ComboFix 08-10-01.06 - EPC 2008-10-02 22:36:35.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1576 [GMT 2:00] Running from: E:\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\EPC\AppData\Roaming\Microsoft\Windows\Cookies\epc@clicktorrent[2].txt C:\Windows\system32\AutoRun.inf E:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-09-02 to 2008-10-02 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-02 20:26 --------- d-----w C:\Users\EPC\AppData\Roaming\Malwarebytes 2008-10-02 20:26 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-10-02 20:26 --------- d-----w C:\PROGRA~2\Malwarebytes 2008-10-02 19:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-02 07:40 12,931 ----a-w C:\Users\EPC\AppData\Roaming\nvModes.dat 2008-10-01 20:25 --------- d-----w C:\Users\EPC\AppData\Roaming\Microgaming 2008-09-14 19:24 --------- d-----w C:\Program Files\Winsometech 2008-09-09 22:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 22:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-23 23:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-23 23:01 --------- d-----w C:\Program Files\Avanquest update 2008-08-23 23:01 --------- d-----w C:\PROGRA~2\BVRP Software 2008-08-23 22:16 --------- d-----w C:\Program Files\Sony Ericsson 2008-08-23 22:16 --------- d-----w C:\PROGRA~2\Sony Ericsson 2008-08-23 22:15 --------- d-----w C:\Users\EPC\AppData\Roaming\InstallShield 2008-08-23 22:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-18 14:34 --------- d-----w C:\Program Files\Apple Software Update 2008-08-14 06:24 --------- d-----w C:\Program Files\Windows Mail 2008-08-10 15:25 --------- d-----w C:\Users\EPC\AppData\Roaming\Apple Computer 2008-08-10 15:25 --------- d-----w C:\Program Files\iTunes 2008-08-10 15:25 --------- d-----w C:\Program Files\iPod 2008-08-10 15:25 --------- d-----w C:\PROGRA~2\Apple Computer 2008-08-10 15:24 --------- d-----w C:\Program Files\QuickTime 2008-08-10 15:24 --------- d-----w C:\Program Files\Bonjour 2008-08-10 15:22 --------- d-----w C:\Program Files\Common Files\Apple 2008-08-10 15:22 --------- d-----w C:\PROGRA~2\Apple 2008-08-06 10:19 2,213,118 ----a-w C:\Users\EPC\BACKUP 060808.ZIP 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-08-02 01:01 625,152 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-04 08:02 174 --sha-w C:\Program Files\desktop.ini 2008-07-04 07:37 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-07-04 07:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-10 15:06 20,480 ----a-w C:\Users\EPC\RSMInit.exe 2008-05-20 10:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-05-20 10:50 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-05-20 10:50 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-16 1524760] [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}] 2008-04-16 11:06 1524760 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a33fa729-d155-4b23-842b-2c665ecabdb6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-16 1524760] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-16 1524760] [HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-20 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-20 7766016] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-20 81920] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-08-10 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-15 113664] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-04-15 2641920] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3AAA6831-E0D9-4A5F-A017-A974996461F7}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{C99633CD-F2E7-4B45-9C98-52A756229EBE}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{12EE1E38-962E-4BC7-B580-D2C855ADFB41}"= UDP:C:\Program Files\ABC\abc.exe:ABC "{EA395CC1-CC90-4D0B-B657-0EFD012352A3}"= TCP:C:\Program Files\ABC\abc.exe:ABC "TCP Query User{A67B6A28-2466-4D3B-B13B-172C9668EB9F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{B5A069EA-EA94-4AF7-9A77-646BF9CD4815}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{B1E3ABC5-30CE-45FE-9C93-EC0EE2379FE9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{D3169DC7-24CD-4EF3-9000-2EC72533A146}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{181CEF17-D098-4742-8DE0-1CC24C3CA749}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{CC261E60-9CEA-4443-B283-24A699F01E20}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-04-04 261680] S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\SE30mdfl.sys [2006-05-15 9360] S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 37008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - COMHOST *Newly Created Service* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}] C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce- - (no file) . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/ O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 -: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll C:\Windows\Downloaded Program Files\IlosoftMultipleImageUpload.dll O16 -: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.varebilinnredning.no/controls/IlosoftImageUpload.dll C:\Windows\Downloaded Program Files\IlosoftImageUpload.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-02 22:43:32 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-02 22:44:48 ComboFix-quarantined-files.txt 2008-10-02 20:44:11 Pre-Run: Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Post-Run: 10,321,813,504 byte ledig 177 --- E O F --- 2008-09-12 01:03:50