Hey again....
Here is what you asked for:
C:\Programfiler\temp01
C:\WINDC:\WINDOWS\system32\wpa.bak
C:\WINDOWS\system32\nb-no
All three gets the same answer;
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
-----------------------------------------------------------------------------------------
ComboFix 08-03-17.1 - Kine 2008-03-21 19:16:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.602 [GMT 1:00]
Running from: C:\Documents and Settings\Kine\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kine\Skrivebord\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\system32\ChCfg.exe
C:\WINDOWS\system32\MFC71.dll
C:\WINDOWS\system32\nnnkkhh.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ChCfg.exe
C:\WINDOWS\system32\MFC71.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.
2008-03-21 19:03 . 2008-03-21 19:14 <DIR> dr-h----- C:\Documents and Settings\Kine\Siste
2008-03-13 17:19 . 2008-03-13 17:19 <DIR> d-------- C:\Programfiler\Trend Micro
2008-03-12 19:06 . 2008-03-12 19:06 <DIR> d-------- C:\Programfiler\Microsoft Windows OneCare Live
2008-03-12 16:35 . 2008-03-12 19:06 <DIR> d-------- C:\Programfiler\Windows Live Safety Center
2008-03-10 17:48 . 2004-01-14 02:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-03-10 17:46 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-10 17:45 . 2008-03-10 17:45 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-03-10 17:44 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-10 17:44 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-10 17:42 . 2008-03-10 17:42 <DIR> d-------- C:\WINDOWS\StartHtmico
2008-03-10 17:42 . 2008-03-10 17:42 <DIR> d-------- C:\WINDOWS\IP4000,3000
2008-03-10 17:42 . 2004-04-23 06:00 116,736 --a------ C:\WINDOWS\system32\CNMLM64.DLL
2008-03-10 17:42 . 2004-03-11 17:06 86,016 --------- C:\WINDOWS\system32\CNMCP64.exe
2008-03-10 17:42 . 2004-03-11 17:06 86,016 -ra------ C:\WINDOWS\system32\cnm37.tmp
2008-03-10 17:42 . 2004-04-23 06:00 7,680 --a------ C:\WINDOWS\system32\CNMVS64.DLL
2008-03-10 17:40 . 2008-03-10 17:48 <DIR> d-------- C:\Programfiler\Canon
2008-03-10 11:29 . 2008-03-10 11:29 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe
2008-03-09 18:17 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-09 18:17 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-09 18:17 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-09 16:54 . 2008-03-10 15:49 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP
2008-03-09 16:48 . 2008-03-09 16:48 <DIR> d-------- C:\Programfiler\bfgclient
2008-03-09 16:48 . 2008-03-09 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\BigFishGamesCache
2008-03-09 16:27 . 2008-03-09 16:27 <DIR> d-------- C:\WINDOWS\Sun
2008-03-09 16:27 . 2008-03-17 19:18 <DIR> d-------- C:\Documents and Settings\Kine\Programdata\LimeWire
2008-03-09 16:27 . 2008-03-09 16:27 <DIR> d-------- C:\Documents and Settings\Kine\Incomplete
2008-03-09 16:26 . 2008-03-09 16:26 <DIR> d-------- C:\Programfiler\Java
2008-03-09 16:26 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-09 16:25 . 2008-03-09 16:25 <DIR> d-------- C:\Programfiler\Fellesfiler\Java
2008-03-09 15:22 . 2008-03-09 15:22 <DIR> d-------- C:\Documents and Settings\Eli\Programdata\AVG7
2008-03-09 15:21 . 2008-03-08 21:01 <DIR> dr------- C:\Documents and Settings\Eli\Start-meny
2008-03-09 15:21 . 2008-03-08 21:01 <DIR> d--h----- C:\Documents and Settings\Eli\Skrivere
2008-03-09 15:21 . 2008-03-08 21:01 <DIR> d-------- C:\Documents and Settings\Eli\Skrivebord
2008-03-09 15:21 . 2008-03-09 15:22 <DIR> dr-h----- C:\Documents and Settings\Eli\Siste
2008-03-09 15:21 . 2008-03-09 15:25 <DIR> dr-h----- C:\Documents and Settings\Eli\Programdata
2008-03-09 15:21 . 2008-03-09 15:22 <DIR> dr------- C:\Documents and Settings\Eli\Mine dokumenter
2008-03-09 15:21 . 2008-03-08 20:13 <DIR> d--h----- C:\Documents and Settings\Eli\Maler
2008-03-09 15:21 . 2008-03-18 22:56 <DIR> d--h----- C:\Documents and Settings\Eli\Lokale innstillinger
2008-03-09 15:21 . 2008-03-09 15:22 <DIR> dr------- C:\Documents and Settings\Eli\Favoritter
2008-03-09 15:21 . 2008-03-08 21:01 <DIR> d--h----- C:\Documents and Settings\Eli\AndrMask
2008-03-09 15:18 . 2008-03-09 15:18 <DIR> d-------- C:\Programfiler\Realtek AC97
2008-03-09 15:18 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
2008-03-09 15:18 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2008-03-09 15:18 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-03-09 15:18 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
2008-03-09 15:18 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
2008-03-09 15:18 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
2008-03-09 15:18 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-03-09 15:18 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2008-03-09 14:11 . 2008-03-09 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Drivers HeadQuarters
2008-03-09 13:42 . 2008-03-09 15:22 382 --a------ C:\WINDOWS\ODBC.INI
2008-03-09 13:40 . 2008-03-09 13:40 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-09 13:39 . 2008-03-09 13:39 <DIR> d-------- C:\Documents and Settings\Kine\Programdata\Microsoft Web Folders
2008-03-08 23:47 . 2008-03-08 23:47 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7
