ComboFix 07-08-30.3 - "all-x" 2007-09-06 22:47:43.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.303 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 ))))))))))))))))))))))))))))))) 2007-09-06 22:46 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-06 21:55 d-------- C:\DOCUME~1\LOCALS~1\Start-meny 2007-09-06 21:06 d-------- C:\DOCUME~1\all-x\.housecall6.6 2007-09-06 21:05 19,000 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys 2007-09-06 21:01 d-------- C:\Programfiler\Norman 2007-09-06 20:59 d-------- C:\DOCUME~1\all-x\PROGRA~1\InstallShield 2007-09-06 19:03 d-------- C:\Programfiler\Trend Micro 2007-09-04 22:57 dr-h----- C:\DOCUME~1\test\Siste 2007-09-04 22:57 dr-h----- C:\DOCUME~1\test\Programdata 2007-09-04 22:57 dr------- C:\DOCUME~1\test\Start-meny 2007-09-04 22:57 dr------- C:\DOCUME~1\test\Mine dokumenter 2007-09-04 22:57 dr------- C:\DOCUME~1\test\Favoritter 2007-09-04 22:57 d--h----- C:\DOCUME~1\test\Skrivere 2007-09-04 22:57 d--h----- C:\DOCUME~1\test\Maler 2007-09-04 22:57 d--h----- C:\DOCUME~1\test\Lokale innstillinger 2007-09-04 22:57 d--h----- C:\DOCUME~1\test\AndrMask 2007-09-04 22:57 d-------- C:\DOCUME~1\test\Skrivebord (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-09-06 21:01 --------- d--h----- C:\Programfiler\InstallShield Installation Information 2007-09-06 19:20 --------- d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2007-08-13 12:15 --------- d-------- C:\Programfiler\Norton SystemWorks 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll 2007-04-02 19:39 98304 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSJPEGCompressionPlugin6863.dll 2007-04-02 19:39 88576 --ah----- C:\DOCUME~1\all-x\PROGRA~1\rbap550.dll 2007-04-02 19:39 85024 --ah----- C:\DOCUME~1\all-x\PROGRA~1\EHRotation.dll 2007-04-02 19:39 74240 --ah----- C:\DOCUME~1\all-x\PROGRA~1\rbqt550.DLL 2007-04-02 19:39 73728 --ah----- C:\DOCUME~1\all-x\PROGRA~1\RBRegEx550.dll 2007-04-02 19:39 69036 --ah----- C:\DOCUME~1\all-x\PROGRA~1\EHMatrixFilters.dll 2007-04-02 19:39 453632 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSTiffPlugin6863.dll 2007-04-02 19:39 42496 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSCFPlugin6854.dll 2007-04-02 19:39 39936 --ah----- C:\DOCUME~1\all-x\PROGRA~1\RBShell555.dll 2007-04-02 19:39 37888 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSCarbonEventsPlugin6854.dll 2007-04-02 19:39 36352 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSInternationalPlugin6867.dll 2007-04-02 19:39 35840 --ah----- C:\DOCUME~1\all-x\PROGRA~1\EHEffects.dll 2007-04-02 19:39 32256 --ah----- C:\DOCUME~1\all-x\PROGRA~1\RBJagToolbarItem550.dll 2007-04-02 19:39 30720 --ah----- C:\DOCUME~1\all-x\PROGRA~1\RBInternetEncodings600.dll 2007-04-02 19:39 27648 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSRectPlugin6756.dll 2007-04-02 19:39 27648 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSMacOSXPlugin6854.dll 2007-04-02 19:39 25600 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSRegistrationPlugin6867.dll 2007-04-02 19:39 25600 --ah----- C:\DOCUME~1\all-x\PROGRA~1\EHTypes.dll 2007-04-02 19:39 25088 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSUsernamePlugin6756.dll 2007-04-02 19:39 200704 --ah----- C:\DOCUME~1\all-x\PROGRA~1\PNGUtilitiesPlugin.DLL 2007-04-02 19:39 119296 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSJPEGDecompressionPlugin6863.dll 2007-04-02 19:39 1166772 --ah----- C:\DOCUME~1\all-x\PROGRA~1\RBXML550.dll 2007-04-02 19:39 104960 --ah----- C:\DOCUME~1\all-x\PROGRA~1\MBSPicturePlugin6867.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 14:00] "Norman ZANDA"="C:\Programfiler\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 22:01] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] "C:\Programfiler\Microsoft IntelliPoint\point32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] C:\Programfiler\Picasa2\PicasaMediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe R0 d344bus;d344bus;C:\WINDOWS\system32\DRIVERS\d344bus.sys R0 d344prt;d344prt;C:\WINDOWS\system32\Drivers\d344prt.sys R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys S2 Ndiskio;Ndiskio;\??\C:\Programfiler\Norman\Nse\bin\NDISKIO.SYS S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys S3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys S3 nvcoas;Norman Virus Control on-access component;C:\Programfiler\Norman\Nvc\bin\nvcoas.exe S3 NVCScheduler;Norman Virus Control Scheduler;C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE S3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys S3 SDdriver;SDdriver;\??\C:\WINDOWS\system32\Drivers\sddriver.sys S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys *Newly Created Service* - CATCHME Contents of the 'Scheduled Tasks' folder 2007-05-25 19:03:06 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - all-x.job - C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exe 2007-08-13 10:15:51 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job 2007-09-06 19:42:06 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE 2007-08-21 22:00:10 C:\WINDOWS\Tasks\Symantec Drmc.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-06 22:53:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\viaagp] "ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys" Completion time: 2007-09-06 22:56:37 C:\ComboFix-quarantined-files.txt ... 2007-09-06 22:55 --- E O F ---