

Please go to: VirusTotal

On the page you'll find a "Browse" button.
Next to the browse button you'll see a box to enter text.
Please copy/paste the following in BOLD:

C:\WINDOWS\system32\ytexsifn.dll
Then click the "Send File " button just below.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.
Please repeat for the following files:
- C:\WINDOWS\system32\lylmmbgu.ini
- C:\WINDOWS\system32\oondmyno.dll

tetonbob · 11-29-2007, 02:23 PM

Additionally, do you know what this is?

H:\Urrong.exe

Seems to match your logon name here. Is it something of your own making?

urrong · 11-29-2007, 03:38 PM

Here is result from ytexsifn.dll:

Datoteka ytexsifn.dll prejeto 2007.11.29 23:29:40 (CET)
Rezultati: 23/32 (71.88%)

Antivirus Verzija Zadnja posodobitev Rezultat
AhnLab-V3 2007.11.30.0 2007.11.29 Win-Trojan/Vundo.145984
AntiVir 7.6.0.34 2007.11.29 TR/Vundo.CA
Authentium 4.93.8 2007.11.29 -
Avast 4.7.1074.0 2007.11.29 Win32:SecBar-B
AVG 7.5.0.503 2007.11.29 Obfustat.VTX
BitDefender 7.2 2007.11.29 Adware.Virtumonde.GHI
CAT-QuickHeal 9.00 2007.11.29 AdWare.SecToolBar.k (Not a Virus)
ClamAV 0.91.2 2007.11.29 Adware.SecToolbar
DrWeb 4.44.0.09170 2007.11.29 Trojan.Fakealert.372
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5335 2007.11.29 Win32/Vundo.HF
Ewido 4.0 2007.11.29 -
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.29 -
F-Prot 4.4.2.54 2007.11.29 W32/Backdoor.CARL
F-Secure 6.70.13030.0 2007.11.29 -
Ikarus T3.1.1.12 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k
Kaspersky 7.0.0.125 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k
McAfee 5174 2007.11.29 Vundo
Microsoft 1.3007 2007.11.29 Trojan:Win32/Virtumonde.gen
NOD32v2 2693 2007.11.29 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.29 W32/Virtumonde.IIT
Panda 9.0.0.4 2007.11.29 Spyware/Virtumonde
Prevx1 V2 2007.11.29 Trojan.Zlob
Rising 20.20.22.00 2007.11.29 -
Sophos 4.23.0 2007.11.29 Troj/Virtum-Gen
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.29 Trojan.Vundo
TheHacker 6.2.9.144 2007.11.28 Trojan/BHO.ui
VBA32 3.12.2.5 2007.11.28 -
VirusBuster 4.3.26:9 2007.11.29 Adware.Vundo.V.Gen
Webwasher-Gateway 6.6.2 2007.11.29 Trojan.Vundo.CA

And yes, urrong.exe is my application

urrong · 11-29-2007, 03:40 PM

Here are results from oondmyno.dll:

Antivirus Verzija Zadnja posodobitev Rezultat
AhnLab-V3 2007.11.30.0 2007.11.29 Win-Trojan/Vundo.145984
AntiVir 7.6.0.34 2007.11.29 TR/Vundo.CA
Authentium 4.93.8 2007.11.29 -
Avast 4.7.1074.0 2007.11.29 Win32:SecBar-B
AVG 7.5.0.503 2007.11.29 Obfustat.VTX
BitDefender 7.2 2007.11.29 Adware.Virtumonde.GHI
CAT-QuickHeal 9.00 2007.11.29 AdWare.SecToolBar.k (Not a Virus)
ClamAV 0.91.2 2007.11.29 Adware.SecToolbar
DrWeb 4.44.0.09170 2007.11.29 Trojan.Fakealert.372
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5335 2007.11.29 Win32/Vundo.HF
Ewido 4.0 2007.11.29 -
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.29 -
F-Prot 4.4.2.54 2007.11.29 W32/Backdoor.CARL
F-Secure 6.70.13030.0 2007.11.29 -
Ikarus T3.1.1.12 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k
Kaspersky 7.0.0.125 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k
McAfee 5174 2007.11.29 Vundo
Microsoft 1.3007 2007.11.29 Trojan:Win32/Virtumonde.gen
NOD32v2 2693 2007.11.29 Win32/Adware.SecToolbar
Norman 5.80.02 2007.11.29 W32/Virtumonde.IIT
Panda 9.0.0.4 2007.11.29 Spyware/Virtumonde
Prevx1 V2 2007.11.29 Trojan.Zlob
Rising 20.20.22.00 2007.11.29 -
Sophos 4.23.0 2007.11.29 Troj/Virtum-Gen
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.29 Trojan.Vundo
TheHacker 6.2.9.144 2007.11.28 Trojan/BHO.ui
VBA32 3.12.2.5 2007.11.28 -
VirusBuster 4.3.26:9 2007.11.29 Adware.Vundo.V.Gen
Webwasher-Gateway 6.6.2 2007.11.29 Trojan.Vundo.CA

urrong · 11-29-2007, 03:41 PM

Here are results from lylmmbgu.ini:

Antivirus Verzija Zadnja posodobitev Rezultat
AhnLab-V3 2007.11.30.0 2007.11.29 -
AntiVir 7.6.0.34 2007.11.29 -
Authentium 4.93.8 2007.11.29 -
Avast 4.7.1074.0 2007.11.29 -
AVG 7.5.0.503 2007.11.29 -
BitDefender 7.2 2007.11.29 -
CAT-QuickHeal 9.00 2007.11.29 -
ClamAV 0.91.2 2007.11.29 -
DrWeb 4.44.0.09170 2007.11.29 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5335 2007.11.29 -
Ewido 4.0 2007.11.29 -
FileAdvisor 1 2007.11.29 -
Fortinet 3.14.0.0 2007.11.29 -
F-Prot 4.4.2.54 2007.11.29 -
F-Secure 6.70.13030.0 2007.11.29 -
Ikarus T3.1.1.12 2007.11.29 -
Kaspersky 7.0.0.125 2007.11.29 -
McAfee 5174 2007.11.29 -
Microsoft 1.3007 2007.11.29 -
NOD32v2 2693 2007.11.29 -
Norman 5.80.02 2007.11.29 -
Panda 9.0.0.4 2007.11.29 -
Prevx1 V2 2007.11.29 -
Rising 20.20.22.00 2007.11.29 -
Sophos 4.23.0 2007.11.29 -
Sunbelt 2.2.907.0 2007.11.27 -
Symantec 10 2007.11.29 -
TheHacker 6.2.9.144 2007.11.28 -
VBA32 3.12.2.5 2007.11.28 -
VirusBuster 4.3.26:9 2007.11.29 -
Webwasher-Gateway 6.6.2 2007.11.29 -

tetonbob · 11-29-2007, 03:43 PM

Quote:

Originally Posted by tetonbob

Additionally, do you know what this is?

H:\Urrong.exe

Seems to match your logon name here. Is it something of your own making?

Not sure if you saw this....

urrong · 11-29-2007, 03:46 PM

did saw. posted answer on end of first file result. Yes i did make the file and i think it is not infected. But i can check if u want.

tetonbob · 11-29-2007, 03:53 PM

Sorry about that, I missed it.

As long as you know what it is, and it's a file of your making, that should be OK. Just curious....what does it do?

If you have any doubts, scan it at VirusTotal also.

------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/197715-virus-tries-infect-me-other-malware-post1188722.html#post1188722

File::
C:\WINDOWS\system32\cfpgnnoq.dll
C:\WINDOWS\system32\iwjvjeib.dll
C:\WINDOWS\system32\vjcrrtdk.ini
C:\WINDOWS\system32\hnbdslmb.dll
C:\WINDOWS\system32\coiyiwox.ini
C:\WINDOWS\system32\oaoquwca.dll
C:\WINDOWS\system32\prnykmsp.ini
C:\WINDOWS\system32\gdpckulr.dll
C:\WINDOWS\system32\djlrjyri.ini
C:\WINDOWS\system32\kcwmlkrv.dll
C:\WINDOWS\system32\lylmmbgu.ini
C:\WINDOWS\system32\iuytwduf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\aidaewvv.ini
C:\WINDOWS\system32\dktlfsqs.dll
C:\WINDOWS\system32\fmctsjeu.ini
C:\WINDOWS\system32\asivgnmu.dll
C:\WINDOWS\system32\dncwjpub.ini
C:\WINDOWS\system32\vspyafby.dll
C:\WINDOWS\system32\fdvevgxt.ini
C:\WINDOWS\system32\wiskejbp.ini
C:\WINDOWS\system32\ingymkuo.dll
C:\WINDOWS\system32\rnrelimf.ini
C:\WINDOWS\system32\hiwwxlpx.dll
C:\WINDOWS\system32\wekfflas.ini
C:\WINDOWS\system32\hftisxgu.dll
C:\WINDOWS\system32\iihalmyk.ini
C:\WINDOWS\system32\oondmyno.dll
C:\WINDOWS\system32\pbubbjbc.ini
C:\WINDOWS\system32\aniffnes.dll
C:\WINDOWS\system32\itndobim.ini
C:\WINDOWS\system32\ssvgakum.dll
C:\WINDOWS\system32\wecfrgvg.ini
C:\WINDOWS\system32\nibwkpxv.dll
C:\WINDOWS\system32\vhbyakhd.ini
C:\WINDOWS\system32\sfnpsnuo.dll
C:\WINDOWS\system32\sqydaakg.ini
C:\WINDOWS\system32\icjaaxsw.dll
C:\WINDOWS\system32\aonfvnqq.dll
C:\WINDOWS\system32\vggdibqb.ini
C:\WINDOWS\system32\oinqtsqm.dll
C:\WINDOWS\system32\kbijcpvd.dll
C:\WINDOWS\system32\cwbfltqe.ini
C:\WINDOWS\system32\ooktgwvg.ini
C:\WINDOWS\system32\raodqnxe.ini
C:\WINDOWS\system32\xjqfpule.ini
C:\WINDOWS\system32\dcnvdess.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy]

Collect::
C:\WINDOWS\system32\ytexsifn.dll
C:\WINDOWS\system32\issdroln.dll
C:\WINDOWS\system32\rskcrkjt.dll
C:\WINDOWS\system32\dduiuyau.dll

Save this as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

urrong · 11-29-2007, 04:12 PM

The urrong.exe app hides all my files on USB stick so that no noe else can see them unless they know some stuff about computers (it only hides and make them system files). Cuz it is made in batch it is very simple. I go to computer related school but i am 1st grade middle school so i dont know that much about other programming languages. Here are the logs:

CF:

