ComboFix 08-11-12.01 - ripper 2008-11-13 16:09:49.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1321 [GMT 1:00] Running from: c:\documents and settings\ripper\Skrivebord\Temp\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\ripper\Programdata\inst.exe c:\windows\system32\tmp33.tmp c:\windows\system32\tmp34.tmp . ((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 ))))))))))))))))))))))))))))))) . 2008-11-13 15:45 . 2008-11-13 15:45 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-13 15:45 . 2008-11-13 15:45 d-------- c:\documents and settings\ripper\Programdata\Malwarebytes 2008-11-13 15:45 . 2008-11-13 15:45 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-13 15:45 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-13 15:45 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-13 13:56 . 2008-11-13 13:56 d-------- c:\programfiler\Trend Micro 2008-11-11 12:21 . 2008-11-11 12:21 d-------- c:\documents and settings\ripper\Programdata\Comodo 2008-11-11 12:09 . 2008-11-11 12:09 d-------- c:\programfiler\COMODO 2008-11-11 12:09 . 2008-11-11 12:14 d-------- c:\documents and settings\All Users\Programdata\comodo 2008-11-11 12:09 . 2008-11-11 12:09 143,096 --a------ c:\windows\system32\guard32.dll 2008-11-11 12:09 . 2008-11-11 12:09 99,856 --a------ c:\windows\system32\drivers\cmdguard.sys 2008-11-11 12:09 . 2008-11-11 12:09 31,504 --a------ c:\windows\system32\drivers\cmdhlp.sys 2008-11-11 11:48 . 2008-11-11 11:48 d-------- c:\documents and settings\All Users\Programdata\2DBoy 2008-11-11 10:09 . 2008-11-11 10:09 d-------- c:\programfiler\Lavasoft 2008-11-11 10:00 . 2008-11-11 10:00 d-------- c:\programfiler\MSXML 6.0 2008-11-10 18:13 . 2008-11-10 20:59 d-------- c:\programfiler\Spybot - Search & Destroy 2008-11-10 18:13 . 2008-11-10 18:43 d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2008-11-07 08:53 . 2008-11-07 08:53 d-------- c:\documents and settings\ripper\Programdata\SmartFTP 2008-11-04 22:03 . 2008-11-04 22:03 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-04 22:03 . 2008-11-04 22:03 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-03 13:09 . 2008-11-03 13:35 d-------- c:\documents and settings\ripper\Programdata\MahJong Suite 2008-11-03 13:09 . 2008-11-03 13:09 d-------- c:\documents and settings\All Users\Programdata\TreeCardGames 2008-10-31 10:28 . 2008-10-31 10:28 d-------- c:\documents and settings\ripper\Programdata\OpenOffice.org 2008-10-31 10:25 . 2008-10-31 10:25 d-------- c:\programfiler\OpenOffice.org 3 2008-10-29 08:04 . 2008-10-29 08:04 d-------- c:\documents and settings\ripper\Programdata\InstallShield Installation Information 2008-10-29 08:02 . 2008-10-29 08:02 d-------- c:\programfiler\MSBuild 2008-10-29 08:00 . 2008-11-11 10:02 d-------- c:\windows\system32\XPSViewer 2008-10-29 08:00 . 2008-10-29 08:00 d-------- c:\programfiler\Reference Assemblies 2008-10-29 07:59 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-10-29 07:58 . 2008-10-29 07:58 d-------- c:\windows\system32\xlive 2008-10-26 07:08 . 2008-06-14 19:00 272,256 --------- c:\windows\system32\drivers\bthport.sys 2008-10-26 07:08 . 2008-06-14 19:00 272,256 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-10-17 14:20 . 2008-10-17 14:20 271,360 --a------ c:\windows\system32\drivers\atksgt.sys 2008-10-17 14:20 . 2008-10-17 14:20 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys 2008-10-15 18:10 . 2008-10-15 18:11 d-------- c:\programfiler\Ventrilo 2008-10-15 05:17 . 2008-10-15 05:17 d-------- c:\documents and settings\All Users\Programdata\Azureus 2008-10-15 05:16 . 2008-10-15 05:17 d-------- c:\programfiler\Vuze 2008-10-14 20:12 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll 2008-10-14 20:12 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll 2008-10-14 20:12 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll 2008-10-14 20:12 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll 2008-10-14 20:12 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll 2008-10-14 20:12 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll 2008-10-14 19:57 . 2008-10-14 19:57 d-------- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-13 15:14 --------- d-----w c:\programfiler\PeerGuardian2 2008-11-13 15:13 --------- d-----w c:\documents and settings\ripper\Programdata\Azureus 2008-11-13 10:40 --------- d-----w c:\programfiler\McAfee 2008-11-11 09:08 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-11-10 22:41 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys 2008-11-09 21:48 --------- d-----w c:\programfiler\Starry Night Pro Plus 6 2008-11-04 21:03 --------- d-----w c:\programfiler\Java 2008-11-04 20:47 --------- d-----w c:\programfiler\Opera 2008-11-04 14:19 --------- d-----w c:\documents and settings\ripper\Programdata\Canon 2008-10-26 12:29 413,696 ----a-w c:\windows\system32\wrap_oal.dll 2008-10-26 12:29 110,592 ----a-w c:\windows\system32\OpenAL32.dll 2008-10-22 20:07 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-10-15 17:11 --------- d-----w c:\programfiler\VentSrv 2008-10-14 19:39 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-10-11 18:29 --------- d-----w c:\documents and settings\All Users\Programdata\McAfee 2008-10-03 02:36 --------- d-----w c:\programfiler\Atari 2008-09-20 14:59 --------- d-----w c:\documents and settings\ripper\Programdata\Ventrilo 2008-09-16 19:27 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-08-20 05:38 658,944 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:48 2,138,112 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:48 2,017,792 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-08-05 12:10 23 ----a-w c:\documents and settings\ripper\jagex_runescape_preferences.dat 2008-03-28 18:58 47,360 ----a-w c:\documents and settings\ripper\Programdata\pcouffin.sys 2007-11-13 16:41 22,328 ----a-w c:\documents and settings\ripper\Programdata\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2004-10-13 1694208] "PeerGuardian"="c:\programfiler\PeerGuardian2\pg2.exe" [2005-09-18 1421824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\programfiler\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912] "IntelAudioStudio"="c:\programfiler\Intel Audio Studio\IntelAudioStudio.exe" [2005-12-12 8744960] "mcagent_exe"="c:\programfiler\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-09-27 282624] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-04 136600] "COMODO Internet Security"="c:\programfiler\COMODO\COMODO Internet Security\cfp.exe" [2008-11-11 1797880] "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\documents and settings\ripper\Start-meny\Programmer\Oppstart\ PopTray.lnk - c:\programfiler\PopTray\PopTray.exe [2006-09-16 1666048] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-05-30 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\programfiler\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 08:51 1836328 c:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-09-27 08:22 282624 c:\programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Spill\\Company of Heroes\\RelicCOH.exe"= "c:\\Programfiler\\DAEMON Tools Pro\\DTPro.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Spill\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"= "c:\\Programfiler\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Programfiler\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Spill\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Spill\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Spill\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "c:\\Spill\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "c:\\Spill\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "c:\\Programfiler\\Fellesfiler\\McAfee\\MNA\\McNASvc.exe"= "c:\\Spill\\Anno 1701\\Anno1701.exe"= "c:\\Spill\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Spill\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Spill\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Spill\\Sacred 2\\system\\s2gs.exe"= "c:\\Spill\\Sacred 2\\system\\sacred2.exe"= "c:\\Programfiler\\Vuze\\Azureus.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:192.168.0.104/255.255.255.255,192.168.0.142/255.255.255.255:Enabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:192.168.0.104/255.255.255.255,192.168.0.142/255.255.255.255:Enabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:192.168.0.104/255.255.255.255,192.168.0.142/255.255.255.255:Enabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:192.168.0.104/255.255.255.255,192.168.0.142/255.255.255.255:Enabled:@xpsp2res.dll,-22002 "55321:TCP"= 55321:TCP:torrentTCP "55321:UDP"= 55321:UDP:torrentUDP R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-11 99856] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-11 31504] S2 0079721226572585mcinstcleanup;McAfee Application Installer Cleanup (0079721226572585);c:\windows\TEMP\[u]0[/u]07972~1.EXE c:\progra~1\FELLES~1\McAfee\INSTAL~1\cleanup.ini [ ] S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\Drivers\STTub203.sys [ ] *Newly Created Service* - 0079721226572585MCINSTCLEANUP *Newly Created Service* - PGFILTER *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-13 c:\windows\Tasks\1-Click Maintenance.job - c:\programfiler\TuneUp Utilities 2008\OneClickStarter.exe [] 2008-01-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2008-01-15 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10] 2007-09-20 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\programfiler\Microsoft IntelliType Pro\itype.exe [2006-11-21 16:08] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.no/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-13 16:13:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\documents and settings\ripper\Programdata\Azureus\tracker.config.saving 14 bytes scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-11-13 16:15:34 ComboFix-quarantined-files.txt 2008-11-13 15:15:22 Pre-Run: 100 023 156 736 byte ledig Post-Run: 100,450,308,096 byte ledig 200