ComboFix 08-11-19.08 - Rebecca 2008-11-27 15:52:26.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.609 [GMT 1:00] Running from: c:\documents and settings\Rebecca\Skrivebord\ComboFix.exe Command switches used :: c:\documents and settings\Rebecca\Skrivebord\CFScript.txt * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Book Slow Axis Web . ((((((((((((((((((((((((( Files Created from 2008-10-27 to 2008-11-27 ))))))))))))))))))))))))))))))) . 2008-11-20 10:46 . 2008-11-20 10:46 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-20 10:46 . 2008-11-20 10:46 d-------- c:\documents and settings\Rebecca\Programdata\Malwarebytes 2008-11-20 10:46 . 2008-11-20 10:46 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-20 10:46 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-20 10:46 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-18 22:04 . 2008-11-18 22:04 d-------- c:\documents and settings\All Users\Programdata\Emotum 2008-11-18 21:28 . 2008-11-18 21:57 d-------- C:\Linksys drivere 2008-11-18 21:17 . 2008-11-18 22:06 d-------- c:\documents and settings\All Users\Programdata\Telenor 2008-11-18 21:16 . 2008-11-18 21:16 d-------- c:\documents and settings\All Users\Programdata\Symantec 2008-11-18 09:56 . 2008-11-18 09:57 d-------- c:\programfiler\Winamp Remote 2008-11-18 09:56 . 2008-11-18 09:59 d-------- c:\documents and settings\All Users\Programdata\OrbNetworks 2008-11-16 13:32 . 2008-11-16 13:32 d-------- c:\programfiler\Fellesfiler\PCSuite 2008-11-16 13:32 . 2008-11-16 13:32 d-------- c:\programfiler\Fellesfiler\Nokia 2008-11-16 13:31 . 2008-11-16 13:31 d-------- c:\programfiler\PC Connectivity Solution 2008-11-16 13:31 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll 2008-11-16 13:31 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2008-11-16 13:31 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2008-11-16 13:31 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys 2008-11-16 13:31 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2008-11-16 13:31 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2008-11-13 19:26 . 2008-11-13 19:26 d-------- c:\documents and settings\Rebecca\Programdata\DisplayTune 2008-11-13 19:24 . 2007-02-09 12:17 62,009 --a------ c:\windows\system32\WPFB.DLL 2008-11-13 19:24 . 2007-02-09 12:17 17,465 --a------ c:\windows\system32\drivers\pivot.sys 2008-11-13 19:24 . 2006-11-16 17:20 15,920 --a------ c:\windows\system32\drivers\PdiPorts.sys 2008-11-13 19:24 . 2007-06-12 11:27 11,776 --a------ c:\windows\system32\drivers\pdiddcci.sys 2008-11-13 19:24 . 2007-02-09 12:17 11,323 --a------ c:\windows\system32\drivers\pivotmou.sys 2008-11-13 19:24 . 2004-11-22 12:07 2,304 --a------ c:\windows\system32\Machnm32.sys 2008-11-13 19:23 . 2008-11-13 19:24 d-------- c:\programfiler\Portrait Displays 2008-11-13 19:23 . 2008-11-13 19:24 d-------- c:\programfiler\Fellesfiler\Portrait Displays 2008-11-13 03:00 . 2008-11-13 03:00 d-------- c:\programfiler\MSXML 4.0 2008-11-12 14:37 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 14:37 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-10-27 21:57 . 2008-10-27 21:57 d-------- C:\My Documents . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 18:53 --------- d-----w c:\documents and settings\All Users\Programdata\PC Suite 2008-11-23 16:02 --------- d-----w c:\programfiler\BearShare 2008-11-18 21:01 --------- d-----w c:\programfiler\Telenor 2008-11-18 20:57 265,728 ----a-w c:\windows\system32\drivers\BCMWL5.SYS 2008-11-18 08:58 --------- d-----w c:\programfiler\Winamp 2008-11-16 12:32 --------- d-----w c:\programfiler\Nokia 2008-11-16 12:29 --------- d-----w c:\documents and settings\All Users\Programdata\Installations 2008-11-13 18:24 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-02 11:31 --------- d-----w c:\programfiler\MSN Messenger 2008-10-02 11:31 --------- d-----w c:\programfiler\Messenger Plus! Live 2008-10-02 11:22 --------- d-----w c:\programfiler\Windows Live 2008-10-01 14:44 --------- d-----w c:\programfiler\Microsoft 2008-10-01 14:36 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-27 13:39 --------- d-----w c:\documents and settings\Rebecca\Programdata\dvdcss 2008-09-27 13:32 --------- d-----w c:\programfiler\Windows Media Connect 2 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-23 19:47 26,736 ----a-w c:\documents and settings\Rebecca\Programdata\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot_2008-11-20_18.31.17,70 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-20 09:37:00 525,824 ----a-w c:\windows\system32\drivers\UMDF\PCCSWpdDriver.dll - 2006-09-28 16:55:50 77,568 ------w c:\windows\system32\drivers\WudfPf.sys + 2006-09-15 21:29:52 76,544 ------w c:\windows\system32\drivers\WudfPf.sys - 2006-09-28 17:00:34 82,944 ------w c:\windows\system32\drivers\WudfRd.sys + 2006-09-15 21:30:10 82,688 ------w c:\windows\system32\drivers\WudfRd.sys - 2008-11-18 22:40:25 63,664 ----a-w