ComboFix 07-11-19.4C - Gabbar 2007-11-30 20:27:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.595 [GMT 1:00] Running from: C:\Documents and Settings\Gabbar\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll C:\WINDOWS\system32\_000013_.tmp.dll C:\WINDOWS\system32\_000049_.tmp.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-30 17:57 dr-h----- C:\Documents and Settings\Gabbar\Siste 2007-11-27 18:37 d-------- C:\Documents and Settings\Gabbar\Incomplete 2007-11-27 18:34 d-------- C:\Programfiler\LimeWire 2007-11-27 18:34 d-------- C:\Documents and Settings\Gabbar\Programdata\LimeWire 2007-11-22 20:15 139,008 --a------ C:\WINDOWS\system32\guard32.dll 2007-11-22 20:15 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys 2007-11-22 20:15 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2007-10-20 23:00 d--h----- C:\Programfiler\Zero G Registry 2007-10-20 22:59 d--h----- C:\Documents and Settings\Gabbar\InstallAnywhere . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 17:01 --------- d-----w C:\Documents and Settings\Gabbar\Programdata\uTorrent 2007-11-25 16:44 --------- d-----w C:\Programfiler\mIRC 2007-11-25 11:37 --------- d-----w C:\Documents and Settings\Gabbar\Programdata\CyberLink 2007-11-25 11:36 --------- d-----w C:\Documents and Settings\Gabbar\Programdata\dvdcss 2007-11-22 19:20 --------- d-----w C:\Documents and Settings\All Users\Programdata\Comodo 2007-11-22 19:15 --------- d-----w C:\Programfiler\Comodo 2007-11-22 19:15 --------- d-----w C:\Documents and Settings\Gabbar\Programdata\Comodo 2007-11-15 19:05 --------- d-----w C:\Programfiler\Copernic Desktop Search 2 2007-10-29 17:15 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-10-29 17:15 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-10-20 22:04 --------- d-----w C:\Documents and Settings\Gabbar\Programdata\Sports Interactive 2007-10-20 22:00 --------- d-----w C:\Programfiler\Sports Interactive 2007-10-17 16:24 --------- d-----w C:\Programfiler\Java 2007-08-08 18:02 235,008 ----a-w C:\WINDOWS\UNBOC.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00] "Copernic Desktop Search 2"="C:\Programfiler\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-08-01 19:26] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 09:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 20:05] "SoundMan"="SOUNDMAN.EXE" [2005-02-23 17:13 C:\WINDOWS\SOUNDMAN.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2005-01-17 11:12 C:\WINDOWS\AGRSMMSG.exe] "KTPWare"="C:\Programfiler\Elantech\ktp3.exe" [2004-11-17 14:34] "AV Wizard"="C:\Programfiler\MSI\AV Wizard\AVExe.exe" [2005-03-03 12:09] "PCMService"="C:\Programfiler\CyberLink\PowerCinema\PCMService.exe" [2005-07-14 17:41] "KONICA MINOLTA PagePro 1300WStatusDisplay"="C:\WINDOWS\system32\MSTMON_N.EXE" [2004-03-31 03:54] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 14:57] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-05-28 12:55] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "OpwareSE2"="C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00] "OPSE reminder"="C:\Programfiler\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 09:29] "COMODO Firewall Pro"="C:\Programfiler\Comodo\Firewall\cfp.exe" [2007-11-22 20:15] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys R3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Programfiler\Comodo\CBOClean\BOCDRIVE.sys R3 Ktp3;Elantech TouchPad;C:\WINDOWS\system32\DRIVERS\Ktp3.sys R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys S2 MLPTDR_N;MLPTDR_N;\??\C:\WINDOWS\system32\MLPTDR_N.SYS S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys S3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fd43194-04c7-11da-913a-806d6172696f}] \Shell\AutoRun\command - D:\Autorun.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 20:32:46 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-30 20:34:36 - machine was rebooted . --- E O F ---