ComboFix 08-11-23.02 - Tommy Tommy 2008-11-24 19:14:14.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1361 [GMT 1:00] Running from: e:\documents and settings\Tommy Tommy\Skrivebord\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . e:\windows\system32\mpg4c32.dll . ((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))))) . 2008-11-24 17:46 . 2008-11-24 17:46 d-------- e:\programfiler\Malwarebytes' Anti-Malware 2008-11-24 17:46 . 2008-11-24 17:46 d-------- e:\documents and settings\Tommy Tommy\Programdata\Malwarebytes 2008-11-24 17:46 . 2008-11-24 17:46 d-------- e:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-24 17:46 . 2008-10-22 16:10 38,496 --a------ e:\windows\system32\drivers\mbamswissarmy.sys 2008-11-24 17:46 . 2008-10-22 16:10 15,504 --a------ e:\windows\system32\drivers\mbam.sys 2008-11-24 16:22 . 2008-11-24 19:10 dr-h----- e:\documents and settings\Tommy Tommy\Siste 2008-11-24 16:20 . 2008-11-24 16:20 d-------- e:\programfiler\Trend Micro 2008-11-16 16:17 . 2008-11-16 21:58 d-------- e:\programfiler\NOS 2008-11-16 16:17 . 2008-11-16 21:58 d-------- e:\documents and settings\All Users\Programdata\NOS 2008-11-15 12:02 . 2008-11-15 12:02 268 --ah----- E:\sqmdata03.sqm 2008-11-15 12:02 . 2008-11-15 12:02 244 --ah----- E:\sqmnoopt03.sqm 2008-11-14 23:36 . 2008-11-19 17:30 d-------- e:\programfiler\SpeedFan 2008-11-14 22:43 . 2008-11-14 22:43 244 --ah----- E:\sqmnoopt02.sqm 2008-11-14 22:43 . 2008-11-14 22:43 232 --ah----- E:\sqmdata02.sqm 2008-11-12 22:31 . 1997-11-19 15:49 303,616 --a------ e:\windows\IsUninst.exe 2008-11-12 21:03 . 2008-11-12 21:03 d-------- e:\programfiler\ZoneAlarmSB 2008-11-12 21:02 . 2008-11-12 21:02 d-------- e:\documents and settings\All Users\Programdata\MailFrontier 2008-11-12 21:02 . 2008-11-12 21:03 4,212 ---h----- e:\windows\system32\zllictbl.dat 2008-11-12 21:01 . 2004-04-27 04:40 11,264 --a------ e:\windows\system32\SpOrder.dll 2008-11-12 21:00 . 2008-11-12 21:08 d-------- e:\windows\Internet Logs 2008-11-12 19:12 . 2008-11-12 19:12 d-------- e:\programfiler\Avira 2008-11-12 19:12 . 2008-11-12 19:12 d-------- e:\documents and settings\All Users\Programdata\Avira 2008-11-12 15:25 . 2008-10-24 12:10 453,632 -----c--- e:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 08:08 . 2008-11-10 08:08 d-------- e:\programfiler\MSXML 6.0 2008-11-09 22:17 . 2008-11-09 22:17 d-------- e:\documents and settings\Tommy Tommy\Programdata\Publish Providers 2008-11-09 22:16 . 2008-11-09 22:16 d-------- e:\documents and settings\Tommy Tommy\Programdata\Sony 2008-11-09 22:03 . 2008-11-09 22:03 d-------- e:\programfiler\MSBuild 2008-11-09 22:00 . 2008-11-09 22:00 d-------- e:\windows\system32\XPSViewer 2008-11-09 22:00 . 2008-11-09 22:00 d-------- e:\programfiler\Reference Assemblies 2008-11-09 21:59 . 2006-06-29 13:07 14,048 --------- e:\windows\system32\spmsg2.dll 2008-11-09 21:55 . 2008-11-09 21:55 d-------- e:\programfiler\Sony Setup 2008-11-09 21:55 . 2008-11-09 21:55 d-------- e:\documents and settings\Tommy Tommy\Programdata\Sony Setup 2008-11-07 19:21 . 2008-11-07 19:21 d-------- e:\windows\system32\windows media 2008-11-07 19:21 . 2008-11-07 19:21 d--h----- e:\windows\msdownld.tmp 2008-11-07 19:21 . 2008-11-07 19:21 d-------- e:\programfiler\Windows Media Components 2008-11-07 07:52 . 2008-11-20 18:46 d-------- e:\programfiler\Spyware Doctor 2008-11-07 07:52 . 