ComboFix 07-11-30.3 - Ernest 2007-11-30 23:58:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT 1:00]
Running from: C:\Documents and Settings\Ernest\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ernest\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aidaewvv.ini
C:\WINDOWS\system32\aniffnes.dll
C:\WINDOWS\system32\aonfvnqq.dll
C:\WINDOWS\system32\asivgnmu.dll
C:\WINDOWS\system32\cfpgnnoq.dll
C:\WINDOWS\system32\coiyiwox.ini
C:\WINDOWS\system32\cwbfltqe.ini
C:\WINDOWS\system32\dcnvdess.ini
C:\WINDOWS\system32\djlrjyri.ini
C:\WINDOWS\system32\dktlfsqs.dll
C:\WINDOWS\system32\dncwjpub.ini
C:\WINDOWS\system32\fdvevgxt.ini
C:\WINDOWS\system32\fmctsjeu.ini
C:\WINDOWS\system32\gdpckulr.dll
C:\WINDOWS\system32\hftisxgu.dll
C:\WINDOWS\system32\hiwwxlpx.dll
C:\WINDOWS\system32\hnbdslmb.dll
C:\WINDOWS\system32\icjaaxsw.dll
C:\WINDOWS\system32\iihalmyk.ini
C:\WINDOWS\system32\ingymkuo.dll
C:\WINDOWS\system32\itndobim.ini
C:\WINDOWS\system32\iuytwduf.dll
C:\WINDOWS\system32\iwjvjeib.dll
C:\WINDOWS\system32\kbijcpvd.dll
C:\WINDOWS\system32\kcwmlkrv.dll
C:\WINDOWS\system32\lylmmbgu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nibwkpxv.dll
C:\WINDOWS\system32\oaoquwca.dll
C:\WINDOWS\system32\oinqtsqm.dll
C:\WINDOWS\system32\ooktgwvg.ini
C:\WINDOWS\system32\oondmyno.dll
C:\WINDOWS\system32\pbubbjbc.ini
C:\WINDOWS\system32\prnykmsp.ini
C:\WINDOWS\system32\raodqnxe.ini
C:\WINDOWS\system32\rnrelimf.ini
C:\WINDOWS\system32\sfnpsnuo.dll
C:\WINDOWS\system32\sqydaakg.ini
C:\WINDOWS\system32\ssvgakum.dll
C:\WINDOWS\system32\vggdibqb.ini
C:\WINDOWS\system32\vhbyakhd.ini
C:\WINDOWS\system32\vjcrrtdk.ini
C:\WINDOWS\system32\vspyafby.dll
C:\WINDOWS\system32\wecfrgvg.ini
C:\WINDOWS\system32\wekfflas.ini
C:\WINDOWS\system32\wiskejbp.ini
C:\WINDOWS\system32\xjqfpule.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aidaewvv.ini
C:\WINDOWS\system32\aniffnes.dll
C:\WINDOWS\system32\aonfvnqq.dll
C:\WINDOWS\system32\asivgnmu.dll
C:\WINDOWS\system32\cfpgnnoq.dll
C:\WINDOWS\system32\coiyiwox.ini
C:\WINDOWS\system32\cwbfltqe.ini
C:\WINDOWS\system32\dcnvdess.ini
C:\WINDOWS\system32\dduiuyau.dll
C:\WINDOWS\system32\djlrjyri.ini
C:\WINDOWS\system32\dktlfsqs.dll
C:\WINDOWS\system32\dncwjpub.ini
C:\WINDOWS\system32\fdvevgxt.ini
C:\WINDOWS\system32\fmctsjeu.ini
C:\WINDOWS\system32\gdpckulr.dll
C:\WINDOWS\system32\hftisxgu.dll
C:\WINDOWS\system32\hiwwxlpx.dll
C:\WINDOWS\system32\hnbdslmb.dll
C:\WINDOWS\system32\icjaaxsw.dll
C:\WINDOWS\system32\iihalmyk.ini
C:\WINDOWS\system32\ingymkuo.dll
C:\WINDOWS\system32\issdroln.dll
C:\WINDOWS\system32\itndobim.ini
C:\WINDOWS\system32\iuytwduf.dll
C:\WINDOWS\system32\iwjvjeib.dll
C:\WINDOWS\system32\kbijcpvd.dll
C:\WINDOWS\system32\kcwmlkrv.dll
C:\WINDOWS\system32\lylmmbgu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nibwkpxv.dll
C:\WINDOWS\system32\oaoquwca.dll
C:\WINDOWS\system32\oinqtsqm.dll
C:\WINDOWS\system32\ooktgwvg.ini
C:\WINDOWS\system32\oondmyno.dll
C:\WINDOWS\system32\pbubbjbc.ini
C:\WINDOWS\system32\prnykmsp.ini
C:\WINDOWS\system32\raodqnxe.ini
C:\WINDOWS\system32\rnrelimf.ini
C:\WINDOWS\system32\rskcrkjt.dll
C:\WINDOWS\system32\sfnpsnuo.dll
C:\WINDOWS\system32\sqydaakg.ini
C:\WINDOWS\system32\ssvgakum.dll
C:\WINDOWS\system32\vggdibqb.ini
C:\WINDOWS\system32\vhbyakhd.ini
C:\WINDOWS\system32\vjcrrtdk.ini
C:\WINDOWS\system32\vspyafby.dll
C:\WINDOWS\system32\wecfrgvg.ini
C:\WINDOWS\system32\wekfflas.ini
C:\WINDOWS\system32\wiskejbp.ini
C:\WINDOWS\system32\xjqfpule.ini
C:\WINDOWS\system32\ytexsifn.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-29 16:28 . 2007-11-29 16:28 145,984 --a------ C:\WINDOWS\system32\booymxeg.dll
2007-11-27 15:41 . 2007-11-27 15:41 <DIR> d-------- C:\Program Files\uTorrent
2007-11-27 15:41 . 2007-11-29 20:42 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\uTorrent
2007-11-27 15:16 . 2007-11-30 20:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-27 15:16 . 2007-11-27 15:16 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-27 15:15 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\iTunes
2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\iPod
2007-11-27 15:14 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\QuickTime
2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-26 16:28 . 2007-11-26 16:28 <DIR> d-------- C:\Deckard
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\ie-spyad_zo
2007-11-25 12:22 . 2007-11-25 12:22 38 --a------ C:\WINDOWS\DeskToppers.ini
2007-11-25 12:15 . 2007-11-25 12:22 <DIR> d-------- C:\Program Files\ScreenMates
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-23 03:00 . 2007-11-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-18 12:27 . 2007-11-18 12:27 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield
2007-11-18 12:26 . 2007-11-18 12:27 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-18 12:24 . 2007-11-18 12:25 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-18 12:24 . 2007-11-18 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-18 12:24 . 2007-11-18 12:24 24,192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys
2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-11-13 18:47 . 2007-11-19 21:30 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2
2007-11-13 18:45 . 2007-11-13 18:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-13 18:11 . 2007-11-13 18:12 <DIR> d-------- C:\visioowriter
2007-11-12 16:42 . 2007-11-13 08:14 <DIR> d-------- C:\Program Files\Ventrilo
2007-11-12 16:32 . 2007-11-12 16:32 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-12 16:32 . 2007-11-12 16:46 <DIR> d-------- C:\Program Files\VentSrv
2007-11-10 22:38 . 2007-11-10 22:39 <DIR> d-------- C:\Half-Life Editing
2007-11-10 22:37 . 2007-11-10 22:37 <DIR> d-------- C:\hl-edit
2007-11-09 21:02 . 2007-11-09 21:07 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\GSC
2007-11-08 10:32 . 2007-11-30 21:29 <DIR> d-------- C:\csdecals
2007-11-07 19:41 . 2007-11-07 19:41 <DIR> d-------- C:\USAF Mini Pro
2007-11-06 19:45 . 2007-11-06 19:45 <DIR> d-------- C:\NVIDIA
2007-11-04 12:03 . 2007-11-04 12:03 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM
2007-11-02 18:35 . 2007-11-02 18:35 <DIR> d-------- C:\Program Files\Hamachi
2007-11-02 18:35 . 2007-11-05 23:31 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi
2007-11-02 18:35 . 2007-11-02 18:35 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-30 14:54 . 2007-11-25 14:29 <DIR> d-------- C:\WINDOWS\LastGood
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\WINDOWS\Sun
2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab
2007-10-30 10:48 . 2007-10-30 10:48 65,536 --a------ C:\WINDOWS\system32\akpg.dll
2007-10-30 10:48 . 2007-10-30 10:48 40,960 --a------ C:\WINDOWS\system32\akins.dll
2007-10-30 10:48 . 2007-10-30 10:48 16,566 --a------ C:\WINDOWS\system32\drivers\smartusb.sys
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Precise Biometrics
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\SCR331 PCSC Driver
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\SCR201 PCSC Driver
2007-10-30 10:46 . 2007-10-30 10:46 <DIR> d-------- C:\Program Files\Common Files\ActivCard
2007-10-30 10:42 . 2007-10-30 10:48 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-10-29 23:13 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 23:13 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-29 23:13 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-29 23:13 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-29 23:13 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-10-29 23:13 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-10-29 23:13 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-10-29 23:13 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-10-29 23:13 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-10-29 23:13 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-29 23:13 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-29 23:13 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-29 23:12 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-10-29 23:12 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-10-29 23:12 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-10-29 23:12 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-10-29 23:12 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-10-29 23:12 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-29 23:05 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-10-29 18:06 . 2007-10-29 18:06 <DIR> d-------- C:\Program Files\ActivCard
2007-10-29 17:23 . 2007-10-29 17:23 <DIR> d-------- C:\Program Files\ActivIdentity
2007-10-29 17:23 . 2006-05-31 17:12 86,093 --a------ C:\WINDOWS\system32\akspg.dll
2007-10-29 17:23 . 2006-05-31 17:11 73,807 --a------ C:\WINDOWS\system32\aksins.dll
2007-10-28 14:11 . 2007-10-30 11:15 <DIR> d-------- C:\Program Files\HLSW
2007-10-28 10:30 . 2007-10-29 11:52 694,681 --ahs---- C:\WINDOWS\system32\amlfvypu.ini
2007-10-27 10:42 . 2007-11-18 17:03 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-27 10:32 . 2007-10-27 10:32 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-10-27 09:42 . 2004-08-03 22:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-10-27 09:42 . 2004-08-03 23:56 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-27 09:42 . 2004-08-03 21:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2007-10-27 09:42 . 2004-08-03 22:10 59,648 --a------ C:\WINDOWS\system32\drivers\rfcomm.sys
2007-10-27 09:42 . 2004-08-03 23:56 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-27 09:42 . 2004-08-03 22:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-10-27 09:42 . 2004-08-03 22:10 17,024 --a------ C:\WINDOWS\system32\drivers\BthEnum.sys
2007-10-27 09:42 . 2004-08-03 23:56 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-27 09:42 . 2004-08-03 23:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-10-26 20:51 . 2007-11-10 19:26 <DIR> d-------- C:\Program Files\Valve
2007-10-26 18:13 . 2007-11-08 08:53 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\DivX
2007-10-26 08:27 . 2007-10-28 10:27 694,381 --ahs---- C:\WINDOWS\system32\lpaguwal.ini
2007-10-25 19:43 . 2007-11-30 21:21 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Skype
2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Program Files\Skype
2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-25 19:42 . 2007-10-25 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-25 19:26 . 2007-11-12 16:46 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Ventrilo
2007-10-25 07:56 . 2007-10-26 08:21 693,721 --ahs---- C:\WINDOWS\system32\emjuxglr.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-30 09:48 9,493 ----a-w C:\WINDOWS\system32\drivers\akpcsc.sys
2007-10-23 21:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 22:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-22 21:57 --------- d-----w C:\Program Files\Analog Devices
2007-10-22 21:55 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-22 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-22 21:51 --------- d-----w C:\Program Files\ASUSTeK
2007-10-22 21:37 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2007-11-30_20.50.01.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 23:01:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_688.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Felix"="C:\Program Files\ScreenMates\felix.exe" [2007-11-25 12:13]
"KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [2007-11-25 12:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 22:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2005-01-06 19:01]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]

R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe
R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe
R2 PBParallel;PBParallel;C:\WINDOWS\system32\drivers\PBParallel.sys
R2 PBSmartcard;PBSmartcard;C:\WINDOWS\system32\drivers\PBSmartcard.sys
R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys
R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys
R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS
R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys
S2 ACR;PC/SC ActivCard ActivReader;C:\WINDOWS\system32\DRIVERS\acr.sys
S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys
S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys
S3 AKSIM;ActivKey Sim;C:\WINDOWS\system32\drivers\aksim.sys
S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR24X.sys
S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}]
\Shell\AutoRun\command - H:\Urrong.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-10 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-29 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 00:01:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-01 0:02:53 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-30 20:50
.
--- E O F ---

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:07:39, on 1.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 8763 bytes

tetonbob · 11-29-2007, 04:19 PM

Sounds like a cool idea.

