ComboFix 08-08-24.03 - admin 2008-08-25 21:28:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.218 [GMT 2:00] Running from: C:\Documents and Settings\admin\Skrivebord\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\admin\Cookies\admin@2o7[1].txt C:\Documents and Settings\admin\Cookies\admin@ad.yieldmanager[1].txt C:\Documents and Settings\admin\Cookies\admin@ads.pointroll[1].txt C:\Documents and Settings\admin\Cookies\admin@ehg-dig.hitbox[1].txt C:\Documents and Settings\admin\Cookies\admin@serving-sys[3].txt C:\Documents and Settings\admin\Cookies\admin@tradedoubler[3].txt C:\Documents and Settings\admin\Cookies\admin@www.nettkatalogen[1].txt C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))) . 2008-08-25 21:15 . 2008-08-25 21:15 d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-25 21:15 . 2008-08-25 21:15 d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-25 21:15 . 2008-08-25 21:15 d-------- C:\Documents and Settings\admin\Programdata\Malwarebytes 2008-08-25 21:15 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-25 21:15 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-24 22:55 . 2008-08-24 22:55 d-------- C:\VundoFix Backups 2008-08-21 22:38 . 2008-08-21 22:38 d-------- C:\Programfiler\Enigma Software Group 2008-08-21 20:12 . 2007-11-14 15:16 dr------- C:\Documents and Settings\Amund\Start-meny 2008-08-21 20:12 . 2007-11-14 15:16 d--h----- C:\Documents and Settings\Amund\Skrivere 2008-08-21 20:12 . 2008-08-21 20:22 d-------- C:\Documents and Settings\Amund\Skrivebord 2008-08-21 20:12 . 2008-08-21 20:12 dr-h----- C:\Documents and Settings\Amund\Siste 2008-08-21 20:12 . 2008-08-21 21:21 dr-h----- C:\Documents and Settings\Amund\Programdata 2008-08-21 20:12 . 2008-08-21 20:12 dr------- C:\Documents and Settings\Amund\Mine dokumenter 2008-08-21 20:12 . 2007-11-14 14:21 d--h----- C:\Documents and Settings\Amund\Maler 2008-08-21 20:12 . 2008-08-25 21:30 d--h----- C:\Documents and Settings\Amund\Lokale innstillinger 2008-08-21 20:12 . 2008-08-21 20:12 dr------- C:\Documents and Settings\Amund\Favoritter 2008-08-21 20:12 . 2007-11-14 15:16 d--h----- C:\Documents and Settings\Amund\AndrMask 2008-08-21 20:12 . 2008-08-21 20:12 d-------- C:\Documents and Settings\Amund 2008-08-19 00:06 . 2008-08-19 00:06 d-------- C:\WINDOWS\system32\no 2008-08-19 00:06 . 2008-08-19 00:06 d-------- C:\WINDOWS\system32\nb-no 2008-08-19 00:06 . 2008-08-19 00:06 d-------- C:\WINDOWS\system32\bits 2008-08-19 00:06 . 2008-08-19 00:06 d-------- C:\WINDOWS\l2schemas 2008-08-19 00:02 . 2008-08-19 00:06 d-------- C:\WINDOWS\ServicePackFiles 2008-08-16 23:31 . 2004-08-04 00:54 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys 2008-08-15 10:36 . 2008-08-15 10:36 d-------- C:\Programfiler\MSECache 2008-08-14 00:16 . 2008-08-14 00:16 d-------- C:\Programfiler\Apple Software Update 2008-08-13 15:40 . 2008-08-13 15:42 d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-08-13 10:04 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-02 12:31 . 2008-08-02 12:31 268 --ah----- C:\sqmdata19.sqm 2008-08-02 12:31 . 2008-08-02 12:31 244 --ah----- C:\sqmnoopt19.sqm 2008-08-01 23:41 . 2008-08-01 23:41 268 --ah----- C:\sqmdata18.sqm 2008-08-01 23:41 . 2008-08-01 23:41 244 --ah----- C:\sqmnoopt18.sqm 2008-08-01 00:01 . 2008-08-01 00:01 172 --ah----- C:\sqmnoopt17.sqm 2008-08-01 00:01 . 2008-08-01 00:01 172 --ah----- C:\sqmdata17.sqm 2008-07-31 23:38 . 2008-07-31 23:38 268 --ah----- C:\sqmdata16.sqm 2008-07-31 23:38 . 2008-07-31 23:38 244 --ah----- C:\sqmnoopt16.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-25 19:22 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-19 17:06 --------- d-----w C:\Programfiler\Microsoft Silverlight 2008-08-15 12:42 --------- d-----w C:\Programfiler\Norton AntiVirus 2008-08-15 08:37 24,520 ----a-w C:\Documents and Settings\admin\Programdata\GDIPFONTCACHEV1.DAT 2008-07-14 08:37 --------- d-----w C:\Programfiler\Google 2008-07-13 10:08 --------- d-----w C:\Programfiler\Java 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-28 18:10 --------- d-----w C:\Documents and Settings\admin\Programdata\Apple Computer 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:12 665,600 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:49 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-11-14 13:16 32 --sha-w C:\WINDOWS\{3EFC7117-1C23-4318-8855-5D1FFA9DEF15}.dat 2007-11-14 13:16 32 --sha-w C:\WINDOWS\system32\{0D31B0E2-3A53-4A19-9B5C-C557021C940B}.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-20 21:21 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2002-12-04 16:31 54496] "ccRegVfy"="C:\Programfiler\Fellesfiler\Symantec Shared\ccRegVfy.exe" [2002-12-04 16:32 58592] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696] "ULiRaid"="C:\Programfiler\ULi5287\ULi5287.exe" [2005-08-23 21:59 409600] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 18:22 7618560] "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 10:15 208896] "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 11:37 69632] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 18:22 86016] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-11-15 00:43 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe] "nwiz"="nwiz.exe" [2006-06-01 18:22 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="C:\Programfiler\Fellesfiler\logishrd\WUApp32.exe" [2007-02-03 11:23 430080] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-08-19 11:18] R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 21:36] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2008-08-25 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] 2008-08-25 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE [2002-09-30 11:18] . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.kristiansand.kommune.no/ncms2.aspx?name=forside R0 -: HKCU-Main,Search Page = hxxp://www.google.com R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 21:31:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\DOCUME~1\admin\LOKALE~1\Temp\RGI2.tmp 7105 bytes scan completed successfully hidden files: 1 ************************************************************************** . Completion time: 2008-08-25 21:32:08 ComboFix-quarantined-files.txt 2008-08-25 19:32:04 Pre-Run: 179,385,507,840 byte ledig Post-Run: 179,803,828,224 byte ledig 158 --- E O F --- 2008-08-19 19:50:32