2008-11-07 07:52 d-------- e:\documents and settings\Tommy Tommy\Programdata\PC Tools 2008-11-07 07:52 . 2008-08-25 12:36 81,288 --a------ e:\windows\system32\drivers\iksyssec.sys 2008-11-07 07:52 . 2008-08-25 12:36 66,952 --a------ e:\windows\system32\drivers\iksysflt.sys 2008-11-07 07:52 . 2008-08-25 12:36 40,840 --a------ e:\windows\system32\drivers\ikfilesec.sys 2008-11-07 07:52 . 2008-06-02 16:19 29,576 --a------ e:\windows\system32\drivers\kcom.sys 2008-11-07 07:41 . 2008-11-07 07:41 d-------- e:\programfiler\OJOsoft 2008-11-07 07:39 . 2008-11-07 07:43 d-------- e:\programfiler\XVideoConverter 2008-11-07 07:33 . 2008-11-07 07:33 d-------- e:\documents and settings\Tommy Tommy\Programdata\AVS4YOU 2008-11-07 07:33 . 2008-11-07 07:33 d-------- e:\documents and settings\All Users\Programdata\AVS4YOU 2008-11-07 07:31 . 2008-11-07 07:43 d-------- e:\programfiler\Fellesfiler\AVSMedia 2008-11-07 07:31 . 2008-11-07 07:45 d-------- e:\programfiler\AVS4YOU 2008-11-07 07:31 . 2007-10-15 10:35 1,700,352 --a------ e:\windows\system32\GdiPlus.dll 2008-11-07 07:31 . 2007-10-15 10:35 974,848 --a------ e:\windows\system32\mfc70.dll 2008-11-07 07:31 . 2007-10-15 10:35 638,976 --a------ e:\windows\system32\divx.dll 2008-11-07 07:31 . 2007-10-15 10:35 487,424 --a------ e:\windows\system32\msvcp70.dll 2008-11-07 07:31 . 2007-10-15 10:35 344,064 --a------ e:\windows\system32\msvcr70.dll 2008-11-07 07:31 . 2007-10-15 10:35 261,632 --a------ e:\windows\system32\mcdvd_32.dll 2008-11-07 07:31 . 2007-10-15 10:35 221,215 --a------ e:\windows\system32\divxdec.ax 2008-11-07 07:31 . 2007-10-15 10:35 156,910 --a------ e:\windows\WMSysPr8.prx 2008-11-07 07:31 . 2007-10-15 10:35 82,944 --a------ e:\windows\system32\vct3216.acm 2008-11-07 07:31 . 2007-10-15 10:35 81,920 --a------ e:\windows\system32\AC3ACM.acm 2008-11-07 07:31 . 2007-10-15 10:35 38,912 --a------ e:\windows\system32\alf2cd.acm 2008-11-07 07:31 . 2007-10-15 10:35 13,239 --a------ e:\windows\system32\Scg726.acm 2008-11-06 22:53 . 2008-11-06 22:53 d-------- e:\programfiler\VersalSoft 2008-11-06 22:53 . 2008-11-06 22:55 d-------- E:\Program Files 2008-11-03 20:11 . 2008-10-27 18:37 192,307 --a------ E:\wubildr 2008-11-03 20:11 . 2008-10-27 18:37 8,192 --a------ E:\wubildr.mbr 2008-11-03 20:02 . 2008-11-03 20:02 d-------- E:\ubuntu 2008-11-03 19:16 . 2008-11-03 19:17 d-------- E:\ubuntu-backup 2008-11-02 01:51 . 2008-11-02 13:07 d-------- e:\programfiler\DC++ 2008-11-02 00:22 . 2008-11-02 00:22 d-------- e:\programfiler\Western Digital Technologies 2008-11-02 00:15 . 2008-11-02 00:15 d-------- e:\programfiler\Seagate 2008-11-02 00:14 . 2008-11-02 00:14 d-------- e:\programfiler\Fellesfiler\Wise Installation Wizard 2008-11-01 15:43 . 2008-11-14 23:36 45 --a------ e:\windows\system32\initdebug.nfo 2008-11-01 14:32 . 2008-11-07 23:19 d-------- e:\programfiler\Samurize 2008-10-31 21:44 . 2008-10-31 21:44 268 --ah----- E:\sqmdata01.sqm 2008-10-31 21:44 . 2008-10-31 21:44 244 --ah----- E:\sqmnoopt01.sqm 2008-10-31 20:57 . 2008-10-31 20:57 d-------- e:\programfiler\EA GAMES 2008-10-31 20:14 . 2008-10-31 20:14 268 --ah----- E:\sqmdata00.sqm 2008-10-31 20:14 . 2008-10-31 20:14 244 --ah----- E:\sqmnoopt00.sqm 2008-10-31 19:30 . 2008-10-31 19:30 d-------- e:\programfiler\VstPlugins 2008-10-31 19:30 . 2008-10-31 19:30 d-------- e:\programfiler\ASIO4ALL v2 2008-10-31 19:30 . 2006-06-20 09:56 225,280 --a------ e:\windows\system32\rewire.dll 2008-10-31 19:29 . 