Using Windows Explorer, or Windows search, locate and delete this file:

C:\WINDOWS\system32\booymxeg.dll

Let me know if it resists.

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present, prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

How is your system behaving?

urrong · 11-29-2007, 04:29 PM

I have a problem. When i try to see pages in IE windows automaticaly opens mozilla and opens web page in it. So i cant perform an online scan. IE stoped working when i got infected and the virus changed exe to terminate every time it starts. Then i installed it again, this time IE 7 and that is the problem (redirects to mozilla). So what shuld i do to make IE work?

tetonbob · 11-29-2007, 05:01 PM

For now, I'd suggest installing IE-Tab add on. It's an IE emulator, and should allow you to run the scan from within Firefox once you change it's focus to IE.

https://addons.mozilla.org/en-US/firefox/addon/1419

http://ietab.mozdev.org

urrong · 11-29-2007, 05:31 PM

I get an error saying that i have to be online for database to download (and i am online all the time). So is there any other way to get the required log (any other online scan or somethnig)? This is my last post today cuz it is 1:30 AM my time. See you tomorow. Take Care.

tetonbob · 11-29-2007, 05:34 PM

Might have just been some data loss on the 'net. Try again.

If still no joy, use this onboard scanner:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Doubleclick the drweb-cureit.exe file.
Click on Start, and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, we need to change the default settings.
In the Menu Bar, Go to Options>Change Settings.
Click on the Actions tab
Using the drop down menus, change each item under Objects, Infected Packages and Malware to Report, then click OK
Next, tick the Complete Scan radio button.
Click the green arrow at the right, and the scan will start.
Click 'No to All' if it asks if you want to cure/move the file.
After the scan has completed, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Ignore and close any windows which open, prompting you to buy DrWeb.
Post the contents of the log from Dr.Web you saved previously in your next reply.

urrong · 12-01-2007, 03:27 AM

Hi,
I managed to do the scan so i will post the log. About that booymxeg.dll file that you said me to delete it and to tell you if it resists. The file did not resist so i deleted it. Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 02, 2007 11

44 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/12/2007
Kaspersky Anti-Virus database records: 469631
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
O:\

Scan Statistics:
Total number of scanned objects: 203890
Number of viruses found: 24
Number of infected objects: 185
Number of suspicious objects: 0
Duration of the scan process: 04:19:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Ernest\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ernest\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ernest\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\history.dat Object is locked skipped
C:\Documents and Settings\Ernest\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\key3.db Object is locked skipped
C:\Documents and Settings\Ernest\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ernest\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Ernest\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Ernest\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\esheep.zip/Outerinfo-1704.exe/data0006/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\esheep.zip/Outerinfo-1704.exe/data0006 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\esheep.zip/Outerinfo-1704.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\esheep.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\ForceDel.zip/NtSystemInfo/ForceDel/Release/ForceDel.exe Infected: not-a-virus:RiskTool.Win32.Deleter.a skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\ForceDel.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\install372(2).exe Infected: Trojan-Downloader.Win32.Agent.ekn skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\install372.exe Infected: Trojan-Downloader.Win32.Agent.ekn skipped
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Ernest\Desktop\[4]-Submit_2007-11-30@23.57.zip/dduiuyau.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Ernest\Desktop\[4]-Submit_2007-11-30@23.57.zip/issdroln.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Ernest\Desktop\[4]-Submit_2007-11-30@23.57.zip/rskcrkjt.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Ernest\Desktop\[4]-Submit_2007-11-30@23.57.zip/ytexsifn.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Ernest\Desktop\[4]-Submit_2007-11-30@23.57.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Ernest\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\Cache\524A18A2d01 Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\Application Data\Mozilla\Firefox\Profiles\nckaddk3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\History\History.IE5\MSHist012007120220071203\index.dat Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\temp\flaEA05.tmp Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\temp\~DF4115.tmp Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\temp\~DF99B4.tmp Object is locked skipped
C:\Documents and Settings\Ernest\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ernest\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ernest\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-12-01.00-01-10.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ajgvqeyn.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\aniffnes.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\aonfvnqq.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\asivgnmu.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\buxmbxsl.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cdfnjlll.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cfpgnnoq.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ciorspxi.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cnpgnvxi.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dfvbpmhr.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dktlfsqs.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\FMTR.sys.vir Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drskqjls.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drsugmvo.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\eriwvpsl.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\evpokhxx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\faraddtc.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fnjikbhj.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\frvmvcgq.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gdpckulr.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\giqhmuuw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gqvdsjbo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hftisxgu.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hiwwxlpx.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hnbdslmb.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\icjaaxsw.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ingymkuo.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\iuytwduf.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\iwjvjeib.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jwpjmtes.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kaskfral.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kbijcpvd.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kcwmlkrv.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lajiblrt.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lbtvcfxd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lihbpwjk.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mfwhgsul.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ngihouvl.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nibwkpxv.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nlxricba.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oaoquwca.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oinqtsqm.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oondmyno.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qofpaoch.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rbexxemg.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\sfnpsnuo.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\skatqjhv.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ssvgakum.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\sywkqhiq.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tgescxie.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tltobucl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ughmbuhv.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\uqalhqcn.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\usgbwjmv.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\utpesswp.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vspyafby.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yytrfqpx.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038065.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038066.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038067.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038068.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038069.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038070.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038071.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038072.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038073.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038074.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038075.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038076.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038077.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038078.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038079.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038080.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038081.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038082.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038083.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038084.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038085.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038086.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038087.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038088.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038089.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038090.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038091.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038092.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038096.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038098.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038099.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP102\A0038109.sys Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038228.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038230.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038231.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038232.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038233.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038238.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038242.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038243.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038244.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038245.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038246.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038248.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038250.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038251.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038252.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038253.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038255.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038256.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038257.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038259.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038264.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038266.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038270.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\A0038322.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\change.log Object is locked skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP58\A0020592.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.agh skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP61\A0023658.dll Infected: Trojan.Win32.BHO.rf skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP79\A0026746.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP80\A0028746.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP81\A0030842.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP81\A0031912.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP81\A0031913.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP87\A0032007.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP89\A0033292.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP90\A0034292.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP93\A0034414.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP93\A0034415.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP93\A0034505.dll Infected: Trojan-Downloader.Win32.Small.gnb skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP94\A0035464.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP94\A0035536.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP96\A0036536.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP98\A0037713.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP98\A0037714.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP98\A0037715.dll Infected: Trojan-Downloader.Win32.Small.gnb skipped
C:\Tools\ForceDel.exe Infected: not-a-virus:RiskTool.Win32.Deleter.a skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\tapaaxbg.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\uhslrtrp.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_688.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Windows\Azureus downloads\Need for speed ProStreet [PC-DVD] [English] [www.topetorrent.com]\NFSPROSTREET-HKZonda.mdf Object is locked skipped
D:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP58\A0021222.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP58\A0021284.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\change.log Object is locked skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\HACKERS_\HACKERS_\MIRC32.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.582 skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\HACKERS_\HACKERS_\SYSTEM\ALIAS\ALIAS.INI Infected: Backdoor.IRC.Zapchast skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\G2.ZIP/G2.EXE Infected: Constructor.DOS.G2 skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\G2.ZIP ZIP: infected - 1 skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\IVP.ZIP/IVP.EXE Infected: Constructor.DOS.IVP_17 skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\IVP.ZIP ZIP: infected - 1 skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\nrlg.zip/NRLG.EXE Infected: Constructor.DOS.NRLG skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\nrlg.zip ZIP: infected - 1 skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\rme11.zip/RME11.OBJ Infected: VirTool.DOS.RME.11 skipped
O:\All files\programing and hacking\2. hacking and cracking\hacking\hacking2\rme11.zip ZIP: infected - 1 skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/Bifrost/Bifrost.exe Infected: Backdoor.Win32.VB.bnx skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/Poison Ivy 2.3.0/Plugins/rpsC.dll Infected: Backdoor.Win32.PoisonIvy.q skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/Poison Ivy 2.3.0/Plugins/rpsS.dll Infected: Backdoor.Win32.PoisonIvy.q skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/Poison Ivy 2.3.0/Poison Ivy 2.3.0.exe Infected: Backdoor.Win32.VB.bnx skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/ProRAT 2.0SE/ProRAT 2.0SE.exe Infected: Backdoor.Win32.VB.bnx skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/sharK_2.2/sharK.exe Infected: Backdoor.Win32.VB.bnx skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/xHacker 3.0/Client/xHacker3.exe Infected: Backdoor.Win32.VB.bnx skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar/Trojans (Remote Access Tools)/xHacker 3.0/ServerBuilder/ServerBuilder.exe Infected: Backdoor.Win32.VB.bnx skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar/Hacking Tools & E-Books (AIO) Collection 08-16-2007/Trojans (Remote Access Tools).rar Infected: Backdoor.Win32.VB.bnx skipped
O:\All files\programing and hacking\Hacking Tools & E-Books (AIO) Collection 08-16-2007.rar RAR: infected - 9 skipped
O:\Programs\BearShareV6.exe/WISE0105.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
O:\Programs\BearShareV6.exe/WISE0105.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
O:\Programs\BearShareV6.exe/WISE0105.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
O:\Programs\BearShareV6.exe WiseSFX: infected - 3 skipped
O:\Programs\BearShareV6.exe WiseSFX Dropper: infected - 3 skipped
O:\Programs\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
O:\Programs\Replay.Converter.v2.30.WinALL.Incl.Crack-te.rar/RCSetup.exe Infected: Trojan-Dropper.Win32.Agent.agp skipped
O:\Programs\Replay.Converter.v2.30.WinALL.Incl.Crack-te.rar RAR: infected - 1 skipped
O:\RECYCLER\S-1-5-21-220523388-1500820517-839522115-1003\Dm4\Sun\Java\Deployment\cache\6.0\28\8d22ddc-24184974/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
O:\RECYCLER\S-1-5-21-220523388-1500820517-839522115-1003\Dm4\Sun\Java\Deployment\cache\6.0\28\8d22ddc-24184974 ZIP: infected - 1 skipped
O:\RECYCLER\S-1-5-21-220523388-1500820517-839522115-1003\Dm4\Sun\Java\Deployment\cache\6.0\41\3620dfa9-2c2aa11f Infected: Exploit.Java.Gimsh.a skipped
O:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
O:\System Volume Information\_restore{6FAE55AA-0078-4D78-9E46-124D38857D3D}\RP103\change.log Object is locked skipped

Scan process completed.

tetonbob · 12-04-2007, 08:04 AM

Using Windows Explorer or Windows Search, locate and delete these files:

C:\Documents and Settings\Ernest\Desktop\Internet Downloads\esheep.zip
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\install372(2).exe
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\install372.exe
C:\Documents and Settings\Ernest\Desktop\[4]-Submit_2007-11-30@23.57.zip
C:\WINDOWS\system32\tapaaxbg.dll
C:\WINDOWS\system32\uhslrtrp.dll
O:\Programs\Replay.Converter.v2.30.WinALL.Incl.Crack-te.rar
O:\Programs\BearShareV6.exe

Let me know if you cannot find them, or they resist deletion.

