ComboFix 08-07-14.2 - Sigve Sørensen 2008-07-16 13:06:33.1 - NTFSx86 Running from: C:\Documents and Settings\Sigve Sørensen\Skrivebord\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 ))))))))))))))))))))))))))))))) . 2008-07-16 04:15 . 2008-07-16 04:15 d-------- C:\Programfiler\Trend Micro 2008-07-15 22:09 . 2008-07-15 22:09 d-------- C:\Documents and Settings\NetworkService\Programdata\Xfire 2008-07-15 19:32 . 2008-06-14 20:00 272,256 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-15 19:32 . 2008-06-14 20:00 272,256 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-15 16:07 . 2008-07-15 16:07 d-------- C:\Programfiler\SUPERAntiSpyware 2008-07-15 16:07 . 2008-07-15 16:07 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-07-15 16:00 . 2008-07-15 16:00 0 --a------ C:\WINDOWS\system32\7GW3WlUM.exe.a_a 2008-07-10 02:00 . 2008-07-10 02:00 dr------- C:\Documents and Settings\NetworkService\Favoritter 2008-07-09 03:27 . 2008-07-09 03:26 29,760 --a------ C:\WINDOWS\system32\v56cB0Mg.exe 2008-06-25 18:58 . 2008-06-25 18:58 d-------- C:\Programfiler\Xfire 2008-06-25 18:49 . 2008-06-25 18:49 d-------- C:\Programfiler\Dyyno 2008-06-18 19:52 . 2008-06-18 19:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-06-17 22:03 . 2008-06-17 22:03 d-------- C:\Programfiler\Veoh Networks 2008-06-17 22:03 . 2008-06-17 22:03 d-------- C:\Documents and Settings\Sigve SÇ÷rensen . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-16 06:18 --------- d-----w C:\Programfiler\World of Warcraft 2008-07-15 21:34 --------- d-----w C:\Programfiler\Incomplete 2008-07-15 21:04 --------- d-----w C:\Programfiler\LimeWire 2008-07-15 14:07 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-07-09 21:31 --------- d-----w C:\Programfiler\DivX 2008-07-09 12:08 --------- d-----w C:\Programfiler\EA Games 2008-07-09 12:04 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-05 10:03 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-06-25 00:41 --------- d-----w C:\Programfiler\TruePoker 2008-06-21 13:03 --------- d-----w C:\Programfiler\Warcraft III 2008-06-11 23:53 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll 2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-05-29 15:49 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-05-17 22:03 --------- d-----w C:\Programfiler\Translate-It 2008-05-16 13:40 --------- d-----w C:\Programfiler\mIRC 2008-05-07 05:16 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-21 07:04 658,944 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-31 02:43 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "Veoh"="C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\bcmntray" [X] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 14:12 102492] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 14:11 692316] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-01-14 13:21 233534] "eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 13:24 290816] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-04-27 09:41 282624] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"= 1 (0x1) "MemCheckBoxInRunDlg"= 0 (0x0) "NoAutoTrayNotify"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoResolveSearch"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2004-11-10 02:19 38912 C:\Programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programfiler\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\TrackMania Nations ESWC\\TmNationsESWC.exe"= "C:\\Programfiler\\BitLord\\BitLord.exe"= "C:\\Programfiler\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe"= "C:\\Programfiler\\Valve\\Steam\\steamapps\\sigvesorensen\\counter-strike source\\hl2.exe"= "C:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Veoh Networks\\Veoh\\VeohClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18526:TCP"= 18526:TCP:*:Disabled:BitComet 18526 TCP "18526:UDP"= 18526:UDP:*:Disabled:BitComet 18526 UDP "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 18:08] R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26] S3 Aldebaran;Aldebaran - Storage Filter Drivers;C:\WINDOWS\system32\Drivers\Aldebaran.sys [] S3 ATE_PROCMON;ATE_PROCMON;C:\Programfiler\Anti Trojan Elite\ATEPMon.sys [] S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 05:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel . Contents of the 'Scheduled Tasks' folder "2008-07-15 22:06:04 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 07:00:01 C:\WINDOWS\Tasks\At10.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 08:00:01 C:\WINDOWS\Tasks\At11.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 09:00:01 C:\WINDOWS\Tasks\At12.