ComboFix 07-10-02.2 - stian 2007-10-02 9:51:33.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.546 [GMT 2:00] Running from: C:\Documents and Settings\stian\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\WINDOWS\cookies.ini C:\WINDOWS\system32\jjllm.bak1 C:\WINDOWS\system32\jjllm.bak2 C:\WINDOWS\system32\jjllm.ini C:\WINDOWS\system32\mlljj.dll C:\WINDOWS\system32\vcheraty.dll C:\WINDOWS\system32\winuzu32.dll C:\WINDOWS\system32\ytarehcv.ini . ((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))))))) . 2007-10-02 09:50 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-02 09:43 dr-h----- C:\Documents and Settings\stian\Siste 2007-10-02 09:39 d-------- C:\Programfiler\Trend Micro 2007-10-02 09:19 d-------- C:\VundoFix Backups 2007-10-02 08:49 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-02 08:49 d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2007-10-02 07:17 d-------- C:\WINDOWS\pss 2007-10-01 15:29 d-------- C:\Programfiler\Windows Defender 2007-09-30 15:17 d-------- C:\Documents and Settings\All Users\Programdata\Yahoo! Companion 2007-09-30 12:22 d-------- C:\Programfiler\Yahoo! 2007-09-30 12:21 d-------- C:\Programfiler\CCleaner 2007-09-30 08:43 dr------- C:\Documents and Settings\LocalService\Favoritter 2007-09-30 08:43 d-------- C:\Documents and Settings\LocalService\Programdata\Xfire 2007-09-30 08:43 d-------- C:\Documents and Settings\LocalService\Programdata\Google 2007-09-29 15:36 d-------- C:\my dvd 2007-09-29 07:45 d-------- C:\WINDOWS\system32\quicktime 2007-09-23 11:40 d-------- C:\Documents and Settings\stian\Programdata\AdobeUM 2007-09-22 14:40 d-------- C:\Documents and Settings\NetworkService\Programdata\Xfire 2007-09-22 14:39 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-09-22 14:39 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-09-20 03:04 d-------- C:\Programfiler\MSXML 6.0 2007-09-19 20:37 d-------- C:\Programfiler\PokerStars 2007-09-19 20:33 d-------- C:\Programfiler\Xfire 2007-09-19 20:33 d-------- C:\Documents and Settings\stian\Programdata\Xfire 2007-09-19 19:58 d----c--- C:\WINDOWS\system32\DRVSTORE 2007-09-19 19:58 d-------- C:\Programfiler\MSN Messenger 2007-09-19 19:58 d-------- C:\Documents and Settings\stian\Contacts 2007-09-19 19:54 d-------- C:\Documents and Settings\stian\Programdata\Google 2007-09-19 19:53 d-------- C:\Documents and Settings\All Users\Programdata\Google 2007-09-19 19:29 d-------- C:\Programfiler\InstallShield Installation Information 2007-09-19 19:24 d-------- C:\Programfiler\Activision 2007-09-19 19:22 d--hs---- C:\WINDOWS\ftpcache 2007-09-19 19:10 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-09-19 19:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys 2007-09-19 19:10 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-09-19 19:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys 2007-09-19 19:10 4,736 --a------ C:\WINDOWS\system32\drivers\usbd.sys 2007-09-19 19:10 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys 2007-09-19 19:10 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-09-19 19:10 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys 2007-09-19 19:10 d-------- C:\Programfiler\MSBuild 2007-09-19 19:09 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-09-19 19:09 7,168 --a------ C:\WINDOWS\system32\hccoin.dll 2007-09-19 19:09 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-09-19 19:09 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys 2007-09-19 19:09 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-09-19 19:09 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-09-19 19:09 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys 2007-09-19 19:09 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-09-19 19:09 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys 2007-09-19 19:08 d-------- C:\WINDOWS\system32\XPSViewer 2007-09-19 19:08 d-------- C:\Programfiler\Reference Assemblies 2007-09-19 19:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-09-19 19:06 d-------- C:\WINDOWS\system32\nb-no 2007-09-19 19:06 d-------- C:\WINDOWS\system32\LogFiles 2007-09-19 19:06 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-09-19 18:43 dr-h----- C:\Documents and Settings\stian\Programdata 2007-09-19 18:43 dr------- C:\Documents and Settings\stian\Start-meny 2007-09-19 