c:\windows\system32\perfc009.dat + 2008-11-27 14:51:01 63,664 ----a-w c:\windows\system32\perfc009.dat - 2008-11-18 22:40:25 72,294 ----a-w c:\windows\system32\perfc014.dat + 2008-11-27 14:51:01 72,294 ----a-w c:\windows\system32\perfc014.dat - 2008-11-18 22:40:25 406,464 ----a-w c:\windows\system32\perfh009.dat + 2008-11-27 14:51:01 406,464 ----a-w c:\windows\system32\perfh009.dat - 2008-11-18 22:40:25 410,446 ----a-w c:\windows\system32\perfh014.dat + 2008-11-27 14:51:01 410,446 ----a-w c:\windows\system32\perfh014.dat - 2006-09-28 18:13:26 95,344 ------w c:\windows\system32\WUDFCoinstaller.dll + 2006-09-15 22:30:16 87,040 ------w c:\windows\system32\WUDFCoinstaller.dll - 2006-09-28 16:56:38 146,432 ------w c:\windows\system32\WudfHost.exe + 2006-09-15 22:30:06 142,848 ------w c:\windows\system32\WudfHost.exe - 2006-09-28 16:56:16 165,376 ------w c:\windows\system32\WudfPlatform.dll + 2006-09-15 21:29:54 163,840 ------w c:\windows\system32\WudfPlatform.dll - 2006-09-28 16:56:14 55,808 ------w c:\windows\system32\WudfSvc.dll + 2006-09-15 22:30:16 55,296 ------w c:\windows\system32\WudfSvc.dll + 2008-05-20 09:32:30 831,048 ----a-w c:\windows\system32\WudfUpdate_01005.dll - 2006-09-28 16:56:38 316,416 ------w c:\windows\system32\WUDFx.dll + 2006-09-15 22:30:16 308,224 ------w c:\windows\system32\WUDFx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MessengerPlus3"="c:\programfiler\MessengerPlus! 3\MsgPlus.exe" [2006-10-05 190024] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "SUPERAntiSpyware"="c:\få bort virus\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 1510640] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] "Orb"="c:\programfiler\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] "msnmsgr"="c:\programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "type32"="c:\programfiler\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "IntelliPoint"="c:\programfiler\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "NSLauncher"="c:\programfiler\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312] "WinampAgent"="c:\programfiler\Winamp\winampa.exe" [2008-08-04 36352] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "PivotSoftware"="c:\programfiler\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008] "DT HPW"="c:\programfiler\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528] "Telenorhjelpen"="c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-08-11 c:\windows\system32\nvmctray.dll] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Rebecca\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] Mobilt bredb†nd.lnk - c:\programfiler\Telenor\Mobilt bredb†nd\Mobilt bredb†nd.exe [2008-02-11 876544] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\få bort virus\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 c:\få bort virus\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\Orb.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Programfiler\\Winamp Remote\\bin\\OrbStreamerClient.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= R1 Pivot;Pivot;c:\windows\system32\drivers\pivot.sys [2008-11-13 17465] R2 GtDetectSc;GtDetectSc;"c:\programfiler\Telenor\Mobilt bredbånd\GtDetectSc.exe" [2007-12-18 196704] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 106112] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-10-09 59264] S3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2007-03-30 8064] S3 pivotmou;Pivot Mouse/Pointers Filter Driver;\??\c:\windows\system32\drivers\pivotmou.sys [2008-11-13 11323] S3 se44bus;Sony Ericsson Device 068 driver (WDM);c:\windows\system32\DRIVERS\se44bus.sys [2007-04-27 61536] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se44mdfl.sys [2007-04-27 9360] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se44mdm.sys [2007-04-27 97088] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se44mgmt.sys [2007-04-27 88624] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);c:\windows\system32\DRIVERS\se44nd5.sys [2007-04-27 18704] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se44obex.sys [2007-04-27 86432] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);c:\windows\system32\DRIVERS\se44unic.sys [2007-04-27 90800] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fe2d862-9315-11dd-8d85-00173155e7be}] \Shell\AutoRun\command - E:\setup.exe AUTORUN=1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12983f6-5478-11db-8c0a-806d6172696f}] \Shell\AutoRun\command - E:\Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder 2008-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-27 15:55:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-27 15:56:51 ComboFix-quarantined-files.txt 2008-11-27 14:55:58 ComboFix2.txt 2008-11-20 17:32:27 ComboFix3.txt 2008-05-27 21:50:49 ComboFix4.txt 2008-05-27 21:30:45 ComboFix5.txt 2008-11-27 14:52:03 Pre-Run: 181 891 661 824 byte ledig Post-Run: 181,974,163,456 byte ledig 193 --- E O F --- 2008-11-13 02:01:48