2008-03-08 23:47 . 2008-03-21 18:44 <DIR> d-------- C:\Documents and Settings\Kine\Programdata\AVG7
2008-03-08 23:47 . 2008-03-08 23:47 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-08 23:47 . 2008-03-08 23:47 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-08 23:46 . 2008-03-08 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft
2008-03-08 23:46 . 2008-03-09 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7
2008-03-08 23:42 . 2008-03-08 23:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-08 23:42 . 2008-03-08 23:50 <DIR> d-------- C:\Documents and Settings\Kine\Contacts
2008-03-08 23:23 . 2008-03-08 23:23 <DIR> d-------- C:\Programfiler\Microsoft SQL Server Compact Edition
2008-03-08 23:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-08 23:13 . 2008-03-08 23:13 <DIR> d-------- C:\Programfiler\Windows Media Connect 2
2008-03-08 23:12 . 2008-03-08 23:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-08 23:12 . 2008-03-08 23:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-08 23:11 . 2008-03-08 23:57 <DIR> d-------- C:\WINDOWS\system32\nb-no
2008-03-08 23:03 . 2008-03-08 23:04 <DIR> d-------- C:\Programfiler\Google
2008-03-08 23:02 . 2008-03-08 23:02 <DIR> d--hs---- C:\Documents and Settings\Kine\UserData
2008-03-08 22:54 . 2008-03-08 23:23 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-03-08 22:53 . 2008-03-08 23:58 <DIR> d-------- C:\Programfiler\Windows Live
2008-03-08 22:53 . 2008-03-08 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller
2008-03-08 22:52 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 22:50 . 2008-03-08 22:50 13,742 --a------ C:\WINDOWS\system32\wpa.bak
2008-03-08 22:45 . 2008-03-08 22:45 <DIR> d-------- C:\Programfiler\NVIDIA Corporation
2008-03-08 22:45 . 2008-03-09 15:18 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information
2008-03-08 22:45 . 2008-03-08 22:45 <DIR> d-------- C:\Programfiler\Fellesfiler\NVIDIA Shared
2008-03-08 22:44 . 2008-03-08 22:45 <DIR> d-------- C:\Programfiler\Fellesfiler\InstallShield
2008-03-08 22:44 . 2008-03-09 14:55 <DIR> d-------- C:\NVIDIA
2008-03-08 22:42 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-08 21:05 . 2003-03-27 08:48 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-03-08 21:05 . 2008-03-08 21:05 2,949 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-03-08 21:03 . 2004-08-04 02:03 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2008-03-08 21:03 . 2004-08-04 01:54 57,344 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-08 21:03 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> dr------- C:\Documents and Settings\Default User\Start-meny
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Skrivere
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Skrivebord
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\Siste
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Mine dokumenter
2008-03-08 21:01 . 2008-03-08 20:13 <DIR> d--h----- C:\Documents and Settings\Default User\Maler
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> dr-h----- C:\Documents and Settings\Default User\Lokale innstillinger
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d-------- C:\Documents and Settings\Default User\Favoritter
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d--h----- C:\Documents and Settings\Default User\AndrMask
2008-03-08 21:01 . 2008-03-09 13:41 <DIR> dr------- C:\Documents and Settings\All Users\Start-meny
2008-03-08 21:01 . 2008-03-12 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Skrivebord
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d--h----- C:\Documents and Settings\All Users\Maler
2008-03-08 21:01 . 2008-03-08 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Favoritter
2008-03-08 21:01 . 2008-03-08 20:14 <DIR> dr------- C:\Documents and Settings\All Users\Dokumenter
2008-03-08 21:00 . 2008-03-08 21:01 <DIR> dr-h----- C:\Documents and Settings\Default User\Programdata
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 15:48 0 ----a-w C:\Programfiler\temp01
2008-03-09 12:39 --------- d-----w C:\Programfiler\microsoft frontpage
2008-03-08 19:15 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester
2008-03-08 19:15 --------- d-----w C:\Programfiler\Elektroniske tjenester
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
((((((((((((((((((((((((((((( snapshot@2008-03-18_22.56.37.53 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-12 14:52 68856]
"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="L:\Programma\QuickTime\QTTask.exe" [2007-06-29 05:24 286720]
"NVMixerTray"="C:\Programfiler\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-06-03 20:51 131072]
"Windows Defender"="L:\WindowsDefender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-08 23:46 579072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 23:46 219136]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Microsoft Office.lnk - L:\Programma\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 17:13:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- L:\WindowsDefender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-21 19:17:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-21 19:18:20
ComboFix-quarantined-files.txt 2008-03-21 18:18:12
ComboFix2.txt 2008-03-18 21:56:56
.