Other than that....the other finds by kaspersky will be addressed in the following steps.

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
SpywareGuard to catch and block spyware before it can execute.
SPYBOT - SEARCH & DESTROY
Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
FIREWALL
If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

11-26-2007, 09:09 AM	#1 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	[SOLVED] virus that tries to infect me with other malware Hi, this is my first post. My problem is That i constantly receive virus warnings from avast antivirus 4.7 pro. I had some malware that ware displaying fake popups saying my computer is infected and i also had the "best seller antivirus" installed widouth my knowlede and some toolbar "virus security 7" or something like that. So i founded the files that were doing all that and removed them from registry and computer drive but i still have a visrus that downloads other viruses and tryes to infect me. Luckily avast gets all the files before they infect me. But i guess that avast cant find the one that is downloading other ones. O, and i cant use my internet explorer cuz when i was infected the virus changed the exe of IE and IE terminated every time it started. Then i installed it again after the viruses and when IE is running the popups start to come. So this is my problem: 1. cant use IE, 2. Other malware tries to infect me. And i also have external hard drive that i only use on my computer, so there is also a possibility that the virus is on the external hard drive. I dont want to lose my data so my last thing is to format my hard drives. My log from dss (main): Deckard's System Scanner v20071014.68 Run by Ernest on 2007-11-26 16:28:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 69: 2007-11-26 15:28:42 UTC - RP98 - Deckard's System Scanner Restore Point 68: 2007-11-25 21:41:09 UTC - RP97 - Removed Age of Empires III 67: 2007-11-25 13:28:42 UTC - RP96 - Installed DirectX 66: 2007-11-25 09:54:03 UTC - RP95 - System Checkpoint 65: 2007-11-23 23:09:07 UTC - RP94 - Installed Adobe Photoshop CS2 -- First Restore Point -- 1: 2007-10-24 14:25:44 UTC - RP30 - Installed Windows Internet Explorer 7. Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Ernest.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:30:28, on 26.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ActivCard\acautoreg.exe C:\Program Files\Common Files\ActivCard\accoca.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ernest\Desktop\Internet Downloads\dss.exe C:\DOCUME~1\Ernest\Desktop\INTERN~1\Ernest.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\gesudpkr.dll (file missing) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\lstfasmy.dll (file missing) O2 - BHO: (no name) - {D4D846C2-DB94-457E-A15C-91D675BB7EF9} - C:\WINDOWS\system32\vtsqr.dll O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [Norton] C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\evpokhxx.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: lstfasmy - lstfasmy.dll (file missing) O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) -- End of file - 9350 bytes -- HijackThis Fixed Entries (C:\DOCUME~1\Ernest\Desktop\INTERN~1\backups\) ----- backup-20071022-205710-131 O1 - Hosts: 216.999.248.174 www.cia.gov backup-20071022-205710-223 O13 - WWW Prefix: http://www.serial99.com/? backup-20071022-205710-828 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\eugcvsin.dll backup-20071024-151750-302 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\kqbnavia.dll",b backup-20071024-151750-447 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll backup-20071024-151750-770 O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe backup-20071024-151838-663 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll backup-20071024-161508-943 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll backup-20071024-161541-180 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll backup-20071024-163025-839 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll backup-20071030-161144-392 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll (file missing) backup-20071030-161225-151 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\dymxsqmn.dll",b backup-20071101-140629-455 O4 - HKLM\..\Run: [DriverUpdate] C:\WINDOWS\system32\UpdateDriver.exe backup-20071101-140957-756 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\jwtyjepu.dll",b backup-20071125-162020-117 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20071125-162020-392 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe backup-20071125-162020-474 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe backup-20071125-162020-557 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\gqvdsjbo.dll",b backup-20071125-162020-578 O23 - Service: DomainService - - C:\WINDOWS\system32\kaskfral.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 AsIO - c:\windows\system32\drivers\asio.sys R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.> R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT> R2 PBParallel - c:\windows\system32\drivers\pbparallel.sys <Not Verified; Precise Biometrics AB; Precise 100> R2 PBSmartcard - c:\windows\system32\drivers\pbsmartcard.sys <Not Verified; Precise Biometrics AB; Precise 100> R3 Actrpcsc - c:\windows\system32\drivers\actrpcsc.sys <Not Verified; ActivCard; > R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver> R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver> R3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S2 ACR (PC/SC ActivCard ActivReader) - c:\windows\system32\drivers\acr.sys <Not Verified; ActivCard S.A.; ActivCard PC/SC ActivReader Driver> S2 ACTR (Smart Card Reader) - c:\windows\system32\drivers\actr.sys <Not Verified; ActivCard S.A.; ActivCard PC/SC SmartReader Driver> S3 actccid (ActivCard USB Reader V2) - c:\windows\system32\drivers\actccid.sys <Not Verified; ActivCard; USB Reader V2> S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 acautoreg (ActivCard Gold Autoregister) - c:\program files\common files\activcard\acautoreg.exe <Not Verified; ActivIdentity; ActivCard Gold> R2 Accoca (ActivCard Gold service) - c:\program files\common files\activcard\accoca.exe <Not Verified; ActivCard; ActivCard Gold> R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service> R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing) S4 DomainService - c:\windows\system32\kaskfral.exe /service <Not Verified; ; DDC> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Hamachi Network Interface Device ID: ROOT\NET\0000 Manufacturer: Applied Networking Inc. Name: Hamachi Network Interface PNP Device ID: ROOT\NET\0000 Service: hamachi -- Scheduled Tasks ------------------------------------------------------------- 2007-11-26 16:00:00 368 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job 2007-11-10 09:11:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-10-26 and 2007-11-26 ----------------------------- 2007-11-26 16:28:27 85056 --a------ C:\WINDOWS\system32\evpokhxx.dll 2007-11-26 16:25:28 71232 --a------ C:\WINDOWS\system32\lajiblrt.exe <Not Verified; ; DDC> 2007-11-26 16:25:28 145984 --a------ C:\WINDOWS\system32\issdroln.dll 2007-11-26 16:14:37 0 d-------- C:\ie-spyad_zo 2007-11-26 16:14:21 0 d-------- C:\Program Files\SpywareBlaster 2007-11-25 16:28:27 85056 -----n--- C:\WINDOWS\system32\lbtvcfxd.dll 2007-11-25 16:25:27 71232 --a------ C:\WINDOWS\system32\faraddtc.exe <Not Verified; ; DDC> 2007-11-25 16:22:56 145984 --a------ C:\WINDOWS\system32\rskcrkjt.dll 2007-11-25 16:18:41 145984 --a------ C:\WINDOWS\system32\dduiuyau.dll 2007-11-25 16:16:10 71232 --a------ C:\WINDOWS\system32\ughmbuhv.exe <Not Verified; ; DDC> 2007-11-25 16:09:06 71232 --a------ C:\WINDOWS\system32\dfvbpmhr.exe <Not Verified; ; DDC> 2007-11-25 1606 145984 --a------ C:\WINDOWS\system32\cfpgnnoq.dll 2007-11-25 16:03:36 145984 --a------ C:\WINDOWS\system32\iwjvjeib.dll 2007-11-25 12:15:28 0 d-------- C:\Program Files\ScreenMates 2007-11-25 11:04:08 85056 --a------ C:\WINDOWS\system32\gqvdsjbo.dll 2007-11-25 11:01:08 71232 --a------ C:\WINDOWS\system32\fnjikbhj.exe <Not Verified; ; DDC> 2007-11-25 10:58:08 145984 --a------ C:\WINDOWS\system32\tapaaxbg.dll 2007-11-24 11:47:35 71232 --a------ C:\WINDOWS\system32\sywkqhiq.exe <Not Verified; ; DDC> 2007-11-24 11:45:05 145984 --a------ C:\WINDOWS\system32\hnbdslmb.dll 2007-11-24 00:10:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-11-24 00:10:00 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-11-23 17:48:29 145984 --a------ C:\WINDOWS\system32\oaoquwca.dll 2007-11-23 17:48:28 71232 --a------ C:\WINDOWS\system32\yytrfqpx.exe <Not Verified; ; DDC> 2007-11-23 03:00:35 0 d-------- C:\Program Files\MSXML 4.0 2007-11-22 17:52:36 0 --a------ C:\WINDOWS\system32\sgwsujsd.exe 2007-11-22 17:49:58 71232 --a------ C:\WINDOWS\system32\ajgvqeyn.exe <Not Verified; ; DDC> 2007-11-22 17:49:34 145984 --a------ C:\WINDOWS\system32\gdpckulr.dll 2007-11-21 17:52:32 0 --a------ C:\WINDOWS\system32\qghtdycg.exe 2007-11-21 17:49:32 71232 --a------ C:\WINDOWS\system32\qofpaoch.exe <Not Verified; ; DDC> 2007-11-21 17:49:32 145984 --a------ C:\WINDOWS\system32\kcwmlkrv.dll 2007-11-20 17:47:07 145984 --a------ C:\WINDOWS\system32\iuytwduf.dll 2007-11-20 17:47:06 71232 --a------ C:\WINDOWS\system32\lihbpwjk.exe <Not Verified; ; DDC> 2007-11-19 17:48:17 145984 --a------ C:\WINDOWS\system32\dktlfsqs.dll 2007-11-19 17:48:16 71232 --a------ C:\WINDOWS\system32\mfwhgsul.exe <Not Verified; ; DDC> 2007-11-18 