ComboFix 08-05-07.1 - Johannes 2008-05-09 14:17:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1038 [GMT 2:00] Running from: C:\Users\Johannes\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\boggbewf.dll C:\WINDOWS\system32\bogledih.dll C:\WINDOWS\system32\idhcbvaq.ini C:\WINDOWS\system32\igsnukwd.dll C:\WINDOWS\system32\irbaogse.dll C:\WINDOWS\system32\jgauyfon.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\miowmfka.dll C:\WINDOWS\system32\qqcayomj.dll C:\WINDOWS\system32\tcriepju.ini C:\WINDOWS\system32\VDgPrtwa.ini C:\WINDOWS\system32\VDgPrtwa.ini2 C:\WINDOWS\system32\wjpmjvqp.dll . ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 ))))))))))))))))))))))))))))))) . 2019-09-26 00:40 . 2019-09-26 00:40 20,480 --a------ C:\WINDOWS\system32\APITypes.dll 2008-05-09 11:22 . 2008-05-09 11:22 d-------- C:\VundoFix Backups 2008-05-09 11:19 . 2008-05-09 11:19 27 --a------ C:\Users\Johannes\malwarebytes virus.txt 2008-05-09 11:19 . 2008-05-09 11:19 27 --a------ C:\Users\Johannes\malwarebytes virus.txt 2008-05-09 11:12 . 2008-05-09 11:12 d-------- C:\Users\Johannes\Application Data\Malwarebytes 2008-05-09 11:11 . 2008-05-09 11:11 d-------- C:\Users\All Users\Application Data\Malwarebytes 2008-05-09 11:11 . 2008-05-09 11:12 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-09 11:11 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-09 11:11 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-09 09:08 . 2008-05-09 09:08 d-------- C:\Program Files\Alwil Software 2008-05-09 08:57 . 2008-05-09 08:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-09 08:57 . 2008-05-09 10:58 1,434 ---hs---- C:\WINDOWS\system32\ewawwdod.ini 2008-05-09 08:54 . 2008-05-09 08:55 1,194 ---hs---- C:\WINDOWS\system32\seauhknj.ini 2008-05-08 23:22 . 2008-05-08 23:22 0 --a------ C:\WINDOWS\system32\tcriepju.tmp 2008-05-08 22:21 . 2008-05-08 23:31 109,812 --a------ C:\WINDOWS\BM8f2c5169.xml 2008-05-08 09:29 . 2008-05-08 09:29 153 --ahs---- C:\WINDOWS\system32\vggxlmjf.tmp 2008-05-08 09:29 . 2008-05-08 09:29 74 --ahs---- C:\WINDOWS\system32\vggxlmjf.ini 2008-05-08 00:58 . 2008-05-08 00:58 d-------- C:\Users\All Users\Application Data\FLEXnet 2008-05-08 00:47 . 2008-05-08 00:47 d-------- C:\Program Files\Bonjour 2008-05-08 00:40 . 2008-05-08 00:40 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-05-07 22:31 . 2008-05-07 22:31 d-------- C:\Program Files\mst software 2008-05-07 16:39 . 2008-05-07 16:39 d-------- C:\WINDOWS\Sun 2008-05-05 21:01 . 2008-05-05 21:01 d-------- C:\Users\Johannes\viktigt 2008-05-05 21:01 . 2008-05-05 21:01 d-------- C:\Users\Johannes\viktigt 2008-05-05 19:02 . 2008-05-05 19:02 d-------- C:\Users\Johannes\cbt 2008-05-05 19:02 . 2008-05-05 19:02 d-------- C:\Users\Johannes\Application Data\Personal 2008-05-05 19:02 . 2008-05-05 19:02 d-------- C:\Users\Johannes\Application Data\Netscape 2008-05-05 19:02 . 2008-05-05 19:02 d-------- C:\Users\Johannes\cbt 2008-05-05 19:02 . 2008-05-05 19:02 d-------- C:\Program Files\Personal 2008-05-02 08:50 . 2008-05-02 08:52 d-------- C:\WINDOWS\system32\Adobe 2008-04-29 22:09 . 2008-05-08 23:58 d-a------ C:\Users\All Users\Application Data\TEMP 2008-04-29 22:08 . 2008-04-29 22:11 d-------- C:\Program Files\SpywareBlaster 2008-04-29 21:49 . 2008-04-29 21:49 d-------- C:\Users\Johannes\Application Data\Windows Live Writer 2008-04-27 21:46 . 2008-04-27 23:57 d-------- C:\Users\Johannes\skola 2008-04-27 21:46 . 2008-04-27 23:57 d-------- C:\Users\Johannes\skola 2008-04-23 01:14 . 2008-04-23 01:14 d-------- C:\Users\All Users\Application Data\NVIDIA Corporation 2008-04-23 01:14 . 2008-04-23 01:15 d-------- C:\Program Files\NVIDIA Corporation 2008-04-23 01:14 . 2006-03-29 08:51 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-04-23 01:14 . 2006-03-29 08:50 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll 2008-04-23 01:14 . 2006-03-29 08:51 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2008-04-23 01:14 . 2006-03-29 08:51 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll 2008-04-23 01:14 . 2006-03-29 08:49 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys 2008-04-23 01:14 . 2006-05-05 19:21 4,608 --a------ C:\WINDOWS\system32\drivers\nvport.sys 2008-04-23 00:28 . 