2008-10-31 19:29 d-------- e:\programfiler\Outsim 2008-10-31 19:29 . 2002-07-07 23:14 1,294,336 --a------ e:\windows\system32\vorbis.acm 2008-10-31 19:28 . 2008-10-31 19:30 d-------- e:\programfiler\Image-Line 2008-10-30 16:31 . 2008-11-01 12:22 d-------- e:\programfiler\Valve 2008-10-30 13:38 . 2008-10-30 13:38 d-------- e:\documents and settings\All Users\Programdata\ATI 2008-10-30 13:35 . 2008-10-30 15:09 d-------- e:\programfiler\ATI 2008-10-30 13:15 . 2008-09-23 21:05 593,920 --------- e:\windows\system32\ati2sgag.exe 2008-10-30 13:04 . 2008-03-10 02:37 3,107,788 -ra------ e:\windows\system32\ativvaxx.dat 2008-10-30 13:04 . 2008-03-10 02:37 3,107,788 -ra------ e:\windows\system32\ativva5x.dat 2008-10-30 13:04 . 2008-03-10 02:37 887,724 -ra------ e:\windows\system32\ativva6x.dat 2008-10-30 13:04 . 2008-09-24 03:18 425,984 --a------ e:\windows\system32\ATIDEMGX.dll 2008-10-30 13:04 . 2008-09-24 02:56 307,200 --a------ e:\windows\system32\atiiiexx.dll 2008-10-30 13:04 . 2008-09-17 20:17 176,918 --a------ e:\windows\system32\atiicdxx.dat 2008-10-30 13:04 . 2007-08-31 14:20 7,167 -ra------ e:\windows\system32\atifglpf.xml 2008-10-30 12:36 . 2008-07-31 15:36 14,696 --a------ e:\windows\atiogl.xml 2008-10-30 12:19 . 2008-10-30 12:57 10 --a------ e:\windows\WININIT.INI 2008-10-30 12:12 . 2008-03-12 22:17 372,736 -ra------ e:\windows\system32\SET6B.tmp 2008-10-28 19:33 . 2008-11-20 18:47 d-a------ e:\documents and settings\All Users\Programdata\TEMP 2008-10-27 21:27 . 2008-10-27 21:27 dr-h----- e:\documents and settings\Tommy Tommy\Programdata\SecuROM 2008-10-27 21:23 . 2008-10-27 21:27 107,888 --a------ e:\windows\system32\CmdLineExt.dll 2008-10-27 21:19 . 2008-10-28 17:26 682,280 --a------ e:\windows\system32\pbsvc.exe 2008-10-27 21:19 . 2008-10-27 21:19 22,328 --a------ e:\documents and settings\Tommy Tommy\Programdata\PnkBstrK.sys 2008-10-27 21:17 . 2008-10-27 21:17 d-------- e:\programfiler\Ubisoft 2008-10-26 19:31 . 2004-08-04 01:03 159,232 --a------ e:\windows\system32\ptpusd.dll 2008-10-26 19:31 . 2004-08-03 22:58 15,104 --a------ e:\windows\system32\drivers\usbscan.sys 2008-10-26 19:31 . 2004-08-03 22:58 15,104 --a--c--- e:\windows\system32\dllcache\usbscan.sys 2008-10-26 19:31 . 2001-10-06 14:02 5,632 --a------ e:\windows\system32\ptpusb.dll 2008-10-26 18:33 . 2008-10-26 18:33 d-------- E:\ATI 2008-10-25 23:27 . 2008-10-25 23:27 d-------- e:\documents and settings\Tommy Tommy\WINDOWS 2008-10-25 16:44 . 2008-10-25 16:44 d-------- e:\programfiler\Browser Mouse 2008-10-25 16:44 . 2000-05-10 06:29 6,205 --a------ e:\windows\system32\LWBHMVXD.VXD 2008-10-25 11:22 . 2008-10-25 11:27 d-------- e:\windows\system32\CatRoot_bak 2008-10-24 18:36 . 2008-10-24 18:36 36,103 --a------ e:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2008-10-24 18:36 . 2008-10-24 18:36 33,846 --a------ e:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp 2008-10-24 15:52 . 2008-10-24 15:52 d-------- e:\programfiler\GoldWave 2008-10-24 15:34 . 2008-10-24 15:34 d-------- e:\programfiler\Illustrate 2008-10-24 15:34 . 2008-10-24 18:36 131,072 --a------ e:\windows\system32\SpoonUninstall.