18:43 dr------- C:\Documents and Settings\stian\Mine dokumenter 2007-09-19 18:43 dr------- C:\Documents and Settings\stian\Favoritter 2007-09-19 18:43 d--hs---- C:\Documents and Settings\stian\UserData 2007-09-19 18:43 d--h----- C:\Documents and Settings\stian\Maler 2007-09-19 18:43 d--h----- C:\Documents and Settings\stian\Lokale innstillinger 2007-09-19 18:43 d--h----- C:\Documents and Settings\stian\AndrMask 2007-09-19 18:43 d-------- C:\Documents and Settings\stian\Skrivebord 2007-09-19 18:42 dr-h----- C:\WINDOWS\system32\config\systemprofile\Siste 2007-09-19 18:42 dr-h----- C:\Documents and Settings\Default User\Siste 2007-09-19 18:42 dr------- C:\WINDOWS\system32\config\systemprofile\Mine dokumenter 2007-09-19 18:42 dr------- C:\WINDOWS\system32\config\systemprofile\Favoritter 2007-09-19 18:42 dr------- C:\Documents and Settings\Default User\Mine dokumenter 2007-09-19 18:42 dr------- C:\Documents and Settings\Default User\Favoritter 2007-09-19 18:42 d--h----- C:\WINDOWS\system32\config\systemprofile\AndrMask 2007-09-19 18:42 d--h----- C:\Documents and Settings\Default User\AndrMask 2007-09-19 18:42 d---s---- C:\WINDOWS\system32\config\systemprofile\UserData 2007-09-19 18:42 d---s---- C:\Documents and Settings\Default User\UserData 2007-09-19 18:42 d-------- C:\WINDOWS\system32\config\systemprofile\Skrivebord 2007-09-19 18:42 d-------- C:\Documents and Settings\Default User\Skrivebord 2007-09-19 17:39 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-09-19 17:39 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-09-19 17:38 d-------- C:\Programfiler\Symantec AntiVirus 2007-09-19 17:38 d-------- C:\Programfiler\Symantec 2007-09-19 17:38 d-------- C:\Programfiler\Fellesfiler\Symantec Shared 2007-09-19 17:38 d-------- C:\Documents and Settings\All Users\Programdata\Symantec 2007-09-19 17:27 1,025,833 --a------ C:\Winrar350 Corporate.exe 2007-09-19 17:16 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2007-09-19 17:14 d-------- C:\Documents and Settings\All Users\Maler 2007-09-19 17:13 d-------- C:\WINDOWS\system32\xircom 2007-09-19 17:13 d-------- C:\Programfiler\microsoft frontpage 2007-09-19 17:13 d-------- C:\Documents and Settings\NetworkService\Programdata 2007-09-19 17:13 d-------- C:\Documents and Settings\LocalService\Programdata 2007-09-19 17:12 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe 2007-09-19 17:12 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-09-19 17:12 d-------- C:\Programfiler\Fellesfiler\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-20 02:06 --------- d-------- C:\Programfiler\HighMAT CD Writing Wizard 2007-09-20 02:06 --------- d-------- C:\Programfiler\Fellesfiler\Tjenester 2007-09-20 02:06 --------- d-------- C:\Programfiler\Fellesfiler\SpeechEngines 2007-09-20 02:06 --------- d-------- C:\Programfiler\Fellesfiler\MSSoap 2007-09-20 02:06 --------- d-------- C:\Programfiler\Elektroniske tjenester 2007-09-19 20:23 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2007-09-19 19:07 --------- d-------- C:\Programfiler\Windows Media Connect 2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\SOUNDMAN.EXE] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-07-19 18:26] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 19:33] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "Windows Defender"="C:\Programfiler\Windows Defender\MSASCui.exe" [2006-11-03 19:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 21:00] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46] "ccleaner"="C:\Programfiler\CCleaner\ccleaner.exe" [2007-07-13 11:10] "updateMgr"="C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] C:\Documents and Settings\stian\Start-meny\Programmer\Oppstart\ Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2007-09-13 00:24:32] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvurr] tuvvurr.dll R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys . Contents of the 'Scheduled Tasks' folder "2007-10-02 07:33:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Programfiler\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-02 09:55:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp] "ImagePath"="system32\DRIVERS\viaagp.sys" . Completion time: 2007-10-02 9:57:31 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-02 09:57 . --- E O F ---