2008-04-23 00:28 d-------- C:\Sandbox 2008-04-23 00:26 . 2008-05-04 21:28 1,542 --a------ C:\WINDOWS\Sandboxie.ini 2008-04-23 00:25 . 2008-04-23 00:25 d-------- C:\Program Files\Sandboxie 2008-04-22 15:52 . 2008-04-22 15:52 d-------- C:\Users\Johannes\hawk 2008-04-22 15:52 . 2008-04-22 15:52 d-------- C:\Users\Johannes\hawk 2008-04-18 03:35 . 2008-04-18 03:35 d-------- C:\Program Files\DirectVobSub 2008-04-16 01:23 . 2008-04-16 01:23 d--h----- C:\WINDOWS\PIF 2008-04-14 02:41 . 2008-04-14 02:41 d-------- C:\Users\All Users\Application Data\Lavasoft 2008-04-14 02:41 . 2008-04-14 02:44 d-------- C:\Program Files\Ad-Aware 2007 2008-04-14 02:40 . 2008-04-14 02:40 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-12 19:34 . 2008-05-01 12:09 d-------- C:\Users\Johannes\Mina konversationsloggar 2008-04-12 19:34 . 2008-05-01 12:09 d-------- C:\Users\Johannes\Mina konversationsloggar 2008-04-11 15:48 . 2008-04-11 15:48 d-------- C:\Program Files\MSN Messenger 2008-04-11 15:48 . 2004-03-09 01:00 132,880 --a------ C:\WINDOWS\system32\MSINET.OCX 2008-04-11 15:48 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-04-11 15:48 . 2003-04-01 08:36 94,208 --a------ C:\WINDOWS\system32\vbalIml6.ocx 2008-04-11 15:48 . 2003-01-26 14:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll 2008-04-11 15:47 . 2008-04-11 15:47 d-------- C:\Users\All Users\Application Data\Messenger Plus! 2008-04-11 15:45 . 2008-04-11 15:45 d-------- C:\Program Files\Messenger Plus! Live 2008-04-11 04:18 . 2008-04-11 04:22 d-------- C:\Program Files\RegistryBooster 2 2008-04-11 02:44 . 2008-04-11 04:08 d-------- C:\Program Files\WhatsRunning 2008-04-11 02:40 . 2008-05-09 00:23 d-------- C:\Users\Johannes\Application Data\Uniblue 2008-04-09 13:26 . 2008-04-09 13:26 d-------- C:\Users\Johannes\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 06:23 --------- d-----w C:\Users\Johannes\Application Data\AVG7 2008-05-08 08:03 --------- d-----w C:\Users\Johannes\Application Data\uTorrent 2008-05-07 22:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-22 23:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-22 22:03 --------- d-----w C:\Users\Johannes\Application Data\dvdcss 2008-04-18 21:36 87,312 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys 2008-04-18 21:36 23,824 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys 2008-04-18 21:36 139,008 ----a-w C:\WINDOWS\system32\guard32.dll 2008-04-07 07:39 --------- d-----w C:\Users\Johannes\Application Data\Roxio 2008-04-06 22:15 --------- d-----w C:\Users\All Users\Application Data\Apple Computer 2008-04-06 22:15 --------- d-----w C:\Users\All Users\Application Data\Apple 2008-04-06 22:15 --------- d-----w C:\Program Files\QuickTime 2008-04-06 22:15 --------- d-----w C:\Program Files\Apple Software Update 2008-04-03 21:41 --------- d-----w C:\Users\Johannes\Application Data\Mina Slaget om Midgård-filer 2008-04-02 01:34 --------- d-----w C:\Program Files\Wfwin 2008-04-01 18:18 --------- d-----w C:\Program Files\EA GAMES 2008-03-24 11:25 --------- d-----w C:\Program Files\DAEMON Tools Pro 2008-03-21 23:25 --------- d-----w C:\Program Files\WFEnGram 2008-03-21 23:25 --------- d-----w C:\Program Files\Common Files\WordFinder Software 2008-03-21 00:42 --------- d-----w C:\Program Files\IrfanView 2008-03-21 00:42 --------- d-----w C:\Program Files\Google 2008-03-21 00:41 1,156,096 ----a-w C:\Users\Johannes\iview410_setup.exe 2008-03-21 00:41 1,156,096 ----a-w C:\Users\\Johannes\iview410_setup.exe 2008-03-20 18:03 --------- d-----w C:\Users\Johannes\Application Data\vlc 2008-03-20 18:03 --------- d-----w C:\Program Files\VideoLAN 2008-03-18 04:27 --------- d-----w C:\Program Files\Audacity 2008-03-17 21:00 --------- d-----w C:\Users\Johannes\Application Data\FastStone 2008-03-17 21:00 --------- d-----w C:\Program Files\FastStone Image Viewer 2008-03-17 14:13 --------- d-----w C:\Users\All Users\Application Data\SPCS 2008-03-17 14:13 --------- d-----w C:\Program Files\SPCS 2008-03-17 14:10 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-16 19:50 --------- d-----w C:\Program Files\Windows Live 2008-03-16 19:39 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-16 