ComboFix 08-10-16.08 - Bjørn Are 2008-10-17 15:28:07.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.115 [GMT 2:00] Running from: C:\Documents and Settings\Bjørn Are\Skrivebord\ComboFix.exe [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 ))))))))))))))))))))))))))))))) . 2008-10-17 13:14 . 2008-10-17 13:14 d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-10-17 13:14 . 2008-10-17 13:14 d-------- C:\Documents and Settings\Bjørn Are\Programdata\Malwarebytes 2008-10-17 13:14 . 2008-10-17 13:14 d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-10-17 13:14 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-17 13:14 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-17 13:08 . 2008-10-17 13:08 dr-h----- C:\Documents and Settings\Bjørn Are\Siste 2008-10-17 13:08 . 2008-10-17 13:08 dr-h----- C:\Documents and Settings\Bjørn Are\Siste 2008-10-17 13:04 . 2008-10-17 13:04 d-------- C:\Programfiler\CCleaner 2008-10-15 20:38 . 2008-09-15 17:29 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-15 20:38 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-15 20:37 . 2008-08-14 15:27 2,190,976 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 20:37 . 2008-08-14 15:27 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 20:37 . 2008-08-14 15:27 2,067,840 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 20:37 . 2008-08-14 15:27 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-03 20:28 . 2008-10-03 20:28 d-------- C:\Documents and Settings\Bjørn Are\Programdata\DivX 2008-10-03 20:13 . 2008-10-03 20:13 d-------- C:\Programfiler\DivX 2008-09-29 15:17 . 2008-09-29 15:17 d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-17 10:57 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll 2008-10-17 10:57 722,472 ----a-w C:\WINDOWS\system32\kdfmgr.exe 2008-10-17 10:57 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll 2008-10-17 10:57 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe 2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-09-15 15:29 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-09-05 21:30 950,824 ------w C:\WINDOWS\system32\dllcache\WgaTray.exe 2008-09-05 21:30 267,304 ------w C:\WINDOWS\system32\dllcache\wgaLogon.dll 2008-08-25 21:17 --------- d-----w C:\Programfiler\Fellesfiler\PCSuite 2008-08-25 21:17 --------- d-----w C:\Programfiler\Fellesfiler\Nokia 2008-08-25 21:14 --------- d-----w C:\Programfiler\PC Connectivity Solution 2008-08-20 05:30 665,600 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-20 05:30 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-08-20 05:30 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2008-08-20 05:30 3,088,896 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-08-20 05:30 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-08-14 13:27 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:27 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "TrendSecure Remote File Lock"="C:\Programfiler\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2008-03-06 423248] "OE"="C:\Programfiler\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 492808] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "BitTorrent DNA"="C:\Programfiler\DNA\btdna.exe" [2008-10-11 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 102491] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 692315] "RemoteControl"="C:\Programfiler\filer\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "GraviSense"="C:\Acer\GraviSense\GraviSense.exe" [2005-12-15 4132864] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192] "LManager"="C:\Programfiler\Launch Manager\QtZgAcer.EXE" [2005-12-13 397312] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-11-30 225280] "LogitechCameraAssistant"="C:\Programfiler\Acer\OrbiCam\CameraAssistant.exe" [2005-11-29 438272] "LogitechVideo[inspector]"="C:\Programfiler\Acer\OrbiCam\InstallHelper.exe" [2005-11-29 14:51 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 2462208] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-30 1398024] "IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-05 618557] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\MsnMsgr.Exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 12106] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 78208] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2005-11-29 1088896] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-11-30 16768] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 4392] S2 gsensor;gsensor;C:\WINDOWS\system32\gsensor.sys [ ] . Contents of the 'Scheduled Tasks' folder 2008-10-17 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Bjørn Are\Programdata\Mozilla\Firefox\Profiles\e3818b47.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no FF -: plugin - C:\Programfiler\DNA\plugins\npbtdna.dll FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npbittorrent.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-17 15:30:03 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... C:\WINDOWS\EXPLORER.EXE [1004] 0x82A9E348 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-17 15:30:36 ComboFix-quarantined-files.txt 2008-10-17 13:30:34 Pre-Run: 96,438,288,384 byte ledig Post-Run: 96,431,243,264 byte ledig 179 --- E O F --- 2008-10-15 21:36:12