2008-03-21 17:12:19 --- E O F ---
-------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.09
Database version: 518
Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|L:\|)
Objects scanned: 67489
Time elapsed: 15 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{6331CA87-707C-4A1A-9871-F96EAEDE4714}\RP34\A0002856.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 21, 2008 9:05:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/03/2008
Kaspersky Anti-Virus database records: 652047
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
L:\
Scan Statistics:
Total number of scanned objects: 42584
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:28:58
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Programdata\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Programdata\Microsoft\Windows Defender\Support\MPLog-03082008-233819.log Object is locked skipped
C:\Documents and Settings\Kine\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Logg\History.IE5\MSHist012008032120080322\index.dat Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Programdata\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Programdata\Microsoft\Windows Defender\FileTracker\{3C6FD7E6-4ABB-4DF9-B49B-99BA7D4A4871} Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kine\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kine\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kine\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kine\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\catchme2008-03-18_225536.89.zip/pmkhh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-18_225536.89.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{6331CA87-707C-4A1A-9871-F96EAEDE4714}\RP39\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{6331CA87-707C-4A1A-9871-F96EAEDE4714}\RP39\change.log Object is locked skipped
L:\Incomplete\T-485840-Top of Charts - 2004 (love).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
L:\My Shared Folder\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\System Volume Information\_restore{6331CA87-707C-4A1A-9871-F96EAEDE4714}\RP39\change.log Object is locked skipped
Scan process completed.
---------------------------------------------------------------------------------------
uninstall list...
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
a-squared Free 3.1
ATI Display Driver
AVG 7.5
Big Fish Games Client
Canon PhotoRecord
Canon PIXMA iP4000
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CCleaner (remove only)
CD-LabelPrint
D-Link VGA Webcam
Easy-WebPrint
Farm Frenzy
Google Toolbar for Internet Explorer
Grimm's Hatchery
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hurtigreparasjon for Windows Media Player 11 (KB939683)
Java(TM) 6 Update 5
Magic Farm
Malwarebytes' RogueRemover
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Miss Teri Tale
NVIDIA Drivers
NvMixer
Oppdatering for Windows XP (KB894391)
Oppdatering for Windows XP (KB898461)
Oppdatering for Windows XP (KB900485)
Oppdatering for Windows XP (KB908531)
Oppdatering for Windows XP (KB910437)
Oppdatering for Windows XP (KB911280)
Oppdatering for Windows XP (KB916595)
Oppdatering for Windows XP (KB920872)
Oppdatering for Windows XP (KB922582)
Oppdatering for Windows XP (KB927891)
Oppdatering for Windows XP (KB930916)
Oppdatering for Windows XP (KB938828)
Oppdatering for Windows XP (KB942763)
Påloggingsassistent for Windows Live
Realtek AC'97 Audio
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB938127)
Sikkerhetsoppdatering for Windows Internet Explorer 7 (KB944533)
Sikkerhetsoppdatering for Windows Media Player (KB911564)
Sikkerhetsoppdatering for Windows Media Player 11 (KB936782)
Sikkerhetsoppdatering for Windows Media Player 6.4 (KB925398)
Sikkerhetsoppdatering for Windows XP (KB890046)
Sikkerhetsoppdatering for Windows XP (KB893756)
Sikkerhetsoppdatering for Windows XP (KB896358)
Sikkerhetsoppdatering for Windows XP (KB896423)
Sikkerhetsoppdatering for Windows XP (KB896428)
Sikkerhetsoppdatering for Windows XP (KB899587)
Sikkerhetsoppdatering for Windows XP (KB899591)
Sikkerhetsoppdatering for Windows XP (KB900725)
Sikkerhetsoppdatering for Windows XP (KB901017)