19:36 --------- d-----w C:\Users\All Users\Application Data\WLInstaller 2008-03-14 14:01 --------- d-----w C:\Users\All Users\Application Data\avg7 2008-03-14 01:42 --------- d-----w C:\Program Files\Save Flash 2008-03-14 01:21 --------- d-----w C:\Program Files\Arial Sound Recorder 2008-03-14 00:07 2,533,376 ----a-w C:\Users\Johannes\total-recorder.exe 2008-03-14 00:07 2,533,376 ----a-w C:\Users\\Johannes\total-recorder.exe 2008-03-14 00:07 --------- d-----w C:\Program Files\TotalRecorder 2008-03-13 23:42 --------- d-----w C:\Program Files\uTorrent 2008-03-13 20:18 --------- d-----w C:\Program Files\Kleptomania 2008-03-13 18:12 --------- d-----w C:\Program Files\Microsoft.NET 2008-03-13 18:10 --------- d-----w C:\Users\Johannes\Application Data\DAEMON Tools Pro 2008-03-13 18:07 --------- d-----w C:\Users\All Users\Application Data\DAEMON Tools Pro 2008-03-13 18:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-13 17:27 --------- d-----w C:\Users\All Users\Application Data\comodo 2008-03-13 17:25 --------- d-----w C:\Program Files\COMODO 2008-03-13 17:23 --------- d-----w C:\Users\Johannes\Application Data\Comodo 2008-03-13 17:07 --------- d-----w C:\Program Files\Opera 2008-03-13 16:58 15,600 ----a-w C:\WINDOWS\gdrv.sys 2008-03-13 16:58 --------- d-----w C:\Users\Johannes\Application Data\InstallShield 2008-03-13 16:58 --------- d-----w C:\Program Files\Realtek 2008-03-13 16:54 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-03-13 16:54 --------- d-----w C:\Users\Johannes\Application Data\ATI 2008-03-13 16:54 --------- d-----w C:\Users\All Users\Application Data\ATI 2008-03-13 16:54 --------- d-----w C:\Program Files\DIFX 2008-03-13 16:52 --------- d-----w C:\Program Files\ATI Technologies 2008-03-13 16:49 --------- d-----w C:\Program Files\Yahoo! 2008-03-13 16:22 --------- d-----w C:\Users\LocalService\Application Data\AVG7 2008-03-13 16:22 --------- d-----w C:\Users\All Users\Application Data\Grisoft 2008-03-13 16:20 --------- d-----w C:\Users\All Users\Application Data\Nero 2008-03-13 16:19 --------- d---a-w C:\Program Files\Windows Sidebar 2008-03-13 16:14 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-13 16:13 --------- d---a-w C:\Users\Johannes\Application Data\TrueTransparency 2008-03-13 16:13 --------- d---a-w C:\Users\Johannes\Application Data\RKLauncher 2008-03-13 16:13 --------- d---a-w C:\Users\Johannes\Application Data\OtakuSoftware 2008-03-13 16:13 --------- d---a-w C:\Users\Johannes\Application Data\Nero 2008-03-13 16:13 --------- d---a-w C:\Users\Johannes\Application Data\LClock 2008-03-13 16:02 --------- d-----w C:\Program Files\ffdshow 2008-03-13 15:59 --------- d-----w C:\Users\Johannes\Application Data\ESTsoft 2008-03-13 15:59 --------- d-----w C:\Program Files\Windows Defender 2008-03-13 15:58 --------- d-----w C:\Program Files\Java 2008-03-13 15:58 --------- d-----w C:\Program Files\Common Files\Java 2008-03-13 15:57 --------- d-----w C:\Program Files\Reference Assemblies 2008-03-13 15:57 --------- d-----w C:\Program Files\MSBuild 2008-03-13 15:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-13 15:46 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-23 17:05 449,024 ----a-w C:\WINDOWS\system32\accwiz.exe 2008-02-23 17:05 38,400 ----a-w C:\WINDOWS\system32\batmeter.dll 2008-02-23 17:05 2,870,784 ----a-w C:\WINDOWS\system32\winntbbu.dll 2008-02-23 17:05 100,864 ----a-w C:\WINDOWS\system32\ahui.exe 2008-02-23 17:03 226,304 ----a-w C:\WINDOWS\regedit.exe 2008-02-23 15:38 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll 2008-02-23 15:38 1,614,848 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2008-02-23 15:37 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2008-02-23 15:37 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll 2008-02-23 15:37 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-02-23 15:37 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2008-02-23 15:37 414,720 ----a-w C:\WINDOWS\system32\msscp.dll 2008-02-23 15:37 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll 2008-02-23 15:37 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2008-02-23 15:37 26,112 ----a-w C:\WINDOWS\system32\idndl.dll 