ComboFix 08-08-30.01 - Administrator 2008-08-30 23:58:30.4 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.796 [GMT 2:00] Running from: C:\Documents and Settings\Lars Kjetil Myrstad\Desktop\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-08-30 23:52 . 2008-08-30 23:52 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2008-08-30 23:52 . 2008-01-09 00:19 d-------- C:\Documents and Settings\Administrator\Application Data\Intel 2008-08-30 23:52 . 2006-04-05 23:24 d-------- C:\Documents and Settings\Administrator\Application Data\Corel 2008-08-30 23:52 . 2006-04-05 23:20 d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2008-08-30 23:52 . 2008-08-30 23:52 d-------- C:\Documents and Settings\Administrator 2008-08-30 23:23 . 2008-08-30 23:23 1,223,100 --a------ C:\WINDOWS\system32\xarmhyvk.exe 2008-08-30 23:23 . 2008-08-30 23:23 81,920 --a------ C:\WINDOWS\system32\hwzmlcds.exe 2008-08-30 22:45 . 2008-08-30 22:45 1,223,100 --a------ C:\WINDOWS\system32\ezuzmxaj.exe 2008-08-30 22:45 . 2008-08-30 22:45 81,920 --a------ C:\WINDOWS\system32\uvidyvet.exe 2008-08-30 22:20 . 2008-08-30 22:20 1,223,100 --a------ C:\WINDOWS\system32\vixofkvm.exe 2008-08-30 22:20 . 2008-08-30 22:20 81,920 --a------ C:\WINDOWS\system32\zsbsxcrg.exe 2008-08-30 21:38 . 2008-08-30 21:38 1,223,100 --a------ C:\WINDOWS\system32\utwxqbid.exe 2008-08-30 21:38 . 2008-08-30 21:38 94,208 --a------ C:\WINDOWS\system32\otgjwbij.exe 2008-08-30 21:12 . 2008-08-30 21:12 94,208 --a------ C:\WINDOWS\system32\neletspe.exe 2008-08-29 19:30 . 2008-08-29 19:30 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-29 19:30 . 2008-08-29 19:30 d-------- C:\Documents and Settings\Lars Kjetil Myrstad\Application Data\Malwarebytes 2008-08-29 19:30 . 2008-08-29 19:30 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-29 19:30 . 2008-08-17 15:04 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-29 19:30 . 2008-08-17 15:04 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-29 17:12 . 2008-08-29 17:12 d-------- C:\Program Files\Enigma Software Group 2008-08-29 15:11 . 2008-08-29 15:11 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-29 15:05 . 2008-08-29 15:05 d-------- C:\Program Files\avbjzde 2008-08-29 15:05 . 2008-08-29 15:05 d-------- C:\Documents and Settings\All Users\Application Data\wlkpknml 2008-08-21 22:24 . 2008-08-21 22:24 d-------- C:\Program Files\FotoKnudsen FotoBok 2008-08-21 22:24 . 2008-08-21 22:24 d-------- C:\Documents and Settings\All Users\Application Data\FotoKnudsen FotoBok 2008-08-21 13:08 . 2008-05-01 16:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-07-18 20:38 . 2008-07-18 20:38 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR 2008-07-17 18:09 . 2008-07-17 18:09 d-------- C:\Program Files\FMS 2008-07-07 22:32 . 2008-07-07 22:32 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-30 08:12 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-30 08:11 --------- d-----w C:\Documents and Settings\Lars Kjetil Myrstad\Application Data\AdobeUM 2008-08-29 13:11 --------- d-----w C:\Program Files\Lavasoft 2008-08-29 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-08-28 19:36 --------- d-----w C:\Documents and Settings\Linn Eidem\Application Data\AdobeUM 2008-07-31 21:36 --------- d-----w C:\Documents and Settings\Lars Kjetil Myrstad\Application Data\uTorrent 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-03-06 20:50 768 ----a-w C:\Program Files\SDMV11DIVES.TPS 2007-03-06 20:50 768 ----a-w C:\Program Files\SDMV10SIMPR.TPS 2007-03-06 20:50 768 ----a-w C:\Program Files\SDMV10PROF.TPS 2007-03-06 20:50 1,280 ----a-w C:\Program Files\SDMV13SIMDIVE.TPS 2008-03-02 10:21 56 --sh--r C:\WINDOWS\system32\D23E61BF04.sys 2008-03-02 10:21 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ShowLOMControl"="1 (0x1)" [X] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 19:56 761947] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 11:45 839680] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184] "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 17:21 169328] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "xiWK5tFO9j"="C:\Documents and Settings\All Users\Application Data\wlkpknml\whatapiv.exe" [2008-08-29 15:05 65536] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-05 23:17:56 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "stren"= {0491FE2F-4EA6-9304-4080-06F944FDDC0F} - C:\Program Files\avbjzde\stren.dll [2008-08-29 15:05 110592] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= R3 NgVpn;Aventail VPN Adapter;C:\WINDOWS\system32\DRIVERS\ngvpn.sys [2007-08-01 19:03] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S2 Basics Service;Basics Service;C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 17:21] S2 NgVpnMgr;Aventail VPN Client;C:\WINDOWS\system32\ngvpnmgr.exe [2007-08-01 19:04] S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 12:03] S3 NgFilter;Aventail VPN Filter;C:\WINDOWS\system32\DRIVERS\ngfilter.sys [2007-08-01 19:03] S3 NgLog;Aventail VPN Logging;C:\WINDOWS\system32\DRIVERS\nglog.sys [2007-08-01 19:02] S3 NgWfp;Aventail VPN Callout;C:\WINDOWS\system32\DRIVERS\ngwfp.sys [2007-08-01 19:03] S3 SiBulk;SiBulk;C:\WINDOWS\system32\drivers\SiBulk.sys [2004-06-18 20:23] . Contents of the 'Scheduled Tasks' folder 2008-08-30 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mooptu14.default\ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 23:59:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-31 0:00:27 ComboFix-quarantined-files.txt 2008-08-30 22:00:26 ComboFix2.txt 2008-08-30 21:26:33 ComboFix3.txt 2008-08-30 20:25:01 Pre-Run: 14,843,265,024 bytes free Post-Run: 14,838,652,928 bytes free 159 --- E O F --- 2008-08-21 21:50:05