ComboFix 08-10-10.09 - volvoRsport 2008-10-11 20:26:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1640 [GMT 2:00] Running from: C:\Documents and Settings\volvoRsport\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\akl C:\Programfiler\akl\akl.dll C:\Programfiler\akl\akl.exe C:\Programfiler\akl\uninstall.exe C:\Programfiler\akl\unsetup.exe C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\FVProtect.exe C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mssecu.exe C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\system32\anticipator.dll C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\dpcproxy.exe C:\WINDOWS\system32\h@tkeysh@@k.dll C:\WINDOWS\system32\hoproxy.dll C:\WINDOWS\system32\hxiwlgpm.dat C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\regm64.dll C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\smp C:\WINDOWS\system32\smp\msrc.exe C:\WINDOWS\system32\ssvchost.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\temp#01.exe C:\WINDOWS\system32\taack.dat C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\VBIEWER.OCX C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 ))))))))))))))))))))))))))))))) . 2008-10-11 20:26 . 2008-10-11 20:26 d-------- C:\Documents and Settings\volvoRsport\Programdata\Malwarebytes 2008-10-11 20:25 . 2008-10-11 20:26 d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-11 20:25 . 2008-10-11 20:25 d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-11 20:15 . 2008-10-11 20:15 dr-h----- C:\Documents and Settings\volvoRsport\Siste 2008-10-11 13:06 . 2008-10-11 19:59 d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-10-11 13:02 . 2008-10-11 13:05 d-------- C:\Programfiler\Secure PC Solutions 2008-10-11 12:58 . 2008-10-11 12:58 d-------- C:\Programfiler\Trend Micro 2008-10-10 21:43 . 2008-10-10 21:43 156 --a------ C:\Documents and Settings\volvoRsport\delself.bat 2008-10-10 20:40 . 2008-10-10 20:40 d-------- C:\Programfiler\Lavasoft 2008-10-10 20:40 . 2008-10-10 20:40 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-10-10 15:28 . 2008-10-10 15:28 0 --ah----- C:\WINDOWS\.security 2008-10-10 15:28 . 2008-10-10 15:28 0 --ah----- C:\.security 2008-10-10 13:51 . 2008-10-10 21:41 d-------- C:\Programfiler\guhaqdc 2008-10-10 13:51 . 2008-10-11 20:25 d-------- C:\Documents and Settings\All Users\Programdata\gngnaxyb 2008-09-25 22:42 . 2008-09-25 22:42 d-------- C:\WINDOWS\system32\NtmsData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-11 17:58 --------- d-----w C:\Programfiler\Google 2008-09-09 22:04 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-29 11:32 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-25 09:23 --------- d-----w C:\Programfiler\Sun 2008-08-25 09:23 --------- d-----w C:\Programfiler\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-30 4603904] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-09-30 86016] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712] "SoundMan"="SOUNDMAN.EXE" [2004-12-01 C:\WINDOWS\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2004-09-30 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\volvoRsport\Start-meny\Programmer\Oppstart\ .security [2008-10-10 0] Rainlendar.lnk - D:\Programfiler\Rainlendar\Rainlendar.exe [2005-03-01 118784] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ .security [2008-10-10 0] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040] *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKLM-Run-SpyClean - C:\Programfiler\Secure PC Solutions\1 Click Spy Clean\1ClickSpyClean.exe HKLM-Explorer_Run-R7dNr8RKsP - C:\Documents and Settings\All Users\Programdata\gngnaxyb\mpcvkrcj.exe SSODL-SmartMsgEn-{618685D1-4E5A-F8ED-18F2-01B95CF4F502} - C:\Programfiler\guhaqdc\SmartMsgEn.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\volvoRsport\Programdata\Mozilla\Firefox\Profiles\zguipqwt.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.no . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-11 20:28:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-11 20:30:54 ComboFix-quarantined-files.txt 2008-10-11 18:30:49 Pre-Run: 48 485 322 752 byte ledig Post-Run: 48,528,023,552 byte ledig 156 --- E O F --- 2008-02-12 15:46:35