ComboFix 08-11-19.08 - Rebecca 2008-11-27 15:52:26.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.609 [GMT 1:00]
Running from: c:\documents and settings\Rebecca\Skrivebord\ComboFix.exe
Command switches used :: c:\documents and settings\Rebecca\Skrivebord\CFScript.txt
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Programdata\Book Slow Axis Web
.
((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 )))))))))))))))))))))))))))))))
.
2008-11-20 10:46 . 2008-11-20 10:46
d-------- c:\programfiler\Malwarebytes' Anti-Malware
2008-11-20 10:46 . 2008-11-20 10:46 d-------- c:\documents and settings\Rebecca\Programdata\Malwarebytes
2008-11-20 10:46 . 2008-11-20 10:46 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes
2008-11-20 10:46 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 10:46 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-18 22:04 . 2008-11-18 22:04 d-------- c:\documents and settings\All Users\Programdata\Emotum
2008-11-18 21:28 . 2008-11-18 21:57 d-------- C:\Linksys drivere
2008-11-18 21:17 . 2008-11-18 22:06 d-------- c:\documents and settings\All Users\Programdata\Telenor
2008-11-18 21:16 . 2008-11-18 21:16 d-------- c:\documents and settings\All Users\Programdata\Symantec
2008-11-18 09:56 . 2008-11-18 09:57 d-------- c:\programfiler\Winamp Remote
2008-11-18 09:56 . 2008-11-18 09:59 d-------- c:\documents and settings\All Users\Programdata\OrbNetworks
2008-11-16 13:32 . 2008-11-16 13:32 d-------- c:\programfiler\Fellesfiler\PCSuite
2008-11-16 13:32 . 2008-11-16 13:32 d-------- c:\programfiler\Fellesfiler\Nokia
2008-11-16 13:31 . 2008-11-16 13:31 d-------- c:\programfiler\PC Connectivity Solution
2008-11-16 13:31 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-16 13:31 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-16 13:31 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-16 13:31 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-11-16 13:31 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-11-16 13:31 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-11-13 19:26 . 2008-11-13 19:26 d-------- c:\documents and settings\Rebecca\Programdata\DisplayTune
2008-11-13 19:24 . 2007-02-09 12:17 62,009 --a------ c:\windows\system32\WPFB.DLL
2008-11-13 19:24 . 2007-02-09 12:17 17,465 --a------ c:\windows\system32\drivers\pivot.sys
2008-11-13 19:24 . 2006-11-16 17:20 15,920 --a------ c:\windows\system32\drivers\PdiPorts.sys
2008-11-13 19:24 . 2007-06-12 11:27 11,776 --a------ c:\windows\system32\drivers\pdiddcci.sys
2008-11-13 19:24 . 2007-02-09 12:17 11,323 --a------ c:\windows\system32\drivers\pivotmou.sys
2008-11-13 19:24 . 2004-11-22 12:07 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-11-13 19:23 . 2008-11-13 19:24 d-------- c:\programfiler\Portrait Displays
2008-11-13 19:23 . 2008-11-13 19:24 d-------- c:\programfiler\Fellesfiler\Portrait Displays
2008-11-13 03:00 . 2008-11-13 03:00 d-------- c:\programfiler\MSXML 4.0
2008-11-12 14:37 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:37 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-27 21:57 . 2008-10-27 21:57 d-------- C:\My Documents
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 18:53 --------- d-----w c:\documents and settings\All Users\Programdata\PC Suite
2008-11-23 16:02 --------- d-----w c:\programfiler\BearShare
2008-11-18 21:01 --------- d-----w c:\programfiler\Telenor
2008-11-18 20:57 265,728 ----a-w c:\windows\system32\drivers\BCMWL5.SYS
2008-11-18 08:58 --------- d-----w c:\programfiler\Winamp
2008-11-16 12:32 --------- d-----w c:\programfiler\Nokia
2008-11-16 12:29 --------- d-----w c:\documents and settings\All Users\Programdata\Installations
2008-11-13 18:24 --------- d--h--w c:\programfiler\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-02 11:31 --------- d-----w c:\programfiler\MSN Messenger
2008-10-02 11:31 --------- d-----w c:\programfiler\Messenger Plus! Live
2008-10-02 11:22 --------- d-----w c:\programfiler\Windows Live
2008-10-01 14:44 --------- d-----w c:\programfiler\Microsoft
2008-10-01 14:36 --------- d-----w c:\programfiler\Fellesfiler\Windows Live
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 13:39 --------- d-----w c:\documents and settings\Rebecca\Programdata\dvdcss
2008-09-27 13:32 --------- d-----w c:\programfiler\Windows Media Connect 2
2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-23 19:47 26,736 ----a-w c:\documents and settings\Rebecca\Programdata\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot_2008-11-20_18.31.17,70 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-20 09:37:00 525,824 ----a-w c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll
- 2006-09-28 16:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys
+ 2006-09-15 21:29:52 76,544 ------w c:\windows\system32\drivers\WudfPf.sys
- 2006-09-28 17:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys
+ 2006-09-15 21:30:10 82,688 ------w c:\windows\system32\drivers\WudfRd.sys
- 2008-11-18 22:40:25 63,664 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-27 14:51:01 63,664 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-18 22:40:25 72,294 ----a-w c:\windows\system32\perfc014.dat
+ 2008-11-27 14:51:01 72,294 ----a-w c:\windows\system32\perfc014.dat
- 2008-11-18 22:40:25 406,464 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-27 14:51:01 406,464 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-18 22:40:25 410,446 ----a-w c:\windows\system32\perfh014.dat
+ 2008-11-27 14:51:01 410,446 ----a-w c:\windows\system32\perfh014.dat
- 2006-09-28 18:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll
+ 2006-09-15 22:30:16 87,040 ------w c:\windows\system32\WUDFCoinstaller.dll
- 2006-09-28 16:56:38 146,432 ------w c:\windows\system32\WudfHost.exe
+ 2006-09-15 22:30:06 142,848 ------w c:\windows\system32\WudfHost.exe
- 2006-09-28 16:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll
+ 2006-09-15 21:29:54 163,840 ------w c:\windows\system32\WudfPlatform.dll
- 2006-09-28 16:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll
+ 2006-09-15 22:30:16 55,296 ------w c:\windows\system32\WudfSvc.dll
+ 2008-05-20 09:32:30 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll
- 2006-09-28 16:56:38 316,416 ------w c:\windows\system32\WUDFx.dll
+ 2006-09-15 22:30:16 308,224 ------w c:\windows\system32\WUDFx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MessengerPlus3"="c:\programfiler\MessengerPlus! 3\MsgPlus.exe" [2006-10-05 190024]
"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\få bort virus\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640]
"PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Orb"="c:\programfiler\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"type32"="c:\programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"NSLauncher"="c:\programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"WinampAgent"="c:\programfiler\Winamp\winampa.exe" [2008-08-04 36352]
"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696]
"PivotSoftware"="c:\programfiler\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\programfiler\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Rebecca\Start-meny\Programmer\Oppstart\
Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Mobilt bredb†nd.lnk - c:\programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2008-02-11 876544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\få bort virus\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 c:\få bort virus\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\MSN Messenger\\livecall.exe"=
"c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"=
R1 Pivot;Pivot;c:\windows\system32\drivers\pivot.sys [2008-11-13 17465]
R2 GtDetectSc;GtDetectSc;"c:\programfiler\Telenor\Mobilt bredbånd\GtDetectSc.exe" [2007-12-18 196704]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264]
S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;\??\c:\windows\system32\drivers\pivotmou.sys [2008-11-13 11323]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-04-27 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-04-27 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-04-27 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-04-27 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2007-04-27 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-04-27 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-04-27 90800]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fe2d862-9315-11dd-8d85-00173155e7be}]
\Shell\AutoRun\command - E:\setup.exe AUTORUN=1
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12983f6-5478-11db-8c0a-806d6172696f}]
\Shell\AutoRun\command - E:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 15:55:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-27 15:56:51
ComboFix-quarantined-files.txt 2008-11-27 14:55:58
ComboFix2.txt 2008-11-20 17:32:27
ComboFix3.txt 2008-05-27 21:50:49
ComboFix4.txt 2008-05-27 21:30:45
ComboFix5.txt 2008-11-27 14:52:03
Pre-Run: 181 891 661 824 byte ledig
Post-Run: 181,974,163,456 byte ledig
193 --- E O F --- 2008-11-13 02:01:48