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 18:14 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\uTorrent 2008-11-24 17:33 --------- d-----w e:\programfiler\Steam 2008-11-19 17:34 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\FrostWire 2008-11-19 15:39 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\dvdcss 2008-11-16 16:44 --------- d-----w e:\programfiler\Clue 2008-11-16 15:18 --------- d-----w e:\programfiler\Fellesfiler\Adobe 2008-11-09 21:01 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\Creative 2008-11-07 16:08 --------- d-----w e:\programfiler\Fellesfiler\Apple 2008-11-07 06:43 --------- d-----w e:\programfiler\AviSynth 2.5 2008-10-31 19:56 --------- d--h--w e:\programfiler\InstallShield Installation Information 2008-10-30 12:34 --------- d-----w e:\programfiler\ATI Technologies 2008-10-26 16:50 --------- d-----w e:\programfiler\SystemRequirementsLab 2008-10-24 18:05 --------- d-----w e:\programfiler\Yahoo! 2008-10-24 17:04 --------- d-----w e:\documents and settings\All Users\Programdata\Apple Computer 2008-10-24 11:10 453,632 ----a-w e:\windows\system32\drivers\mrxsmb.sys 2008-10-22 12:11 --------- d-----w e:\programfiler\Lavalys 2008-10-22 05:50 --------- d-----w e:\documents and settings\All Users\Programdata\Adobe Systems 2008-10-22 05:47 20,016 ------w e:\windows\system32\drivers\pxhelp20.sys 2008-10-21 15:51 --------- d--h--w e:\programfiler\Creative Installation Information 2008-10-21 15:51 --------- d-----w e:\programfiler\Creative 2008-10-21 15:51 --------- d-----w e:\documents and settings\All Users\Programdata\Creative 2008-10-21 15:21 --------- d-----w e:\programfiler\Fellesfiler\Creative 2008-10-21 15:05 --------- d-----w e:\programfiler\Rockstar Games 2008-10-19 17:34 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\Apple Computer 2008-10-19 17:32 --------- d-----w e:\programfiler\QuickTime 2008-10-19 17:32 --------- d-----w e:\programfiler\Bonjour 2008-10-19 17:31 --------- d-----w e:\documents and settings\All Users\Programdata\Apple 2008-10-19 12:04 --------- d-----w e:\programfiler\Fellesfiler\Nero 2008-10-19 12:04 --------- d-----w e:\documents and settings\All Users\Programdata\Nero 2008-10-19 10:38 --------- d-----w e:\programfiler\Microsoft.NET 2008-10-19 10:05 --------- d-----w e:\programfiler\Fellesfiler\Macrovision Shared 2008-10-19 10:00 --------- d-----w e:\programfiler\MagicISO 2008-10-18 21:58 --------- d-----w e:\programfiler\Windows Media Connect 2 2008-10-18 12:46 --------- d-----w e:\programfiler\MSXML 4.0 2008-10-18 10:10 --------- d-----w e:\programfiler\Fellesfiler\Adobe Systems Shared 2008-10-18 09:43 34,308 ----a-w e:\windows\system32\Chip.dll 2008-10-18 09:43 --------- d-----w e:\programfiler\MagicDVDRipper 2008-10-17 21:20 --------- d-----w e:\programfiler\FrostWire 2008-10-17 21:19 --------- d-----w e:\programfiler\Sun 2008-10-17 21:18 --------- d-----w e:\programfiler\Java 2008-10-17 21:11 --------- d-----w e:\programfiler\AskSBar 2008-10-17 21:03 --------- d-----w e:\programfiler\Fellesfiler\Java 2008-10-17 17:37 --------- d-----w e:\programfiler\Fellesfiler\Thraex Software 2008-10-17 16:20 --------- d-----w e:\programfiler\DAEMON Tools Lite 2008-10-17 16:18 --------- d-----w e:\programfiler\DAEMON Tools Toolbar 2008-10-17 16:15 717,296 ----a-w e:\windows\system32\drivers\sptd.sys 2008-10-17 16:15 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\DAEMON Tools 2008-10-17 16:07 --------- d-----w e:\programfiler\Opera 2008-10-17 15:57 218,624 ----a-w e:\windows\system32\uxtheme.dll 2008-10-17 15:38 --------- d-----w e:\documents and settings\All Users\Programdata\LightScribe 2008-10-17 15:37 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\Nero 