ComboFix 08-06-09.7 - Heine 2008-06-10 23:41:31.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2209 [GMT 2:00] Running from: C:\Documents and Settings\Heine\Skrivebord\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))) . 2008-06-10 22:45 . 2008-06-10 22:45 d-------- C:\Programfiler\SUPERAntiSpyware 2008-06-10 22:45 . 2008-06-10 22:45 d-------- C:\Documents and Settings\Heine\Programdata\SUPERAntiSpyware.com 2008-06-10 22:45 . 2008-06-10 22:45 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-06-10 20:44 . 2008-06-10 20:44 d-------- C:\Programfiler\Trend Micro 2008-06-09 17:33 . 2008-06-09 21:01 d-------- C:\Documents and Settings\Heine\.housecall6.6 2008-06-09 17:31 . 2008-06-10 17:31 117 --a------ C:\WINDOWS\BM6f448e1a.xml 2008-06-08 23:41 . 2008-06-08 23:41 d-------- C:\Programfiler\Spybot - Search & Destroy 2008-06-08 23:41 . 2008-06-08 23:41 d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-06-08 23:25 . 2008-06-10 23:38 d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-06-08 23:24 . 2008-06-10 23:41 d-------- C:\Programfiler\Spyware Doctor 2008-06-08 23:24 . 2008-06-08 23:24 d-------- C:\Documents and Settings\Heine\Programdata\PC Tools 2008-06-08 23:24 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-06-08 23:24 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-06-08 23:24 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-06-08 23:24 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-06-08 23:20 . 2008-06-08 23:20 18,473,000 --a------ C:\temp\sdsetup.exe 2008-06-08 22:41 . 2008-06-10 21:54 d-------- C:\WINDOWS\system32\6620 2008-06-08 22:40 . 2008-06-08 22:40 55,808 --a------ C:\WINDOWS\portsv.exe 2008-06-08 21:40 . 2008-06-09 22:48 d-------- C:\Programfiler\uTorrent 2008-06-08 21:40 . 2008-06-08 21:40 dr------- C:\Documents and Settings\LocalService\Favoritter 2008-06-08 21:39 . 2008-06-08 21:39 49,158 --a------ C:\WINDOWS\444.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-10 21:38 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-06-09 18:33 --------- d-----w C:\Programfiler\Norton Security Scan 2008-06-08 20:48 --------- d-----w C:\Programfiler\Gabest 2008-06-08 20:47 --------- d-----w C:\Programfiler\Azureus 2008-06-08 19:35 --------- d-----w C:\Documents and Settings\Heine\Programdata\Azureus 2008-05-05 18:46 --------- d-----w C:\Documents and Settings\All Users\Programdata\TrackMania 2008-05-05 18:43 --------- d-----w C:\Programfiler\TmNationsForever 2008-04-17 20:13 --------- d-----w C:\Programfiler\Stata10 2008-04-17 20:12 --------- d-----w C:\Documents and Settings\Heine\Programdata\Stata10 2008-04-17 20:07 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-04-12 10:14 --------- d-----w C:\Programfiler\MagicDisc 2007-12-02 11:54 87,608 ----a-w C:\Documents and Settings\Heine\Programdata\inst.exe 2007-12-02 11:54 47,360 ----a-w C:\Documents and Settings\Heine\Programdata\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38BB23AA-0EA4-4A1B-B782-8E7745240EE9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{899202FF-9593-415D-8DBE-02282A77FE36}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c8871178-9d7e-4bf6-a100-1ad44c98587a}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 04:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 21:21 68856] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "LaunchList"="C:\Programfiler\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 16:41 145496] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe" [ ] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-21 13:48 98304] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-21 13:50 86016] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-21 13:47 81920] "RTHDCPL"="RTHDCPL.EXE" [2006-07-04 17:26 16250880 C:\WINDOWS\RTHDCPL.exe] "PTHOSTTR"="C:\Programfiler\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 15:02 131072] "PDF Complete"="C:\Programfiler\PDF Complete\pdfsty.exe" [2006-07-14 09:43 279576] "SDMSSplash"="C:\Programfiler\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 01:53 86016] "SetRefresh"="C:\Programfiler\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 20:01 525824] "CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 21:12 17920] "Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2006-05-12 13:50 1138688] "Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-31 15:44 761856] "Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-04-24 11:42 888832] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-03-24 18:14 53408] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 02:40 124656] "EPSON Stylus Photo R800"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.exe" [2003-08-07 03:00 99840] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-09-21 06:20 127036] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960] "RoxioDragToDisc"="C:\Programfiler\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-06-14 21:38 1691648] "USBToolTip"="C:\Programfiler\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2005-06-13 03:30 192512] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424] "NBKeyScan"="C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "RoxWatchTray"="C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 16:52 240112] "DMXLauncher"="C:\Programfiler\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 04:44 113136] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-04-10 15:14 1107848] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 04:00 15360] C:\Documents and Settings\Heine\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] MagicDisc.lnk - C:\Programfiler\MagicDisc\MagicDisc.exe [2008-04-12 12:14:42 546816] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Program Neighborhood Agent.lnk - C:\WINDOWS\Installer\{E89956F9-5B89-470E-818D-BD46102D0A01}\Icon80951CEC.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2007-06-28 18:36:19 38480] ZyXEL G-360 Wireless Adapter Utility.lnk - C:\Programfiler\ZyXEL\G360\Gcc.exe [2007-02-28 03:29:59 36864] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqOhHb] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN] IfxWlxEN.dll 2006-04-07 06:00 434176 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll 2006-06-07 21:26 40448 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "VIDC.MJPX"= PICVideo MJPEG Codec [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\SMINST\\Scheduler.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Programfiler\\SopCast\\SopCast.exe"= "C:\\Documents and Settings\\Heine\\Programdata\\SopCast\\adv\\SopAdver.exe"= "C:\\Programfiler\\Pinnacle\\Studio 11\\programs\\RM.exe"= "C:\\Programfiler\\Pinnacle\\Studio 11\\programs\\Studio.exe"= "C:\\Programfiler\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"= "C:\\Programfiler\\Pinnacle\\Studio 11\\programs\\umi.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\TmNationsForever\\TmForever.exe"= R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24] R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 20:03] R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-04-07 06:46] R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2006-03-02 04:00] R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Programfiler\Intel\AMT\LMS.exe [2006-07-25 13:46] R2 pdfcDispatcher;PDF Document Manager;C:\Programfiler\PDF Complete\pdfsvc.exe [2006-07-14 09:43] R2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 16:52] R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\CBTNDIS5.SYS [2003-07-16 23:28] R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-04-25 18:26] R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 17:01] R3 RoxMediaDB10;RoxMediaDB10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 16:52] R3 TNET1130x;ZyXEL 802.11g Wireless Card;C:\WINDOWS\system32\DRIVERS\tnet1130x.sys [2004-06-10 18:14] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Programfiler\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 16:53] S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Programfiler\Fellesfiler\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 16:52] S2 SessionLauncher;SessionLauncher;C:\DOCUME~1\Heine\LOKALE~1\Temp\DX9\SessionLauncher.exe [] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Programfiler\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 16:53] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 15:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 15:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 15:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Contents of the 'Scheduled Tasks' folder "2008-05-28 10:32:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-06-01 18:51:48 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher] "ImagePath"="C:\Programfiler\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . Completion time: 2008-06-10 23:48:03 ComboFix-quarantined-files.txt 2008-06-10 21:47:53 ComboFix2.txt 2008-06-10 20:21:31 Pre-Run: 22,359,674,880 byte ledig Post-Run: 22,356,590,592 byte ledig 169