Sikkerhetsoppdatering for Windows XP (KB901214)
Sikkerhetsoppdatering for Windows XP (KB902400)
Sikkerhetsoppdatering for Windows XP (KB905414)
Sikkerhetsoppdatering for Windows XP (KB905749)
Sikkerhetsoppdatering for Windows XP (KB908519)
Sikkerhetsoppdatering for Windows XP (KB911562)
Sikkerhetsoppdatering for Windows XP (KB911927)
Sikkerhetsoppdatering for Windows XP (KB913580)
Sikkerhetsoppdatering for Windows XP (KB914388)
Sikkerhetsoppdatering for Windows XP (KB914389)
Sikkerhetsoppdatering for Windows XP (KB918118)
Sikkerhetsoppdatering for Windows XP (KB918439)
Sikkerhetsoppdatering for Windows XP (KB919007)
Sikkerhetsoppdatering for Windows XP (KB920213)
Sikkerhetsoppdatering for Windows XP (KB920670)
Sikkerhetsoppdatering for Windows XP (KB920683)
Sikkerhetsoppdatering for Windows XP (KB920685)
Sikkerhetsoppdatering for Windows XP (KB922819)
Sikkerhetsoppdatering for Windows XP (KB923191)
Sikkerhetsoppdatering for Windows XP (KB923414)
Sikkerhetsoppdatering for Windows XP (KB923980)
Sikkerhetsoppdatering for Windows XP (KB924270)
Sikkerhetsoppdatering for Windows XP (KB924667)
Sikkerhetsoppdatering for Windows XP (KB925902)
Sikkerhetsoppdatering for Windows XP (KB926255)
Sikkerhetsoppdatering for Windows XP (KB926436)
Sikkerhetsoppdatering for Windows XP (KB927779)
Sikkerhetsoppdatering for Windows XP (KB927802)
Sikkerhetsoppdatering for Windows XP (KB928255)
Sikkerhetsoppdatering for Windows XP (KB928843)
Sikkerhetsoppdatering for Windows XP (KB929123)
Sikkerhetsoppdatering for Windows XP (KB930178)
Sikkerhetsoppdatering for Windows XP (KB931261)
Sikkerhetsoppdatering for Windows XP (KB931784)
Sikkerhetsoppdatering for Windows XP (KB932168)
Sikkerhetsoppdatering for Windows XP (KB933729)
Sikkerhetsoppdatering for Windows XP (KB935839)
Sikkerhetsoppdatering for Windows XP (KB935840)
Sikkerhetsoppdatering for Windows XP (KB936021)
Sikkerhetsoppdatering for Windows XP (KB937894)
Sikkerhetsoppdatering for Windows XP (KB938829)
Sikkerhetsoppdatering for Windows XP (KB941202)
Sikkerhetsoppdatering for Windows XP (KB941568)
Sikkerhetsoppdatering for Windows XP (KB941569)
Sikkerhetsoppdatering for Windows XP (KB941644)
Sikkerhetsoppdatering for Windows XP (KB943055)
Sikkerhetsoppdatering for Windows XP (KB943460)
Sikkerhetsoppdatering for Windows XP (KB943485)
Sikkerhetsoppdatering for Windows XP (KB944653)
Sikkerhetsoppdatering for Windows XP (KB946026)
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Fotogalleri
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP hurtigreparasjon - KB873339
Windows XP hurtigreparasjon - KB885835
Windows XP hurtigreparasjon - KB885836
Windows XP hurtigreparasjon - KB886185
Windows XP hurtigreparasjon - KB887472
Windows XP hurtigreparasjon - KB888302
Windows XP hurtigreparasjon - KB890859
Windows XP hurtigreparasjon - KB891781
----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:36, on 21.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
L:\WindowsDefender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
L:\Programma\QuickTime\QTTask.exe
L:\WindowsDefender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe
C:\Programfiler\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programfiler\Trend Micro\HijackThis\removal.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.startsiden.no/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - L:\Programma\Canon Pixma IP4000\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "L:\Programma\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NVMixerTray] C:\Programfiler\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [Windows Defender] "L:\WindowsDefender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = L:\Programma\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://L:\Programma\Canon Pixma IP4000\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://L:\Programma\Canon Pixma IP4000\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://L:\Programma\Canon Pixma IP4000\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://L:\Programma\Canon Pixma IP4000\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... ase370.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6325 bytes