ComboFix 08-06-06.6 - Børge 2008-06-07 19:29:04.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1552 [GMT 2:00] Running from: C:\DOCUME~1\BRGE~1.BEE\LOCALS~1\Temp\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\wsnpoem C:\WINDOWS\system32\wsnpoem . ((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 ))))))))))))))))))))))))))))))) . 2008-06-07 18:58 . 2008-06-07 18:58 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-07 18:58 . 2008-06-07 18:58 d-------- C:\Documents and Settings\Børge.BEEDJEE\Application Data\Malwarebytes 2008-06-07 18:58 . 2008-06-07 18:58 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-06-07 18:58 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-07 18:58 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-07 18:57 . 2008-06-07 18:57 d-------- C:\Program Files\Common Files\Download Manager 2008-06-07 14:01 . 2008-06-07 14:01 0 --a------ C:\WINDOWS\system32\SBRC.dat 2008-06-07 01:20 . 2008-06-07 16:47 65,540 --a------ C:\fdgf.exe 2008-06-05 02:03 . 2008-06-05 02:03 d-------- C:\Program Files\Alwil Software 2008-06-04 13:55 . 2008-06-04 13:55 244 --ah----- C:\sqmnoopt00.sqm 2008-06-04 13:55 . 2008-06-04 13:55 232 --ah----- C:\sqmdata00.sqm 2008-06-04 13:05 . 2007-07-09 15:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-06-04 03:28 . 2008-06-04 03:28 d-------- C:\Documents and Settings\B°rge.BEEDJEE 2008-06-04 03:28 . C:\Documents and Settings\B+RGE 2008-05-15 22:20 . 2005-03-04 11:10 74,496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys 2008-05-08 00:59 . 2008-05-09 19:37 d-------- C:\Documents and Settings\Børge.BEEDJEE\Application Data\Hamachi 2008-05-07 03:03 . 2008-05-07 03:03 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-07 17:22 --------- d---a-w C:\Program Files\mIRC 2008-06-07 14:53 --------- d-----w C:\Program Files\Zoom Player 2008-06-06 21:05 --------- d-----w C:\Documents and Settings\Børge.BEEDJEE\Application Data\uTorrent 2008-05-31 01:33 --------- d-----w C:\Program Files\RevConnect 2008-05-23 12:32 --------- d-----w C:\Program Files\IEPro 2008-05-15 20:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-13 17:39 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-05-07 22:59 --------- d-----w C:\Documents and Settings\Børge.BEEDJEE\Application Data\Hamachi-Backup 2008-05-07 22:45 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2008-05-06 12:11 --------- d-----w C:\Program Files\MSN Messenger 2008-05-06 12:10 --------- d-----w C:\Program Files\Windows Live 2008-05-06 12:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-06 12:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-05-05 22:51 --------- d-----w C:\Program Files\SlySoft 2006-05-17 14:36 67,264 ----a-w C:\Documents and Settings\Børge.BEEDJEE\Application Data\GDIPFONTCACHEV1.DAT 2005-02-23 13:22 26,688 ----a-w C:\Documents and Settings\BØRGE\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ] "Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\Børge\OctoshapeClient.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:31 208952] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168] "SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "NVRT"="" [] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-14 14:36 77824] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-14 00:20 278528] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2002-12-19 05:05 586240] "lssas"="C:\WINDOWS\System\lssas.exe" [ ] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29 7561216] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe" [2007-02-13 13:01 690928] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 02:04 32768] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 14:50 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-11-14 23:16:08 6144] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{02B720E5-8D97-401D-9567-73736D7FFC8D}"= C:\WINDOWS\system32\barseek.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "D:\\spill\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"= "C:\\Program Files\\RevConnect\\DCPlusPlus.exe"= "D:\\spill\\Quake2\\nocheat.exe"= "D:\\spill\\Quake2\\r1q2.exe"= "D:\\spill\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"= "D:\\spill\\World of Warcraft\\Repair.exe"= "D:\\spill\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe"= "D:\\spill\\World of Warcraft\\BackgroundDownloader.exe"= "D:\\spill\\quakeworld\\fuhquake-gl.exe"= "D:\\spill\\quakeworld\\glquake.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\IEPro\\MiniDM.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "E:\\Spill\\Starcraft\\StarCraft.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-02-16 04:12] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 20:33] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\PStrip.sys [2001-07-24 02:31] R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys [] *Newly Created Service* - SBAPIFS . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . Completion time: 2008-06-07 19:34:07 ComboFix-quarantined-files.txt 2008-06-07 17:34:05 ComboFix2.txt 2008-06-04 01:28:24 Pre-Run: 10,890,579,968 bytes free Post-Run: 10,997,727,232 bytes free 137