2008-10-17 15:36 --------- d-----w e:\programfiler\CCleaner 2008-10-17 15:36 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\vlc 2008-10-17 15:35 --------- d-----w e:\programfiler\VideoLAN 2008-10-17 15:35 --------- d-----w e:\programfiler\NeroInstall.bak 2008-10-17 15:34 --------- d-----w e:\programfiler\uTorrent 2008-10-17 15:32 --------- d-----w e:\programfiler\Nero 2008-10-17 14:57 --------- d-----w e:\programfiler\Kaspersky Lab 2008-10-17 14:52 --------- d-----w e:\documents and settings\All Users\Programdata\Kaspersky Lab Setup Files 2008-10-17 14:49 --------- d-----w e:\programfiler\MSN Messenger 2008-10-17 14:39 315,392 ----a-w e:\windows\HideWin.exe 2008-10-17 14:39 --------- d-----w e:\programfiler\Realtek 2008-10-17 14:38 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\ATI 2008-10-17 14:33 --------- d-----w e:\programfiler\AMD 2008-10-17 14:32 --------- d-----w e:\programfiler\Fellesfiler\InstallShield 2008-10-17 14:32 --------- d-----w e:\programfiler\Fellesfiler\ATI Technologies 2008-10-17 14:30 --------- d-----w e:\documents and settings\Tommy Tommy\Programdata\InstallShield 2008-10-17 13:37 --------- d-----w e:\programfiler\microsoft frontpage 2008-10-17 13:36 --------- d-----w e:\programfiler\Fellesfiler\Tjenester 2008-10-17 13:36 --------- d-----w e:\programfiler\Elektroniske tjenester 2008-10-16 13:13 202,776 ----a-w e:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w e:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w e:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w e:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w e:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w e:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w e:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w e:\windows\system32\wups.dll 2008-10-02 23:46 81,920 ----a-w e:\windows\system32\frapsvid.dll 2008-09-30 15:43 1,286,152 ----a-w e:\windows\system32\msxml4.dll 2008-09-24 03:09 3,331,072 ----a-w e:\windows\system32\drivers\ati2mtag.sys 2008-09-24 02:17 311,296 ----a-w e:\windows\system32\ati2dvag.dll 2008-09-24 02:09 10,772,480 ----a-w e:\windows\system32\atioglxx.dll 2008-09-24 02:07 188,416 ----a-w e:\windows\system32\atipdlxx.dll 2008-09-24 02:06 43,520 ----a-w e:\windows\system32\ati2edxx.dll 2008-09-24 02:06 26,112 ----a-w e:\windows\system32\Ati2mdxx.exe 2008-09-24 02:06 143,360 ----a-w e:\windows\system32\Oemdspif.dll 2008-09-24 02:06 143,360 ----a-w e:\windows\system32\ati2evxx.dll 2008-09-24 02:04 581,632 ----a-w e:\windows\system32\ati2evxx.exe 2008-09-24 02:03 53,248 ----a-w e:\windows\system32\ATIDDC.DLL 2008-09-24 01:54 4,008,864 ----a-w e:\windows\system32\ati3duag.dll 2008-09-24 01:38 2,399,744 ----a-w e:\windows\system32\ativvaxx.dll 2008-09-24 01:24 48,640 ----a-w e:\windows\system32\amdpcom32.dll 2008-09-24 01:20 380,928 ----a-w e:\windows\system32\atikvmag.dll 2008-09-24 01:19 39,424 ----a-w e:\windows\system32\atiadlxx.dll 2008-09-24 01:18 53,248 ----a-w e:\windows\system32\drivers\ati2erec.dll 2008-09-24 01:18 253,952 ----a-w e:\windows\system32\atiok3x2.dll 2008-09-24 01:18 17,408 ----a-w e:\windows\system32\atitvo32.dll 2008-09-24 01:12 573,440 ----a-w e:\windows\system32\ati2cqag.dll 2008-09-15 15:42 1,846,016 ----a-w e:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "e:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-17 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-10-17 22:11 