17:50:21 145984 --a------ C:\WINDOWS\system32\asivgnmu.dll 2007-11-18 17:47:21 71232 --a------ C:\WINDOWS\system32\skatqjhv.exe <Not Verified; ; DDC> 2007-11-18 12:27:36 0 d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield 2007-11-18 12:26:20 0 d-------- C:\Program Files\Avanquest update 2007-11-18 12:24:35 0 d-------- C:\Program Files\Motorola Phone Tools 2007-11-18 12:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-11-18 12:24:25 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2007-11-18 12:24:25 24192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-11-18 12:24:25 22768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2007-11-17 17:52:07 145984 --a------ C:\WINDOWS\system32\vspyafby.dll 2007-11-17 17:49:07 71232 --a------ C:\WINDOWS\system32\ciorspxi.exe <Not Verified; ; DDC> 2007-11-16 10:11:14 145984 --a------ C:\WINDOWS\system32\ingymkuo.dll 2007-11-16 10:11:13 71232 --a------ C:\WINDOWS\system32\drsugmvo.exe <Not Verified; ; DDC> 2007-11-15 10:13:16 71232 --a------ C:\WINDOWS\system32\usgbwjmv.exe <Not Verified; ; DDC> 2007-11-15 10:13:16 145984 --a------ C:\WINDOWS\system32\hiwwxlpx.dll 2007-11-14 20:43:06 145984 --a------ C:\WINDOWS\system32\hftisxgu.dll 2007-11-14 20:40:06 71232 --a------ C:\WINDOWS\system32\nlxricba.exe <Not Verified; ; DDC> 2007-11-13 20:42:09 145984 --a------ C:\WINDOWS\system32\oondmyno.dll 2007-11-13 20:39:09 71232 --a------ C:\WINDOWS\system32\eriwvpsl.exe <Not Verified; ; DDC> 2007-11-13 18:47:00 0 d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2 2007-11-13 18:45:07 0 d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-13 18:11:03 0 d-------- C:\visioowriter 2007-11-12 20:40:58 71232 --a------ C:\WINDOWS\system32\rbexxemg.exe <Not Verified; ; DDC> 2007-11-12 20:37:59 145984 --a------ C:\WINDOWS\system32\aniffnes.dll 2007-11-12 16:42:01 0 d-------- C:\Program Files\Ventrilo 2007-11-12 16:32:40 0 d--h----- C:\WINDOWS\PIF 2007-11-12 16:32:40 0 d-------- C:\Program Files\VentSrv 2007-11-11 20:38:58 145984 --a------ C:\WINDOWS\system32\ssvgakum.dll 2007-11-11 20:38:58 71232 --a------ C:\WINDOWS\system32\ngihouvl.exe <Not Verified; ; DDC> 2007-11-10 22:38:27 0 d-------- C:\Half-Life Editing 2007-11-10 22:37:31 0 d-------- C:\hl-edit 2007-11-10 20:41:57 145984 --a------ C:\WINDOWS\system32\nibwkpxv.dll 2007-11-10 20:38:57 71232 --a------ C:\WINDOWS\system32\uqalhqcn.exe <Not Verified; ; DDC> 2007-11-09 21:02:00 0 d-------- C:\Documents and Settings\Ernest\Application Data\GSC 2007-11-09 20:39:50 71232 --a------ C:\WINDOWS\system32\jwpjmtes.exe <Not Verified; ; DDC> 2007-11-09 20:36:50 145984 --a------ C:\WINDOWS\system32\sfnpsnuo.dll 2007-11-08 20:39:51 71232 --a------ C:\WINDOWS\system32\cnpgnvxi.exe <Not Verified; ; DDC> 2007-11-08 20:36:51 145984 --a------ C:\WINDOWS\system32\icjaaxsw.dll 2007-11-08 17:28:13 71232 --a------ C:\WINDOWS\system32\frvmvcgq.exe <Not Verified; ; DDC> 2007-11-08 17:27:51 145984 --a------ C:\WINDOWS\system32\aonfvnqq.dll 2007-11-08 10:32:42 0 d-------- C:\csdecals 2007-11-07 19:41:21 0 d-------- C:\USAF Mini Pro 2007-11-07 17:20:39 145984 --a------ C:\WINDOWS\system32\oinqtsqm.dll 2007-11-07 17:20:39 71232 --a------ C:\WINDOWS\system32\drskqjls.exe <Not Verified; ; DDC> 2007-11-06 19:45:40 0 d-------- C:\NVIDIA 2007-11-06 17:24:24 145984 --a------ C:\WINDOWS\system32\kbijcpvd.dll 2007-11-06 17:21:24 71232 --a------ C:\WINDOWS\system32\kaskfral.exe <Not Verified; ; DDC> 2007-11-04 12:03:37 0 d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM 2007-11-02 18:35:43 0 d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi 2007-11-02 18:35:26 0 d-------- C:\Program Files\Hamachi 2007-11-01 13:57:38 0 d-------- C:\WINDOWS\pss 2007-10-30 14:54:07 0 d-------- C:\WINDOWS\LastGood 2007-10-30 14:44:57 0 d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab 2007-10-30 14:44:48 0 d-------- C:\WINDOWS\Sun 2007-10-30 14:44:48 0 d-------- C:\Documents and Settings\Ernest\Application Data\Sun 2007-10-30 13:56:48 84544 --a------ C:\WINDOWS\system32\dymxsqmn.dll 2007-10-30 10:46:45 0 d-------- C:\Program Files\Common Files\SCR331 PCSC Driver 2007-10-30 10:46:43 0 d-------- C:\Program Files\Common Files\SCR201 PCSC Driver 2007-10-30 10:46:34 0 d-------- C:\Program Files\Common Files\ActivCard 2007-10-30 10:46:27 0 d-------- C:\Program Files\Precise Biometrics 2007-10-30 10:42:39 0 d-------- C:\WINDOWS\LastGood.Tmp 2007-10-29 1805 0 d-------- C:\Program Files\ActivCard 2007-10-29 17:35:50 0 d-------- C:\WINDOWS\system32\appmgmt 2007-10-29 17:23:40 0 d-------- C:\Program Files\ActivIdentity 2007-10-28 14:11:22 0 d-------- C:\Program Files\HLSW 2007-10-27 10:32:25 0 d-------- C:\Program Files\Common Files\DirectX 2007-10-26 20:51:28 0 d-------- C:\Program Files\Valve 2007-10-26 18:13:26 0 d-------- C:\Documents and Settings\Ernest\Application Data\DivX -- Find3M Report --------------------------------------------------------------- 2007-11-26 16:30:57 104251 ---hs---- C:\WINDOWS\system32\rqstv.ini2 2007-11-26 16:23:05 102745 ---hs---- C:\WINDOWS\system32\rqstv.bak1 2007-11-26 16:08:44 0 d-------- C:\Program Files\Azureus 2007-11-26 16:08:38 0 d-------- C:\Documents and Settings\Ernest\Application Data\Azureus 2007-11-25 22:44:13 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-25 18:30:37 0 d-------- C:\Documents and Settings\Ernest\Application Data\Skype 2007-11-25 16:22:55 103459 ---hs---- C:\WINDOWS\system32\rqstv.bak2 2007-11-24 12:13:11 0 d-------- C:\Documents and Settings\Ernest\Application Data\Adobe 2007-11-24 00:12:10 0 d-------- C:\Program Files\Common Files\Adobe 2007-11-24 00:10:00 0 d-------- C:\Program Files\Common Files 2007-11-13 18:44:47 0 d-------- C:\Program Files\Java 2007-11-12 16:46:49 0 d-------- C:\Documents and Settings\Ernest\Application Data\Ventrilo 2007-10-31 12:53:21 1542 --a------ C:\WINDOWS\mozver.dat 2007-10-30 15:02:21 0 d-------- C:\Program Files\Xfire 2007-10-30 11:17:13 0 d-------- C:\Documents and Settings\Ernest\Application Data\Xfire 2007-10-25 19:42:50 0 d-------- C:\Program Files\Skype 2007-10-25 19:42:45 0 d-------- C:\Program Files\Common Files\Skype 2007-10-24 14:59:02 0 d-------- C:\Program Files\wlm 2007-10-24 13:38:22 0 d-------- C:\Program Files\Common Files\BestsellerAntivirus 2007-10-23 18:45:05 0 d-------- C:\Program Files\Messenger 2007-10-23 18:35:05 0 d-------- C:\Program Files\PowerISO 2007-10-23 18:31:24 0 d-------- C:\Program Files\Ahead 2007-10-23 18:31:16 0 d-------- C:\Program Files\Common Files\Ahead 2007-10-23 17:20:27 0 d-------- C:\Program Files\Common Files\L&H 2007-10-23 17:20:15 0 d-------- C:\Program Files\Microsoft.NET 2007-10-23 17:20:01 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-10-23 17:19:25 0 d-------- C:\Program Files\Microsoft Works 2007-10-23 17:15:52 318048 --a------ C:\WINDOWS\system32\vtsqr.dll 2007-10-23 17:11:44 0 --------- C:\WINDOWS\system32\opnkifg.dll 2007-10-23 17:04:21 0 d-------- C:\Program Files\Common Files\Java 2007-10-23 17:01:18 0 d-------- C:\Documents and Settings\Ernest\Application Data\Macromedia 2007-10-23 16:56:16 0 d-------- C:\Documents and Settings\Ernest\Application Data\Apple Computer 2007-10-23 16:47:43 0 d-------- C:\Program Files\MSN Messenger 2007-10-23 16:33:42 0 d-------- C:\Program Files\XP Codec Pack 2007-10-23 16:33:26 0 d-------- C:\Program Files\QuickTime 2007-10-23 16:32:45 0 d-------- C:\Program Files\Xilisoft 2007-10-23 16:32:40 0 d-------- C:\Program Files\Apple Software Update 2007-10-23 16:29:59 0 --a------ C:\WINDOWS\nsreg.dat 2007-10-23 16:29:57 0 d-------- C:\Documents and Settings\Ernest\Application Data\Mozilla 2007-10-23 16:29:17 0 d-------- C:\Program Files\DivX 2007-10-23 15:57:08 0 d-------- C:\Program Files\ASUS 2007-10-23 15:21:38 0 d-------- C:\Program Files\Alwil Software 2007-10-23 15:02:57 0 d-------- C:\Program Files\Alcohol Soft 2007-10-23 14:55:22 70273 --a------ C:\WINDOWS\hpoins05.dat 2007-10-23 14:54:52 0 d-------- C:\Program Files\HP 2007-10-23 14:54:52 0 d-------- C:\Program Files\Common Files\HP 2007-10-23 14:54:28 0 d-------- C:\Program Files\Hewlett-Packard 2007-10-23 14:53:51 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-10-23 00:28:45 0 d-------- C:\Program Files\Common Files\ODBC 2007-10-23 00:28:43 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-10-23 00:28:21 62 --ahs---- C:\Documents and Settings\Ernest\Application Data\desktop.ini 2007-10-22 23:07:47 0 d-------- C:\Program Files\Common Files\InstallShield 2007-10-22 22:57:55 0 d-------- C:\Program Files\Analog Devices 2007-10-22 22:55:29 22 --a------ C:\WINDOWS\FileName 2007-10-22 22:55:22 0 d-------- C:\Program Files\NVIDIA Corporation 2007-10-22 22:51:15 0 d-------- C:\Program Files\ASUSTeK 2007-10-22 22:41:04 0 d-------- C:\Documents and Settings\Ernest\Application Data\Identities 2007-10-22 22:37:25 0 d-------- C:\Program Files\microsoft frontpage 2007-10-22 22:37:12 0 -rahs---- C:\MSDOS.SYS 2007-10-22 22:37:12 0 -rahs---- C:\IO.SYS 2007-10-22 22:37:12 0 --a------ C:\CONFIG.SYS 2007-10-22 22:37:12 0 --a------ C:\AUTOEXEC.BAT 2007-10-22 22:36:12 0 d--h----- C:\Program Files\WindowsUpdate 2007-10-22 22:35:28 0 d-------- C:\Program Files\Common Files\MSSoap 2007-10-22 22:35:21 0 d-------- C:\Program Files\Movie Maker 2007-10-22 22:34:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-10-22 22:34:23 0 d-------- C:\Program Files\Online Services 2007-10-22 22:34:14 0 d-------- C:\Program Files\MSN Gaming Zone 2007-10-22 22:34:06 0 d-------- C:\Program Files\Windows NT 2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll 2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}] C:\WINDOWS\system32\gesudpkr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] C:\WINDOWS\system32\lstfasmy.