"Bill Brox" - 2007-05-09 11:23:40 Service Pack 2 ComboFix 07-05.09.V - Running from: "C:\Documents and Settings\Bill Brox\Skrivebord\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 )))))))))))))))))))))))))))))))))) 2007-05-09 10:25 d-------- C:\WINDOWS\LastGood 2007-05-08 14:11 dr-h----- C:\DOCUME~1\BILLBR~1\Siste 2007-05-08 14:09 d-------- C:\Programfiler\CCleaner 2007-05-08 14:02 1,800 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-08 14:01 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-05-08 14:01 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-05-08 14:01 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-05-07 19:38 d-------- C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-07 19:37 d-------- C:\Programfiler\SUPERAntiSpyware 2007-05-07 19:37 d-------- C:\DOCUME~1\BILLBR~1\PROGRA~1\SUPERAntiSpyware.com 2007-05-07 19:36 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-04-11 17:33 d-------- C:\Programfiler\MyWebSearch 2007-04-11 17:33 d-------- C:\Programfiler\FunWebProducts (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-09 08:27:23 -------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-05-08 18:42:29 -------- d-----w C:\Programfiler\Norton Internet Security 2007-04-25 14:59:25 7,168 --s-a-w C:\WINDOWS\system32\xuoce.dll 2007-04-18 05:52:32 -------- d-----w C:\Programfiler\MSN Messenger 2007-04-17 15:23:39 -------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-03-25 07:36:05 60,326 ----a-w C:\WINDOWS\system32\perfc014.dat 2007-03-25 07:36:05 384,784 ----a-w C:\WINDOWS\system32\perfh014.dat 2007-03-17 13:45:38 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-14 08:43:26 -------- d-----w C:\Programfiler\Telenor 2007-03-08 15:39:11 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:39:11 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:39:11 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:38:06 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{9ECB9560-04F9-4bbc-943D-298DDF1699E1}"="C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll" "{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}"="C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll" "{DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516}"="C:\Programfiler\Telenor\Online Start\IEFixItNowPlugin.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NVMixerTray"="\"C:\\Programfiler\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "ccApp"="\"C:\\Programfiler\\Fellesfiler\\Symantec Shared\\ccApp.exe\"" "Adobe Photo Downloader"="\"C:\\Programfiler\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "Telenor Online Start"="\"C:\\Programfiler\\Telenor\\Online Start\\Telenor.exe\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Programfiler\\MSN Messenger\\MsnMsgr.Exe\" /background" "Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet" "SUPERAntiSpyware"="C:\\Programfiler\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "DJSNetCN"="C:\\Programfiler\\Fellesfiler\\Symantec Shared\\DJSNETCN.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{da3b49f6-8c54-4429-a275-21a86dcca413}"="C:\WINDOWS\system32\xuoce.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 Usnsvc usnsvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56322cdd-110d-11db-a735-806d6172696f}] Shell\AutoRun\command D:\autorun.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Kj›r fullstendig systems›k - My Name.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-09 11:25:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-09 11:25:11 C:\ComboFix-quarantined-files.txt ... 2007-05-09 11:25