2008-02-23 15:37 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll 2008-02-23 15:37 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll 2008-02-23 15:37 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2008-02-23 15:35 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe 2008-02-20 14:15 816,368 ----a-w C:\WINDOWS\system32\CCleaner.exe 2008-02-12 17:41 1,291,206 ----a-r C:\WINDOWS\SET3.tmp . ------- Sigcheck ------- 2008-02-23 19:06 578048 33faac720165233b0463db76e60e036f C:\WINDOWS\system32\user32.dll 2007-10-11 17:44 361088 270684847a8ef5c51fff58457e4dc8c6 C:\WINDOWS\system32\drivers\tcpip.sys 2007-10-11 17:44 361088 270684847a8ef5c51fff58457e4dc8c6 C:\WINDOWS\system32\syscache\tcpip.sys 2008-02-23 19:06 1424384 0ac51906496d5d3995dc8dac0f05214a C:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @={8D2223A2-B3C6-4e32-B096-CDD11F628C60} [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 23:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "TopDesk"="C:\WINDOWS\System32\topdesk.exe" [2007-11-16 08:40 1937920] "Kleptomania"="C:\PROGRA~1\KLEPTO~1\k-mania.exe" [2004-07-12 19:00 274432] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 20:20 68856] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 16:59 15360] "Uniblue RegistryBooster 2"="C:\Program Files\RegistryBooster 2\RegistryBooster.exe" [2007-12-06 20:25 1910040] "SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-03-05 11:29 417280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] "InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 23:02 1082152] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:31 579584] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-18 23:35 1572608] "TotalRecorderScheduler"="C:\Program Files\TotalRecorder\TotRecSched.exe" [2006-12-05 21:49 114688] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-04 02:53 413696] "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 16342528 C:\WINDOWS\RTHDCPL.exe] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-21 02:43 1838592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 16:59 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "VisualTaskTips"="C:\WINDOWS\System32\visualtasktips.exe" [2007-09-05 19:20 36352] "TopDesk"="C:\WINDOWS\System32\topdesk.exe" [2007-11-16 08:40 1937920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "RTUserConfig"="C:\WINDOWS\System32\rtusercfg.exe" [ ] C:\Users\All Users\Start Menu\Programs\Startup\ Personal.lnk - C:\Program Files\Personal\bin\Personal.exe [5/5/2008 7:02:27 PM 722464] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\ [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaxwTj] hgGaxwTj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave"= DrvTrNTm.dll "mixer"= DrvTrNTm.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-04-18 23:36] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-04-18 23:36] R1 Ext2fs;Ext2fs;C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2008-01-20 18:53] R1 IfsMount;IfsMount;C:\WINDOWS\system32\DRIVERS\ifsmount.sys [2007-12-29 20:48] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R3 RTHDMIAzAudService;Service for HDMI;C:\WINDOWS\system32\drivers\RtHDMI.sys [2007-05-14 03:12] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-03-05 11:29] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-13 18:58] S4 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 23:02] . Contents of the 'Scheduled Tasks' folder "2008-05-01 10:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-09 12:24:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-05-08 07:28:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2008-05-08 07:28:39 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-09 14:21:41 Windows 5.1.2600 Service Pack 3, v.3311 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\System32\topdesk154.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Program Files\Kleptomania\k-mania.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2008-05-09 14:24:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-09 12:24:48 Pre-Run: 695,242,752 bytes free Post-Run: 1,179,779,072 bytes free 331 --- E O F --- 2008-05-02 23:20:42