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4D846C2-DB94-457E-A15C-91D675BB7EF9}] 23.10.2007 17:15 318048 --a------ C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAAD2038-C371-473D-86F1-5B11D39C3775}] C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\lstfasmy.dll [ ] [-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04.10.2007 17:14] "nwiz"="nwiz.exe" [04.10.2007 17:14 C:\WINDOWS\system32\nwiz.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.07.2006 22:04] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13.07.2006 07:12] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [13.09.2004 14:49] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06.09.2007 11:06] "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [24.02.2004 12:17] "Norton"="C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe" [24.02.2004 21:53] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01.09.2006 14:57] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20.01.2007 08:09] "BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 13:00 C:\WINDOWS\system32\bthprops.cpl] "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [06.01.2005 19:01] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04.10.2007 17:14] "f04dfea0"="C:\WINDOWS\system32\evpokhxx.dll" [26.11.2007 16:28] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 13:00] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [17.08.2007 02:45] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 17:24] "Felix"="C:\Program Files\ScreenMates\felix.exe" [25.11.2007 12:13] "KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [25.11.2007 12:17] C:\Documents and Settings\Ernest\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 19:16:50] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 3:44:06] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4.11.2004 18:28:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy] lstfasmy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}] AutoRun\command- H:\Urrong.exe -- End of Deckard's System Scanner: finished at 2007-11-26 16:31:18 ------------ Now extra: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Percentage of Memory in Use: 56% Physical Memory (total/avail): 1023.29 MiB / 442.74 MiB Pagefile Memory (total/avail): 2461.39 MiB / 1908.38 MiB Virtual Memory (total/avail): 2047.88 MiB / 1924.44 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 29.29 GiB total, 4.27 GiB free. D: is Fixed (FAT32) - 152.25 GiB total, 102.78 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) G: is CDROM (No Media) O: is Fixed (NTFS) - 279.46 GiB total, 35.55 GiB free. \\.\PHYSICALDRIVE0 - ST3250820AS - 232.88 GiB - 4 partitions \PARTITION0 (bootable) - Installable File System - 29.29 GiB - C: \PARTITION1 - Extended Partition - 203.59 GiB - D: \\.\PHYSICALDRIVE1 - ST330062 0A USB Device - 279.46 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 279.46 GiB - O: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. AntivirusOverride is set. FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled AV: avast! antivirus 4.7.1043 [VPS 071125-0] v4.7.1043 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe::Enabled:Apache HTTP Server" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe::Enabled:Azureus" "D:\\Windows\\games\\Half-Life\\hl.exe"="D:\\Windows\\games\\Half-Life\\hl.exe::Enabled:Half-Life Launcher" "C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe::Enabled:Xfire" "D:\\Windows\\games\\cod 2\\CoD2MP_s.exe"="D:\\Windows\\games\\cod 2\\CoD2MP_s.exe::Enabled:CoD2MP_s" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "D:\\Windows\\games\\cs\\hl.exe"="D:\\Windows\\games\\cs\\hl.exe::Enabled:Half-Life Launcher" "C:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe::Enabled:Half-Life Launcher" "C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe::Enabled:HLSW" "D:\\Windows\\games\\nfsu2\\speed2.exe"="D:\\Windows\\games\\nfsu2\\speed2.exe::Enabled:speed2" "C:\\Program Files\\Valve\\Counter-Strike 1.6\\hlds.exe"="C:\\Program Files\\Valve\\Counter-Strike 1.6\\hlds.exe::Enabled:HLDS Launcher" "F:\\Games\\Games\\PC_Call of Duty 1 -(.rip.)-(ToeD)\\Call of Duty\\The Call of Duty\\CoDMP.exe"="F:\\Games\\Games\\PC_Call of Duty 1 -(.rip.)-(ToeD)\\Call of Duty\\The Call of Duty\\CoDMP.exe::Enabled:CoDMP" "C:\\WINDOWS\\system32\\kaskfral.exe"="C:\\WINDOWS\\system32\\kas" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe::Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Ernest\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=URRONG-B06A951C ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\ LOGONSERVER=\\URRONG-B06A951C NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ActivCard\ActivCard Gold\resources;C:\Program Files\Common Files\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Ernest\LOCALS~1\Temp TMP=C:\DOCUME~1\Ernest\LOCALS~1\Temp USERDOMAIN=URRONG-B06A951C USERNAME=Ernest USERPROFILE=C:\Documents and Settings\Ernest windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Ernest (admin)* Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ActivCard Gold --> MsiExec.exe /I{4C35ABDE-E901-4142-A973-94C4A16EDA6A} ActivIdentity Device Installer --> MsiExec.exe /I{BB28BFD5-65B9-43F2-BD33-541123C35F82} Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C} ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033 ASUS WLAN Card Utilities/Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9 AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033 Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9 Counter-Strike 1.6 --> C:\Program Files\Valve\Counter-Strike 1.6\Uninstal.exe Desert Storm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C1212D0-9B68-474A-A376-EF01DCD204F1}\setup.exe" -l0x9 DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Half-Life Compile Tool Package --> C:\Half-Life Editing\uninstall_HL-Compiled.exe Half-Life editing 0.9b --> c:\hl-edit\uninst.exe Hamachi 1.0.1.1 --> C:\Program Files\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe HijackThis 2.0.2 --> "C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HijackThis.exe" /uninstall HLSW v1.1.0 --> "C:\Program Files\HLSW\unins000.exe" HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone Express --> MsiExec.exe /X{8F7A4D82-B168-4F89-99C2-B9873EC877AF} HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1} Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly Mozilla Firefox (2.0.0.9) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe Need for Speed Underground 2 --> D:\Windows\games\nfsu2\EAUninstall.exe Need for Speed™ Carbon --> D:\Windows\games\nfsc\EAUninstall.exe Need for Speed™ Most Wanted --> D:\Windows\games\nfsmw\EAUninstall.exe Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32} PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9 PowerISO --> "C:\Program Files\PowerISO\uninstall.exe" QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Ventrilo --> C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG VisiooWriter 0.6.1 --> C:\visioowriter\uninst.exe Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe" XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type1133 / Error Event Submitted/Written: 11/25/2007 07:28:35 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application Catz.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type1129 / Error Event Submitted/Written: 11/25/2007 04:16:55 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application hijackthis.exe, version 2.0.0.2, faulting module vtsqr.dll, version 0.0.0.0, fault address 0x0005f5c3. Processing media-specific event for [hijackthis.exe!ws!] Event Record #/Type1128 / Error Event Submitted/Written: 11/25/2007 04:16:50 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application hijackthis.exe, version 2.0.0.2, faulting module vtsqr.dll, version 0.0.0.0, fault address 0x0005f5c3. Processing media-specific event for [hijackthis.exe!ws!] Event Record #/Type1124 / Error Event Submitted/Written: 11/25/2007 04:11:26 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application hammer.exe, version 0.2.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type1121 / Error Event Submitted/Written: 11/25/2007 03:59:54 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type4325 / Warning Event Submitted/Written: 11/26/2007 06:02:01 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type4289 / Error Event Submitted/Written: 11/25/2007 04:22:48 PM Event ID/Source: 30013 / ipnathlp Event Description: The DHCP allocator has disabled itself on IP address 192.168.1.2, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope. Event Record #/Type4261 / Error Event Submitted/Written: 11/25/2007 04:22:16 PM Event ID/Source: 7000 / Service Control Manager Event Description: The Ventrilo service failed to start due to the following error: %%2 Event Record #/Type4260 / Error Event Submitted/Written: 11/25/2007 04:22:16 PM Event ID/Source: 7000 / Service Control Manager Event Description: The Smart Card Reader service failed to start due to the following error: %%20 Event Record #/Type4259 / Error Event Submitted/Written: 11/25/2007 04:22:16 PM Event ID/Source: 7000 / Service Control Manager Event Description: The PC/SC ActivCard ActivReader service failed to start due to the following error: %%20 -- End of Deckard's System Scanner: finished at 2007-11-26 16:31:18 ------------ If you need anything else just say. Thanks in advance. Urrong