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 10:00:01 C:\WINDOWS\Tasks\At13.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 11:00:02 C:\WINDOWS\Tasks\At14.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-09 12:00:01 C:\WINDOWS\Tasks\At15.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-09 13:00:01 C:\WINDOWS\Tasks\At16.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 14:00:01 C:\WINDOWS\Tasks\At17.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 15:00:01 C:\WINDOWS\Tasks\At18.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 16:00:01 C:\WINDOWS\Tasks\At19.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 23:00:01 C:\WINDOWS\Tasks\At2.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 17:00:01 C:\WINDOWS\Tasks\At20.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 18:00:02 C:\WINDOWS\Tasks\At21.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 19:00:01 C:\WINDOWS\Tasks\At22.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 20:00:02 C:\WINDOWS\Tasks\At23.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 21:00:04 C:\WINDOWS\Tasks\At24.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-15 22:38:10 C:\WINDOWS\Tasks\At25.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 23:00:10 C:\WINDOWS\Tasks\At26.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 00:00:10 C:\WINDOWS\Tasks\At27.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 01:00:10 C:\WINDOWS\Tasks\At28.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 02:00:10 C:\WINDOWS\Tasks\At29.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 00:00:01 C:\WINDOWS\Tasks\At3.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 03:00:10 C:\WINDOWS\Tasks\At30.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 04:00:10 C:\WINDOWS\Tasks\At31.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 05:00:10 C:\WINDOWS\Tasks\At32.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 06:00:10 C:\WINDOWS\Tasks\At33.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 07:00:10 C:\WINDOWS\Tasks\At34.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 08:00:10 C:\WINDOWS\Tasks\At35.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 09:00:10 C:\WINDOWS\Tasks\At36.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 10:00:10 C:\WINDOWS\Tasks\At37.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 11:00:10 C:\WINDOWS\Tasks\At38.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-09 12:00:10 C:\WINDOWS\Tasks\At39.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 01:00:02 C:\WINDOWS\Tasks\At4.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-09 13:00:10 C:\WINDOWS\Tasks\At40.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 14:19:04 C:\WINDOWS\Tasks\At41.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 15:00:00 C:\WINDOWS\Tasks\At42.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 16:00:10 C:\WINDOWS\Tasks\At43.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 17:00:10 C:\WINDOWS\Tasks\At44.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 18:00:00 C:\WINDOWS\Tasks\At45.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 19:00:10 C:\WINDOWS\Tasks\At46.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 20:00:10 C:\WINDOWS\Tasks\At47.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-15 21:00:00 C:\WINDOWS\Tasks\At48.job" - C:\WINDOWS\system32\7GW3WlUM.exe "2008-07-16 02:00:02 C:\WINDOWS\Tasks\At5.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 03:00:01 C:\WINDOWS\Tasks\At6.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 04:00:01 C:\WINDOWS\Tasks\At7.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 05:00:01 C:\WINDOWS\Tasks\At8.job" - C:\WINDOWS\system32\v56cB0Mg.exe "2008-07-16 06:00:01 C:\WINDOWS\Tasks\At9.job" - C:\WINDOWS\system32\v56cB0Mg.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-16 13:12:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????3?5?5?4??????? ?d?B?????????????hLC???????? scanning hidden files ... ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\HPQ\IAM\Bin\asghost.exe C:\Programfiler\WIDCOMM\Bluetooth-programvare\bin\btwdins.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\bcmntray.EXE C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe C:\Programfiler\Windows Media Player\wmpnetwk.exe C:\Programfiler\HPQ\Shared\hpqwmi.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Completion time: 2008-07-16 13:18:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-16 11:17:01 Pre-Run: 3,166,789,632 byte ledig Post-Run: 3,133,435,904 byte ledig 259 --- E O F --- 2008-07-15 21:48:36