ComboFix 08-11-11.01 - Kaja 2008-11-12 23:48:23.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1058 [GMT 1:00] Running from: c:\users\Kaja\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 ))))))))))))))))))))))))))))))) . 2008-11-12 22:59 . 2008-11-12 22:59 d-------- c:\users\All Users\Avira 2008-11-12 22:59 . 2008-11-12 22:59 d-------- c:\programdata\Avira 2008-11-12 22:59 . 2008-11-12 22:59 d-------- c:\program files\Avira 2008-11-12 22:53 . 2008-11-12 22:53 d-------- c:\program files\Trend Micro 2008-11-12 22:38 . 2008-11-12 22:38 d-------- c:\users\Kaja\AppData\Roaming\Malwarebytes 2008-11-12 22:38 . 2008-11-12 22:38 d-------- c:\users\All Users\Malwarebytes 2008-11-12 22:38 . 2008-11-12 22:38 d-------- c:\programdata\Malwarebytes 2008-11-12 22:38 . 2008-11-12 22:38 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-12 22:38 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-12 22:38 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-12 22:32 . 2008-11-12 22:32 d-------- c:\program files\CCleaner 2008-11-12 22:04 . 2008-11-12 22:04 d-------- C:\PerfLogs 2008-11-11 19:12 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-11 19:12 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-11 19:12 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-08 20:03 . 2008-11-08 20:03 d-------- c:\users\All Users\VIZ_MPS 2008-11-08 20:03 . 2008-11-08 20:03 d-------- c:\programdata\VIZ_MPS 2008-11-08 20:03 . 2008-11-08 20:03 d-------- c:\program files\Vizky 2008-11-07 15:35 . 2008-11-07 15:35 102,190 --a------ c:\windows\System32\cont_adzgalore-remove.exe 2008-11-07 15:35 . 2008-11-07 15:35 96,093 --a------ c:\windows\System32\uortmqtfphzoqzcx.dll-uninst.exe 2008-10-28 18:33 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-28 18:33 . 2008-01-19 08:36 37,888 --a------ c:\windows\System32\printcom.dll 2008-10-23 11:26 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-10-23 11:26 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-10-23 11:26 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-10-23 11:26 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-10-23 11:26 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-10-19 20:29 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-19 20:29 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-19 20:29 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2008-10-19 20:28 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-10-19 20:28 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll 2008-10-19 20:28 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-12 21:31 --------- d-----w c:\users\Kaja\AppData\Roaming\OpenOffice.org2 2008-11-12 21:28 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-12 21:26 --------- d-----w c:\programdata\Symantec 2008-11-12 21:26 --------- d-----w c:\program files\Symantec 2008-11-12 21:14 174 --sha-w c:\program files\desktop.ini 2008-11-12 21:05 --------- d-----w c:\program files\Windows Sidebar 2008-11-12 21:05 --------- d-----w c:\program files\Windows Photo Gallery 2008-11-12 21:05 --------- d-----w c:\program files\Windows Mail 2008-11-12 21:05 --------- d-----w c:\program files\Windows Journal 2008-11-12 21:05 --------- d-----w c:\program files\Windows Collaboration 2008-11-12 21:05 --------- d-----w c:\program files\Windows Calendar 2008-11-12 21:04 --------- d-----w c:\program files\Windows Defender 2008-11-12 20:48 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-11-12 20:48 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-11-12 19:53 42,174 ----a-w c:\users\Kaja\AppData\Roaming\nvModes.dat 2008-11-12 19:35 --------- d-----w c:\programdata\Microsoft Help 2008-11-07 19:47 --------- d-----w c:\users\Kaja\AppData\Roaming\LimeWire 2008-11-03 20:50 --------- d-----w c:\users\Kaja\AppData\Roaming\Image Zone Express 2008-10-21 20:25 --------- d-----w c:\program files\Microsoft Silverlight 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-21 14:32 --------- d-----w c:\program files\Java 2008-09-16 17:57 --------- d-----w c:\program files\ElastoMania111 2008-09-15 15:03 --------- d-----w c:\programdata\Musicnotes 2008-09-15 15:03 --------- d-----w c:\program files\Musicnotes 2008-09-12 15:56 --------- d-----w c:\program files\Common Files\Logitech 2008-09-12 15:56 --------- d-----w c:\program files\Common Files\Acer 2008-09-12 