11-28-2007, 04:40 PM	#2 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware bump...

11-29-2007, 12:20 PM	#3 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Re: virus that tries to infect me with other malware Hello, and Welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe * IMPORTANT !!! Place combofix.exe on your Desktop Disconnect from the internet....pull the plug! Go to -> Run -> paste in the following single line command & click OK "%userprofile%\desktop\combofix.exe" /killall Follow the prompts. Type "1" and press Enter to begin the scan. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Re-establish an internet connection. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-29-2007, 12:57 PM	#4 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware Hi, Thanks for your reply. Here are the logs: Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:52:15, on 30.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ActivCard\acautoreg.exe C:\Program Files\Common Files\ActivCard\accoca.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: lstfasmy - lstfasmy.dll (file missing) O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing) -- End of file - 9033 bytes ComboFix: ComboFix 07-11-30.3 - Ernest 2007-11-29 20:44:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT 1:00] Running from: C:\Documents and Settings\Ernest\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\Ernest\Favorites\Online Security Guide.lnk C:\Program Files\Common Files\BestsellerAntivirus C:\Program Files\Common Files\BestsellerAntivirus\bm.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\ajgvqeyn.exe C:\WINDOWS\system32\buxmbxsl.exe C:\WINDOWS\system32\cdfnjlll.exe C:\WINDOWS\system32\ciorspxi.exe C:\WINDOWS\system32\cnpgnvxi.exe C:\WINDOWS\system32\dfvbpmhr.exe C:\WINDOWS\system32\drivers\fmtr.sys C:\WINDOWS\system32\drskqjls.exe C:\WINDOWS\system32\drsugmvo.exe C:\WINDOWS\system32\dxfcvtbl.ini C:\WINDOWS\system32\dymxsqmn.dll C:\WINDOWS\system32\eixcsegt.ini C:\WINDOWS\system32\eriwvpsl.exe C:\WINDOWS\system32\evpokhxx.dll C:\WINDOWS\system32\faraddtc.exe C:\WINDOWS\system32\fnjikbhj.exe C:\WINDOWS\system32\frvmvcgq.exe C:\WINDOWS\system32\giqhmuuw.dll C:\WINDOWS\system32\gqvdsjbo.dll C:\WINDOWS\system32\jwpjmtes.exe C:\WINDOWS\system32\kaskfral.exe C:\WINDOWS\system32\lajiblrt.exe C:\WINDOWS\system32\lbtvcfxd.dll C:\WINDOWS\system32\lcubotlt.ini C:\WINDOWS\system32\lihbpwjk.exe C:\WINDOWS\system32\lstfasmy.dllbox C:\WINDOWS\system32\mfwhgsul.exe C:\WINDOWS\system32\ngihouvl.exe C:\WINDOWS\system32\nlxricba.exe C:\WINDOWS\system32\nmqsxmyd.ini C:\WINDOWS\system32\objsdvqg.ini C:\WINDOWS\system32\qofpaoch.exe C:\WINDOWS\system32\rbexxemg.exe C:\WINDOWS\system32\rqstv.bak1 C:\WINDOWS\system32\rqstv.bak2 C:\WINDOWS\system32\rqstv.ini C:\WINDOWS\system32\rqstv.ini2 C:\WINDOWS\system32\rqstv.tmp C:\WINDOWS\system32\skatqjhv.exe C:\WINDOWS\system32\sywkqhiq.exe C:\WINDOWS\system32\tgescxie.dll C:\WINDOWS\system32\tltobucl.dll C:\WINDOWS\system32\ughmbuhv.exe C:\WINDOWS\system32\uqalhqcn.exe C:\WINDOWS\system32\usgbwjmv.exe C:\WINDOWS\system32\utpesswp.exe C:\WINDOWS\system32\vtsqr.dll C:\WINDOWS\system32\wuumhqig.ini C:\WINDOWS\system32\xxhkopve.ini C:\WINDOWS\system32\yytrfqpx.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-29 16:28 . 2007-11-29 16:28 145,984 --a------ C:\WINDOWS\system32\booymxeg.dll 2007-11-28 16:25 . 2007-11-28 16:25 145,984 --a------ C:\WINDOWS\system32\ytexsifn.dll 2007-11-27 15:41 . 2007-11-27 15:41 <DIR> d-------- C:\Program Files\uTorrent 2007-11-27 15:41 . 2007-11-29 20:42 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\uTorrent 2007-11-27 15:16 . 2007-11-27 15:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-27 15:16 . 2007-11-27 15:16 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-27 15:15 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\iTunes 2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\iPod 2007-11-27 15:14 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\QuickTime 2007-11-27 15:13 . 2007-11-27 15:13 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Program Files\Common Files\Apple 2007-11-27 15:12 . 2007-11-27 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-11-26 16:28 . 2007-11-26 16:28 <DIR> d-------- C:\Deckard 2007-11-26 16:25 . 2007-11-26 16:25 145,984 --a------ C:\WINDOWS\system32\issdroln.dll 2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-26 16:14 . 2007-11-26 16:14 <DIR> d-------- C:\ie-spyad_zo 2007-11-25 16:22 . 2007-11-25 16:22 145,984 --a------ C:\WINDOWS\system32\rskcrkjt.dll 2007-11-25 16:18 . 2007-11-25 16:18 145,984 --a------ C:\WINDOWS\system32\dduiuyau.dll 2007-11-25 16:06 . 2007-11-25 16:06 145,984 --a------ C:\WINDOWS\system32\cfpgnnoq.dll 2007-11-25 16:03 . 2007-11-25 16:03 145,984 --a------ C:\WINDOWS\system32\iwjvjeib.dll 2007-11-25 12:22 . 2007-11-25 12:22 38 --a------ C:\WINDOWS\DeskToppers.ini 2007-11-25 12:15 . 2007-11-25 12:22 <DIR> d-------- C:\Program Files\ScreenMates 2007-11-24 11:50 . 2007-11-25 10:55 888,650 --ahs---- C:\WINDOWS\system32\vjcrrtdk.ini 2007-11-24 11:45 . 2007-11-24 11:45 145,984 --a------ C:\WINDOWS\system32\hnbdslmb.dll 2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-11-24 00:10 . 2007-11-24 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2007-11-23 17:51 . 2007-11-24 11:45 956,339 --ahs---- C:\WINDOWS\system32\coiyiwox.ini 2007-11-23 17:48 . 2007-11-23 17:48 145,984 --a------ C:\WINDOWS\system32\oaoquwca.dll 2007-11-23 03:00 . 2007-11-23 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-22 17:50 . 2007-11-23 17:50 996,395 --ahs---- C:\WINDOWS\system32\prnykmsp.ini 2007-11-22 17:49 . 2007-11-22 17:49 145,984 --a------ C:\WINDOWS\system32\gdpckulr.dll 2007-11-21 17:52 . 2007-11-21 17:52 851,700 --ahs---- C:\WINDOWS\system32\djlrjyri.ini 2007-11-21 17:49 . 2007-11-21 17:49 145,984 --a------ C:\WINDOWS\system32\kcwmlkrv.dll 2007-11-20 17:47 . 2007-11-21 17:47 905,362 --ahs---- C:\WINDOWS\system32\lylmmbgu.ini 2007-11-20 17:47 . 2007-11-20 17:47 145,984 --a------ C:\WINDOWS\system32\iuytwduf.dll 2007-11-20 00:13 . 2007-11-20 00:13 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-19 17:51 . 2007-11-20 13:53 689,780 --ahs---- C:\WINDOWS\system32\aidaewvv.ini 2007-11-19 17:48 . 2007-11-19 17:48 145,984 --a------ C:\WINDOWS\system32\dktlfsqs.dll 2007-11-18 17:53 . 2007-11-19 15:27 678,220 --ahs---- C:\WINDOWS\system32\fmctsjeu.ini 2007-11-18 17:50 . 2007-11-18 17:50 145,984 --a------ C:\WINDOWS\system32\asivgnmu.dll 2007-11-18 12:27 . 2007-11-18 12:27 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield 2007-11-18 12:26 . 2007-11-18 12:27 <DIR> d-------- C:\Program Files\Avanquest update 2007-11-18 12:24 . 2007-11-18 12:25 <DIR> d-------- C:\Program Files\Motorola Phone Tools 2007-11-18 12:24 . 2007-11-18 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2007-11-18 12:24 . 2007-11-18 12:24 24,192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys 2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys 2007-11-18 12:24 . 2007-11-18 12:24 22,768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys 2007-11-17 17:55 . 2007-11-18 17:53 678,100 --ahs---- C:\WINDOWS\system32\dncwjpub.ini 2007-11-17 17:52 . 2007-11-17 17:52 145,984 --a------ C:\WINDOWS\system32\vspyafby.dll 2007-11-17 16:52 . 2007-11-17 16:52 677,980 --ahs---- C:\WINDOWS\system32\fdvevgxt.ini 2007-11-16 10:14 . 2007-11-17 16:46 294 --ahs---- C:\WINDOWS\system32\wiskejbp.ini 2007-11-16 10:11 . 2007-11-16 10:11 145,984 --a------ C:\WINDOWS\system32\ingymkuo.dll 2007-11-15 10:16 . 2007-11-16 08:23 598,510 --ahs---- C:\WINDOWS\system32\rnrelimf.ini 2007-11-15 10:13 . 2007-11-15 10:13 145,984 --a------ C:\WINDOWS\system32\hiwwxlpx.dll 2007-11-14 23:43 . 2007-11-14 23:43 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2007-11-14 23:43 . 2007-11-14 23:43 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts 2007-11-14 20:49 . 2007-11-15 09:10 595,002 --ahs---- C:\WINDOWS\system32\wekfflas.ini 2007-11-14 20:43 . 2007-11-14 20:43 145,984 --a------ C:\WINDOWS\system32\hftisxgu.dll 2007-11-13 20:45 . 2007-11-14 20:45 594,822 --ahs---- C:\WINDOWS\system32\iihalmyk.ini 2007-11-13 20:42 . 2007-11-13 20:42 145,984 --a------ C:\WINDOWS\system32\oondmyno.dll 2007-11-13 18:47 . 2007-11-19 21:30 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2 2007-11-13 18:45 . 2007-11-13 18:45 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3 2007-11-13 18:11 . 2007-11-13 18:12 <DIR> d-------- C:\visioowriter 2007-11-12 20:43 . 2007-11-13 20:44 630,955 --ahs---- C:\WINDOWS\system32\pbubbjbc.ini 2007-11-12 20:37 . 2007-11-12 20:37 145,984 --a------ C:\WINDOWS\system32\aniffnes.dll 2007-11-12 16:42 . 2007-11-13 08:14 <DIR> d-------- C:\Program Files\Ventrilo 2007-11-12 16:32 . 2007-11-12 16:32 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-12 16:32 . 2007-11-12 16:46 <DIR> d-------- C:\Program Files\VentSrv 2007-11-11 20:41 . 2007-11-12 20:42 551,964 --ahs---- C:\WINDOWS\system32\itndobim.ini 2007-11-11 20:38 . 2007-11-11 20:38 145,984 --a------ C:\WINDOWS\system32\ssvgakum.dll 2007-11-10 22:38 . 2007-11-10 22:39 <DIR> d-------- C:\Half-Life Editing 2007-11-10 22:37 . 2007-11-10 22:37 <DIR> d-------- C:\hl-edit 2007-11-10 20:47 . 2007-11-10 20:48 545,634 --ahs---- C:\WINDOWS\system32\wecfrgvg.ini 2007-11-10 20:41 . 2007-11-10 20:41 145,984 --a------ C:\WINDOWS\system32\nibwkpxv.dll 2007-11-09 21:02 . 2007-11-09 21:07 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\GSC 2007-11-09 20:42 . 2007-11-10 20:43 545,574 --ahs---- C:\WINDOWS\system32\vhbyakhd.ini 2007-11-09 20:36 . 2007-11-09 20:36 145,984 --a------ C:\WINDOWS\system32\sfnpsnuo.dll 2007-11-08 20:42 . 2007-11-09 15:58 578,989 --ahs---- C:\WINDOWS\system32\sqydaakg.ini 2007-11-08 20:36 . 2007-11-08 20:36 145,984 --a------ C:\WINDOWS\system32\icjaaxsw.dll 2007-11-08 17:27 . 2007-11-08 17:27 145,984 --a------ C:\WINDOWS\system32\aonfvnqq.dll 2007-11-08 10:32 . 2007-11-25 17:26 <DIR> d-------- C:\csdecals 2007-11-07 19:41 . 2007-11-07 19:41 <DIR> d-------- C:\USAF Mini Pro 2007-11-07 17:26 . 2007-11-08 17:31 565,190 --ahs---- C:\WINDOWS\system32\vggdibqb.ini 2007-11-07 17:20 . 2007-11-07 17:20 145,984 --a------ C:\WINDOWS\system32\oinqtsqm.dll 2007-11-06 19:45 . 2007-11-06 19:45 <DIR> d-------- C:\NVIDIA 2007-11-06 17:24 . 2007-11-06 17:24 145,984 --a------ C:\WINDOWS\system32\kbijcpvd.dll 2007-11-05 17:26 . 2007-11-06 17:26 570,229 --ahs---- C:\WINDOWS\system32\cwbfltqe.ini 2007-11-04 17:23 . 2007-11-05 17:23 576,904 --ahs---- C:\WINDOWS\system32\ooktgwvg.ini 2007-11-04 12:03 . 2007-11-04 12:03 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM 2007-11-03 17:28 . 2007-11-04 10:53 577,085 --ahs---- C:\WINDOWS\system32\raodqnxe.ini 2007-11-02 18:35 . 2007-11-02 18:35 <DIR> d-------- C:\Program Files\Hamachi 2007-11-02 18:35 . 2007-11-05 23:31 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi 2007-11-02 18:35 . 2007-11-02 18:35 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-11-02 17:25 . 2007-11-03 17:25 576,905 --ahs---- C:\WINDOWS\system32\xjqfpule.ini 2007-10-31 13:57 . 2007-11-01 12:50 577,737 --ahs---- C:\WINDOWS\system32\dcnvdess.ini 2007-10-30 14:54 . 2007-11-25 14:29 <DIR> d-------- C:\WINDOWS\LastGood 2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\WINDOWS\Sun 2007-10-30 14:44 . 2007-10-30 14:44 <DIR> d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab 2007-10-30 10:48 . 2007-10-30 10:48 65,536 --a------ C:\WINDOWS\system32\akpg.dll 2007-10-30 10:48 . 2007-10-30 10:48 40,960 --a------ C:\WINDOWS\system32\akins.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 21:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-30 09:48 9,493 ----a-w C:\WINDOWS\system32\drivers\akpcsc.sys 2007-10-23 21:01 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-22 22:07 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-22 21:57 --------- d-----w C:\Program Files\Analog Devices 2007-10-22 21:55 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-10-22 21:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-10-22 21:51 --------- d-----w C:\Program Files\ASUSTeK 2007-10-22 21:37 --------- d-----w C:\Program Files\microsoft frontpage . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-17 02:45] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "Felix"="C:\Program Files\ScreenMates\felix.exe" [2007-11-25 12:13] "KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [2007-11-25 12:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 22:04] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2004-02-24 12:17] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-01-20 08:09] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 C:\WINDOWS\system32\bthprops.cpl] "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2005-01-06 19:01] "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy] lstfasmy.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe R2 PBParallel;PBParallel;C:\WINDOWS\system32\drivers\PBParallel.sys R2 PBSmartcard;PBSmartcard;C:\WINDOWS\system32\drivers\PBSmartcard.sys R3 Actrpcsc;Actrpcsc;C:\WINDOWS\system32\DRIVERS\actrpcsc.sys R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\system32\ASNDIS5.SYS R3 W8100PCI;ASUS 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys S2 ACR;PC/SC ActivCard ActivReader;C:\WINDOWS\system32\DRIVERS\acr.sys S2 ACTR;Smart Card Reader;C:\WINDOWS\system32\drivers\ACTR.sys S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys S3 AKSIM;ActivKey Sim;C:\WINDOWS\system32\drivers\aksim.sys S3 SCR24x PCMCIA Smart Card Reader;SCR24x PCMCIA Smart Card Reader;C:\WINDOWS\system32\DRIVERS\SCR24X.sys S3 SCRx31 USB Reader;SCRx31 USB Reader;C:\WINDOWS\system32\DRIVERS\stc2.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}] \Shell\AutoRun\command - H:\Urrong.exe . Contents of the 'Scheduled Tasks' folder "2007-11-10 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-29 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 20:49:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-11-30 20:50:47 - machine was rebooted . --- E O F ---

