ComboFix 08-02-13.1 - Nils Vågslid 2008-02-13 22:42:17.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.983 [GMT 1:00] Running from: C:\Users\Nils Vågslid\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\gzmrt.dll . ((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))) . 2008-02-10 09:47 . 2008-02-10 09:47 d-------- C:\Program Files\uTorrent 2008-02-10 09:26 . 2008-02-10 09:26 46,300 --a------ C:\Windows\System32\AdssiteSocial-uninstall.exe 2008-01-25 19:25 . 2008-01-25 19:25 d-------- C:\Users\All Users\Office Genuine Advantage 2008-01-25 19:25 . 2008-01-25 19:25 d-------- C:\ProgramData\Office Genuine Advantage 2008-01-16 19:38 . 2008-01-20 14:42 d-------- C:\Users\All Users\Autodesk 2008-01-16 19:38 . 2008-01-20 14:42 d-------- C:\ProgramData\Autodesk 2008-01-16 19:38 . 2008-01-16 19:42 d-------- C:\Program Files\AutoCAD 2008 2008-01-13 23:05 . 2008-01-13 23:06 d-------- C:\Program Files\MagicISO 2008-01-13 14:51 . 2008-01-16 19:42 d-------- C:\Program Files\Common Files\Autodesk Shared 2008-01-13 14:51 . 2008-01-13 14:51 d-------- C:\Program Files\Autodesk . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-13 20:26 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-02-13 16:21 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-07 22:36 --------- d-----w C:\Program Files\ESET 2008-02-06 09:18 --------- d-----w C:\ProgramData\CyberLink 2008-01-14 20:52 --------- d-----w C:\ProgramData\Microsoft Help 2008-01-13 08:42 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-12 12:08 37,888 ----a-w C:\Windows\System32\rar.exe 2008-01-12 12:08 --------- d---a-w C:\ProgramData\TEMP 2008-01-12 11:49 --------- d-----w C:\ProgramData\FLEXnet 2008-01-12 11:37 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-12 11:37 --------- d-----w C:\Program Files\Bonjour 2008-01-12 11:26 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-01-12 11:25 --------- d-----w C:\Program Files\Adobe CS3 2008-01-11 02:12 --------- d-----w C:\Program Files\Windows Mail 2008-01-11 02:05 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-01-11 02:05 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-01-11 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-01-11 02:05 216,760 ----a-w C:\Windows\system32\drivers\netio.sys 2008-01-11 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-01-11 02:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-11 02:03 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-01-11 02:03 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-11 02:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-11 02:03 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2008-01-11 02:03 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-01-11 02:03 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-11 02:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-11 02:03 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-01-11 02:03 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-01-11 02:03 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-01-11 02:03 1,686,016 ----a-w C:\Windows\System32\gameux.dll 2008-01-11 02:03 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2008-01-11 02:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-11 02:02 --------- d-----w C:\Program Files\Windows Sidebar 2007-12-26 20:36 --------- d-----w C:\Program Files\Common Files\Ahead 2007-12-26 20:29 --------- d-----w C:\ProgramData\Nero 2007-12-26 20:29 --------- d-----w C:\Program Files\Nero 2007-12-22 20:50 --------- d-----w C:\Program Files\Opera 2007-12-22 20:15 --------- d-----w C:\ProgramData\Roxio 2007-12-21 14:39 10,752 ----a-w C:\Windows\System32\WhoisCL.exe 2007-12-15 02:04 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2007-12-15 02:04 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2007-12-15 02:04 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2007-12-15 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll 2007-12-15 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-15 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-15 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-15 02:02 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-15 02:02 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-15 02:02 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-15 02:02 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-15 02:01 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2007-12-15 02:01 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2007-12-14 21:29 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2007-12-14 19:57 --------- d-----w C:\Program Files\RegistryFix 2007-12-14 18:55 --------- d-----w C:\Program Files\VideoLAN 2007-12-14 18:14 --------- d-----w C:\Program Files\Trend Micro 2007-11-17 07:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-11-15 02:03 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-15 02:03 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-15 02:03 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-15 02:03 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-15 02:03 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-15 02:03 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-15 02:03 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-15 02:03 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-15 02:03 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-15 02:03 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-09-18 18:50 174 --sha-w C:\Program Files\desktop.ini 2007-09-03 20:21 76 --sh--r C:\Windows\CT4CET.bin 2007-09-16 08:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-09-16 08:00 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-09-16 08:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @={F2F31467-B1AC-4df0-AE79-FD5FA085E22B} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @={A3E208F7-0E3A-4182-A7A6-B169D5D691AA} [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-04 05:01 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 08:00 857648] "OEM04Mon.exe"="C:\Windows\OEM04Mon.exe" [2007-06-11 10:01 36864] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-29 07:15 405504] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-05-24 13:41 138008] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-05-24 13:40 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-05-24 13:40 133912] "SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-09-03 21:19 77824] "PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 16:10 184320] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-03 21:36 1862144] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-21 07:16 949376] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 17:55:50 703280] NPFTrayIcon.lnk - C:\Program Files\Nordic Pirat Forum\NPFTrayIcon.exe [2004-07-26 20:16:52 615424] QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-09-03 21:22:42 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "System Patcher"= BTCPatcher.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 13:35] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 02:37] R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 00:13] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 00:13] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-24 13:40] R3 NETw4v32;Intel(R) Wireless WiFi Link kortdriver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 15:14] R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM04Vfx.sys [2007-03-06 03:45] R3 OEM04Vid;Creative Camera OEM004 Driver;C:\Windows\system32\DRIVERS\OEM04Vid.sys [2007-05-07 10:00] R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-16 22:44] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3d35ab0-931f-11dc-a176-0015c57d5e79}] \shell\AutoRun\command - F:\setupSNK.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-13 22:48:59 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Fingerprint Reader Suite\upeksvr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Eset\nod32krn.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\conime.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Program Files\DELL\QuickSet\quickset.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Sony Ericsson\Mobile2\File Manager\FMObexServer.exe . ************************************************************************** . Completion time: 2008-02-13 22:53:13 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-13 21:53:04 . 2008-02-07 20:55:33 --- E O F ---