ComboFix 08-11-10.01 - Anne Grethe 2008-11-11 23:04:15.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1237 [GMT 1:00] Running from: c:\users\Anne Grethe\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-11 21:46 . 2008-11-11 21:48 d-------- c:\windows\System32\drivers\Avg 2008-11-11 21:46 . 2008-11-11 21:46 98,440 --a------ c:\windows\System32\drivers\avgldx86.sys 2008-11-11 21:46 . 2008-11-11 21:46 90,632 --a------ c:\windows\System32\drivers\avgtdix.sys 2008-11-11 21:46 . 2008-11-11 21:46 12,936 --a------ c:\windows\System32\drivers\avgrkx86.sys 2008-11-11 21:46 . 2008-11-11 21:46 10,520 --a------ c:\windows\System32\avgrsstx.dll 2008-11-11 21:44 . 2008-11-11 21:44 23,832 --a------ c:\windows\System32\drivers\avgfwd6x.sys 2008-11-11 21:30 . 2008-11-11 21:44 d-------- c:\users\All Users\Avg8 2008-11-11 21:30 . 2008-11-11 21:44 d-------- c:\programdata\Avg8 2008-11-11 20:57 . 2008-05-27 05:59 106,605 --a------ c:\windows\System32\StructuredQuerySchema.bin 2008-11-11 20:57 . 2008-05-27 06:17 87,552 --a------ c:\windows\System32\SearchFilterHost.exe 2008-11-11 20:57 . 2008-05-27 06:17 87,552 --a------ c:\windows\System32\mssitlb.dll 2008-11-11 20:57 . 2008-05-27 06:18 71,680 --a------ c:\windows\System32\propdefs.dll 2008-11-11 20:57 . 2008-05-27 06:17 34,816 --a------ c:\windows\System32\msscb.dll 2008-11-11 20:57 . 2008-05-27 05:59 18,904 --a------ c:\windows\System32\StructuredQuerySchemaTrivial.bin 2008-11-11 20:57 . 2008-05-27 06:17 11,776 --a------ c:\windows\System32\msshooks.dll 2008-11-11 20:47 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-11 20:44 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-11 20:11 . 2008-11-11 20:11 d-------- c:\program files\AVG 2008-11-11 19:50 . 2008-11-11 19:50 d-------- c:\users\Anne Grethe\AppData\Roaming\Malwarebytes 2008-11-11 19:50 . 2008-11-11 19:50 d-------- c:\users\All Users\Malwarebytes 2008-11-11 19:50 . 2008-11-11 19:50 d-------- c:\programdata\Malwarebytes 2008-11-11 19:50 . 2008-11-11 19:54 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-11 19:50 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-11 19:50 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-11 19:14 . 2008-11-11 19:14 0 --a------ c:\windows\System32\drivers\wnmsav.dat 2008-11-11 17:57 . 2008-11-11 19:44 d-------- c:\program files\CCleaner 2008-11-11 17:57 . 2008-11-11 17:57 2,955,128 --a------ c:\program files\ccsetup213.exe 2008-11-11 17:23 . 2008-11-11 17:23 646,408 --a------ c:\program files\SpywareTerminatorSetup.exe 2008-11-11 16:31 . 2008-11-11 16:31 d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-11 16:31 . 2008-11-11 16:31 23,804,784 --a------ c:\program files\aaw2008.exe 2008-11-08 23:39 . 2008-11-08 23:39 dr------- c:\users\Public\Videos 2008-11-08 23:39 . 2008-11-08 23:39 dr------- c:\users\Public\Pictures 2008-11-08 23:39 . 2008-11-08 23:39 dr------- c:\users\Public\Downloads 2008-11-08 23:30 . 2008-11-08 23:30 d-------- C:\PerfLogs 2008-10-31 22:53 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-31 22:53 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-31 22:53 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-31 22:53 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-31 22:53 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-31 17:19 . 2008-10-31 17:19 dr------- c:\users\Public\Documents 2008-10-30 16:43 . 2008-11-08 23:39 dr------- c:\users\Public\Music 2008-10-28 18:46 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-28 18:46 . 2008-01-19 08:36 37,888 --a------ c:\windows\System32\printcom.dll 2008-10-15 15:36 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2008-10-15 15:36 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys 2008-10-15 15:35 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-15 15:35 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-15 15:35 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-10-15 15:35 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 18:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-11 18:31 --------- d-----w c:\program files\Panda Security 2008-11-11 18:29 --------- d-----w c:\program files\Common Files\Panda Software 2008-11-08 22:39 174 --sha-w c:\program files\desktop.ini 2008-11-08 22:31 --------- d-----w c:\program files\Windows Sidebar 2008-11-08 22:31 --------- d-----w c:\program files\Windows Photo Gallery 2008-11-08 22:31 --------- d-----w c:\program files\Windows Mail 2008-11-08 22:31 --------- d-----w c:\program files\Windows Journal 2008-11-08 22:31 --------- d-----w c:\program files\Windows Defender 2008-11-08 22:31 --------- d-----w c:\program files\Windows Collaboration 2008-11-08 22:31 --------- d-----w c:\program files\Windows Calendar 2008-11-08 22:16 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-11-08 22:16 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-10-08 15:19 --------- d-----w c:\users\Anne Grethe\AppData\Roaming\DivX 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll 2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] 2008-05-20 23:43 1526296 --a------ c:\program files\TorrentMan\tbTorr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-14 171448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-11 1235736] "RtHDVCpl"="RtHDVCpl.exe" [2008-02-26 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2008-02-26 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{80492E23-097B-4DAE-BAC8-6613AC60BFE0}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{3F0F4C2B-2780-4F33-B9D4-E647A7585DAC}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{734D913F-F67E-4F69-B935-A8D983B4BC1B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{223BDEEB-5A19-4EE1-8EF7-6E5F1CA67A3A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{38EDDEA0-63A0-4247-A9AE-9CA47AA9D306}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{159BBB17-04B8-4959-972F-253846ADD6BB}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{D1ACB1FD-14FC-402C-A9CB-127AE93C4E31}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "TCP Query User{98E5A328-ED3C-4D32-8DA6-E32EB1229259}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{A359C5C9-CEDB-4E4E-A512-E66DE62B5BE6}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord "{A7F61F32-8470-426E-986E-16CA1F05585F}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe "{AC56F3E3-C58C-4216-AA18-E645F697E6B1}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{08A86BAB-2BE6-4E6E-A522-EE5CCF86A917}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{1787690A-2FBE-4865-903E-8FE70CFBF8C1}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-11 12936] R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2008-11-11 23832] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-11 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-11 90632] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-11 874776] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-11 231704] R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-11 1212184] R3 b57nd60x;%SvcDispName%;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - Notify-avldr - avldr.dll SafeBoot-PskSvcRetail . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com O8 -: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 23:06:23 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-11 23:07:55 ComboFix-quarantined-files.txt 2008-11-11 22:07:50 Pre-Run: 2 389 962 752 byte ledig Post-Run: 2,273,619,968 byte ledig 166 --- E O F --- 2008-11-11 19:59:35