15:56 --------- d-----w c:\program files\Acer . ((((((((((((((((((((((((((((( snapshot@2008-11-12_22.51.15,33 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-12 21:29:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-11-12 22:00:02 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-11-12 21:29:22 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-11-12 22:00:02 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-11-12 21:29:22 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-12 22:00:02 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-12 22:00:47 75,072 ----a-w c:\windows\System32\drivers\avipbb.sys + 2007-03-01 09:34:22 28,352 ----a-w c:\windows\System32\drivers\ssmdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-13 171448] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168] "eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-09 13312] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-09 614400] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664] "AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-20 81920] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe] c:\users\Kaja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper og Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-04-22 528384] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] Mobilt Kontor.lnk - c:\program files\Telenor\Mobilt Kontor\Mobilt Kontor.exe [2007-05-10 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{326A5CB9-6F39-4223-B147-4E096FF4342B}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{18DA683D-730B-4440-909F-13E27188EF91}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{E6407F78-50EA-448B-BED9-0614E7A1098D}"= c:\program files\Acer Arcade Deluxe\VideoMagician\MagicDirector.exe:CyberLink MagicDirector "{6FE9BA0E-60A1-4E41-96CA-68063A3E6DF3}"= c:\program files\Acer Arcade Deluxe\DV Wizard\PowerDV.exe:CyberLink PowerDV "{6FA0EFE7-E731-49BA-BB94-33BB3D7240D2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C0F7CA48-DA61-489F-844C-8F9CDB5AA33A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{380F857E-F469-47C1-A831-F34604912270}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{AA9D673D-6833-49D7-BA7F-16F02B6BAE63}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{1C428F8A-3C75-427D-98D4-62C2813725DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D5E4C605-EFAC-4C7E-8DA2-1AE8681CCF02}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C90A10FE-316E-4809-8DA0-FB6DEDCBD193}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 GtFlashSwitch;GtFlashSwitch;c:\program files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 176128] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S3 GTFFBUS;GT FF BUS;c:\windows\system32\DRIVERS\gtffbus.sys [2007-01-15 17152] S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\system32\DRIVERS\Gtm51Irp.sys [2007-01-15 122240] S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-01-15 8064] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\DRIVERS\gtuqbus.sys [2007-01-15 36992] S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{096562a7-3c9f-11dd-a51e-001b381f3c76}] \shell\AutoRun\command - F:\SETUP.EXE -autorun [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{984dfcd6-09f8-11dd-9648-001b381f3c76}] \shell\AutoRun\command - f:\.\start.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a635e3-55dd-11dd-a280-001b381f3c76}] \shell\AutoRun\command - wd_windows_tools\setup.exe *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-12 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 R0 -: HKLM-Main,Start Page = hxxp://no.intl.acer.yahoo.com R1 -: HKCU-Internet Settings,ProxyOverride = *.local R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR O8 -: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O16 -: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab c:\windows\Downloaded Program Files\CONFLICT.1\piczo_fast_uploader.inf c:\windows\System32\unicows.dll c:\windows\Downloaded Program Files\CONFLICT.1\ImageUploader4.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-12 23:50:54 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-12 23:52:35 ComboFix-quarantined-files.txt 2008-11-12 22:52:30 ComboFix2.txt 2008-11-12 21:52:12 Pre-Run: 34 702 958 592 byte ledig Post-Run: 34,665,639,936 byte ledig 215 --- E O F --- 2008-11-12 20:50:31