11-29-2007, 01:49 PM	#5 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Re: virus that tries to infect me with other malware Please go to: VirusTotal On the page you'll find a "Browse" button. Next to the browse button you'll see a box to enter text. Please copy/paste the following in BOLD: C:\WINDOWS\system32\ytexsifn.dll Then click the "Send File " button just below. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply. Please repeat for the following files: C:\WINDOWS\system32\lylmmbgu.ini C:\WINDOWS\system32\oondmyno.dll __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-29-2007, 02:23 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Re: virus that tries to infect me with other malware Additionally, do you know what this is? H:\Urrong.exe Seems to match your logon name here. Is it something of your own making? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-29-2007, 03:38 PM	#7 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware Here is result from ytexsifn.dll: Datoteka ytexsifn.dll prejeto 2007.11.29 23:29:40 (CET) Rezultati: 23/32 (71.88%) Antivirus Verzija Zadnja posodobitev Rezultat AhnLab-V3 2007.11.30.0 2007.11.29 Win-Trojan/Vundo.145984 AntiVir 7.6.0.34 2007.11.29 TR/Vundo.CA Authentium 4.93.8 2007.11.29 - Avast 4.7.1074.0 2007.11.29 Win32:SecBar-B AVG 7.5.0.503 2007.11.29 Obfustat.VTX BitDefender 7.2 2007.11.29 Adware.Virtumonde.GHI CAT-QuickHeal 9.00 2007.11.29 AdWare.SecToolBar.k (Not a Virus) ClamAV 0.91.2 2007.11.29 Adware.SecToolbar DrWeb 4.44.0.09170 2007.11.29 Trojan.Fakealert.372 eSafe 7.0.15.0 2007.11.29 - eTrust-Vet 31.3.5335 2007.11.29 Win32/Vundo.HF Ewido 4.0 2007.11.29 - FileAdvisor 1 2007.11.29 - Fortinet 3.14.0.0 2007.11.29 - F-Prot 4.4.2.54 2007.11.29 W32/Backdoor.CARL F-Secure 6.70.13030.0 2007.11.29 - Ikarus T3.1.1.12 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k Kaspersky 7.0.0.125 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k McAfee 5174 2007.11.29 Vundo Microsoft 1.3007 2007.11.29 Trojan:Win32/Virtumonde.gen NOD32v2 2693 2007.11.29 Win32/Adware.SecToolbar Norman 5.80.02 2007.11.29 W32/Virtumonde.IIT Panda 9.0.0.4 2007.11.29 Spyware/Virtumonde Prevx1 V2 2007.11.29 Trojan.Zlob Rising 20.20.22.00 2007.11.29 - Sophos 4.23.0 2007.11.29 Troj/Virtum-Gen Sunbelt 2.2.907.0 2007.11.27 - Symantec 10 2007.11.29 Trojan.Vundo TheHacker 6.2.9.144 2007.11.28 Trojan/BHO.ui VBA32 3.12.2.5 2007.11.28 - VirusBuster 4.3.26:9 2007.11.29 Adware.Vundo.V.Gen Webwasher-Gateway 6.6.2 2007.11.29 Trojan.Vundo.CA And yes, urrong.exe is my application

11-29-2007, 03:40 PM	#8 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware Here are results from oondmyno.dll: Antivirus Verzija Zadnja posodobitev Rezultat AhnLab-V3 2007.11.30.0 2007.11.29 Win-Trojan/Vundo.145984 AntiVir 7.6.0.34 2007.11.29 TR/Vundo.CA Authentium 4.93.8 2007.11.29 - Avast 4.7.1074.0 2007.11.29 Win32:SecBar-B AVG 7.5.0.503 2007.11.29 Obfustat.VTX BitDefender 7.2 2007.11.29 Adware.Virtumonde.GHI CAT-QuickHeal 9.00 2007.11.29 AdWare.SecToolBar.k (Not a Virus) ClamAV 0.91.2 2007.11.29 Adware.SecToolbar DrWeb 4.44.0.09170 2007.11.29 Trojan.Fakealert.372 eSafe 7.0.15.0 2007.11.29 - eTrust-Vet 31.3.5335 2007.11.29 Win32/Vundo.HF Ewido 4.0 2007.11.29 - FileAdvisor 1 2007.11.29 - Fortinet 3.14.0.0 2007.11.29 - F-Prot 4.4.2.54 2007.11.29 W32/Backdoor.CARL F-Secure 6.70.13030.0 2007.11.29 - Ikarus T3.1.1.12 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k Kaspersky 7.0.0.125 2007.11.29 not-a-virus:AdWare.Win32.SecToolBar.k McAfee 5174 2007.11.29 Vundo Microsoft 1.3007 2007.11.29 Trojan:Win32/Virtumonde.gen NOD32v2 2693 2007.11.29 Win32/Adware.SecToolbar Norman 5.80.02 2007.11.29 W32/Virtumonde.IIT Panda 9.0.0.4 2007.11.29 Spyware/Virtumonde Prevx1 V2 2007.11.29 Trojan.Zlob Rising 20.20.22.00 2007.11.29 - Sophos 4.23.0 2007.11.29 Troj/Virtum-Gen Sunbelt 2.2.907.0 2007.11.27 - Symantec 10 2007.11.29 Trojan.Vundo TheHacker 6.2.9.144 2007.11.28 Trojan/BHO.ui VBA32 3.12.2.5 2007.11.28 - VirusBuster 4.3.26:9 2007.11.29 Adware.Vundo.V.Gen Webwasher-Gateway 6.6.2 2007.11.29 Trojan.Vundo.CA

11-29-2007, 03:41 PM	#9 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware Here are results from lylmmbgu.ini: Antivirus Verzija Zadnja posodobitev Rezultat AhnLab-V3 2007.11.30.0 2007.11.29 - AntiVir 7.6.0.34 2007.11.29 - Authentium 4.93.8 2007.11.29 - Avast 4.7.1074.0 2007.11.29 - AVG 7.5.0.503 2007.11.29 - BitDefender 7.2 2007.11.29 - CAT-QuickHeal 9.00 2007.11.29 - ClamAV 0.91.2 2007.11.29 - DrWeb 4.44.0.09170 2007.11.29 - eSafe 7.0.15.0 2007.11.29 - eTrust-Vet 31.3.5335 2007.11.29 - Ewido 4.0 2007.11.29 - FileAdvisor 1 2007.11.29 - Fortinet 3.14.0.0 2007.11.29 - F-Prot 4.4.2.54 2007.11.29 - F-Secure 6.70.13030.0 2007.11.29 - Ikarus T3.1.1.12 2007.11.29 - Kaspersky 7.0.0.125 2007.11.29 - McAfee 5174 2007.11.29 - Microsoft 1.3007 2007.11.29 - NOD32v2 2693 2007.11.29 - Norman 5.80.02 2007.11.29 - Panda 9.0.0.4 2007.11.29 - Prevx1 V2 2007.11.29 - Rising 20.20.22.00 2007.11.29 - Sophos 4.23.0 2007.11.29 - Sunbelt 2.2.907.0 2007.11.27 - Symantec 10 2007.11.29 - TheHacker 6.2.9.144 2007.11.28 - VBA32 3.12.2.5 2007.11.28 - VirusBuster 4.3.26:9 2007.11.29 - Webwasher-Gateway 6.6.2 2007.11.29 -

11-29-2007, 03:46 PM	#11 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware did saw. posted answer on end of first file result. Yes i did make the file and i think it is not infected. But i can check if u want.

11-29-2007, 04:19 PM	#14 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Re: virus that tries to infect me with other malware Sounds like a cool idea. Using Windows Explorer, or Windows search, locate and delete this file: C:\WINDOWS\system32\booymxeg.dll Let me know if it resists. Please run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present, prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- How is your system behaving? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-29-2007, 04:29 PM	#15 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware I have a problem. When i try to see pages in IE windows automaticaly opens mozilla and opens web page in it. So i cant perform an online scan. IE stoped working when i got infected and the virus changed exe to terminate every time it starts. Then i installed it again, this time IE 7 and that is the problem (redirects to mozilla). So what shuld i do to make IE work?

11-29-2007, 05:01 PM	#16 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Re: virus that tries to infect me with other malware For now, I'd suggest installing IE-Tab add on. It's an IE emulator, and should allow you to run the scan from within Firefox once you change it's focus to IE. https://addons.mozilla.org/en-US/firefox/addon/1419 http://ietab.mozdev.org __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

11-29-2007, 05:31 PM	#17 (permalink)
urrong Registered User Join Date: Nov 2007 Posts: 12 OS: win xp sp2, linux mandriva 2007	Re: virus that tries to infect me with other malware I get an error saying that i have to be online for database to download (and i am online all the time). So is there any other way to get the required log (any other online scan or somethnig)? This is my last post today cuz it is 1:30 AM my time. See you tomorow. Take Care.

11-29-2007, 05:34 PM	#18 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Re: virus that tries to infect me with other malware Might have just been some data loss on the 'net. Try again. If still no joy, use this onboard scanner: * Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe Doubleclick the drweb-cureit.exe file. Click on Start, and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, we need to change the default settings. In the Menu Bar, Go to Options>Change Settings. Click on the Actions tab Using the drop down menus, change each item under Objects, Infected Packages and Malware to Report, then click OK Next, tick the Complete Scan radio button. Click the green arrow at the right, and the scan will start. Click 'No to All' if it asks if you want to cure/move the file. After the scan has completed, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Ignore and close any windows which open, prompting you to buy DrWeb. Post the contents of the log from Dr.Web you saved previously in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

12-04-2007, 08:04 AM	#20 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,156 OS: 2000 Pro; XP Pro; XP Home	Re: virus that tries to infect me with other malware Using Windows Explorer or Windows Search, locate and delete these files: C:\Documents and Settings\Ernest\Desktop\Internet Downloads\esheep.zip C:\Documents and Settings\Ernest\Desktop\Internet Downloads\install372(2).exe C:\Documents and Settings\Ernest\Desktop\Internet Downloads\install372.exe C:\Documents and Settings\Ernest\Desktop\[4]-Submit_2007-11-30@23.57.zip C:\WINDOWS\system32\tapaaxbg.dll C:\WINDOWS\system32\uhslrtrp.dll O:\Programs\Replay.Converter.v2.30.WinALL.Incl.Crack-te.rar O:\Programs\BearShareV6.exe Let me know if you cannot find them, or they resist deletion. Other than that....the other finds by kaspersky will be addressed in the following steps. Your logs appear clean.You should be good to go. We still have a few items to address. Go to -> Run -> copy/paste in the following single line command & click OK combofix /u This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs: Microsoft Windows Update - http://www.windowsupdate.com Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items SpywareGuard to catch and block spyware before it can execute. SPYBOT - SEARCH & DESTROY Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here. MVPS HOST FILE The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. ANTIVIRUS SOFTWARE It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out. Do not install more than one AntiVirus program because they will conflict with each other. FIREWALL If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here Do not install more than one firewall program because they will conflict with each other. Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety. http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT. ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry. NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster. In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles HOW DID I GET INFECTED IN THE FIRST PLACE? MAKING INTERNET EXPLORER SAFER If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009