66912 --a------ e:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Steam"="e:\programfiler\Steam\Steam.exe" [2008-10-17 1410296] "MsnMsgr"="e:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "DAEMON Tools Lite"="e:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "CTSyncU.exe"="e:\programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="e:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QuickTime Task"="e:\programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "CTCheck"="e:\programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "LWBMOUSE"="e:\programfiler\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 356352] "StartCCC"="e:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "ATICustomerCare"="e:\programfiler\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200] "avgnt"="e:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="e:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Malwarebytes Anti-Malware (reboot)"="e:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 e:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2004-08-04 15360] e:\documents and settings\Tommy Tommy\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - e:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Client Default.lnk - e:\programfiler\Samurize\Client.exe [2007-04-07 2010624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "e:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "e:\\Programfiler\\MSN Messenger\\livecall.exe"= "e:\\Programfiler\\uTorrent\\uTorrent.exe"= "e:\\Programfiler\\Steam\\steamapps\\nfkurple\\counter-strike source\\hl2.exe"= "e:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "e:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "e:\\Programfiler\\Valve\\hl.exe"= "e:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "e:\\Documents and Settings\\Tommy Tommy\\Mine dokumenter\\Instalasjon filer\\Flatout 2\\installert\\FlatOut2.exe"= "e:\\Programfiler\\DC++\\DCPlusPlus.exe"= "e:\\Programfiler\\Steam\\Steam.exe"= "e:\\Programfiler\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= R3 MBAMSwissArmy;MBAMSwissArmy;\??\e:\windows\system32\drivers\mbamswissarmy.sys [2008-11-24 38496] *Newly Created Service* - MBAMSWISSARMY *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - e:\programfiler\Fellesfiler\Nero\Lib\NMIndexStoreSvr.exe HKCU-Run-LightScribe Control Panel - e:\programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe HKLM-Run-NBKeyScan - e:\programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe . ------- Supplementary Scan ------- . FireFox -: Profile - e:\documents and settings\Tommy Tommy\Programdata\Mozilla\Firefox\Profiles\c2t26m88.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - nettavisen.no FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - e:\programfiler\Mozilla Firefox\plugins\NPAskSBr.dll FF -: plugin - e:\programfiler\Opera\program\plugins\np_gp.dll FF -: plugin - e:\programfiler\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-24 19:16:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) e:\windows\system32\Ati2evxx.dll e:\windows\system32\rsaenh.dll - - - - - - - > 'lsass.exe'(788) e:\windows\system32\msprivs.dll e:\windows\system32\rsaenh.dll . Completion time: 2008-11-24 19:17:13 ComboFix-quarantined-files.txt 2008-11-24 18:17:03 Pre-Run: 109 396 946 944 byte ledig Post-Run: 109,382,684,672 byte ledig 324 --- E O F --- 2008-11-13 11:54:12