ComboFix 08-01-21.4 - Trine 2008-01-22 11:31:49.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.118 [GMT 1:00]
Running from: C:\Documents and Settings\Trine\Lokale innstillinger\Temporary Internet Files\Content.IE5\KUQ9VI5Q\ComboFix[1].exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Downloads\GUTTER~1 .EXE
C:\Downloads\GUTTER~1.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor .exe
C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programfiler\MSN Messenger\MsnMsgr .Exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\nnnkllk.dll
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.exe

[code] <pre>
C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor .exe ---> QooBox
C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> QooBox
C:\Programfiler\MSN Messenger\MsnMsgr .Exe ---> QooBox
C:\Downloads\GUTTER~1 .EXE ---> QooBox
</pre> [/code]
.
.
(((((((((((((((((((((((((   Files Created from 2007-12-22 to 2008-01-22  )))))))))))))))))))))))))))))))
.

2008-01-22 11:27 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
2008-01-21 13:02 . 2008-01-21 14:03	<DIR>	d--------	C:\Programfiler\Yahoo!
2008-01-21 13:01 . 2008-01-21 13:03	<DIR>	d--------	C:\Programfiler\CCleaner
2008-01-19 20:39 . 2008-01-21 16:07	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-19 20:39 . 2008-01-21 14:02	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-05 15:57 . 2008-01-05 15:57	<DIR>	d--h-----	C:\WINDOWS\msdownld.tmp

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 10:38	---------	d-----w	C:\Programfiler\MSN Messenger
2008-01-21 15:44	---------	d-----w	C:\Programfiler\QuickTime
2008-01-21 15:44	---------	d-----w	C:\Programfiler\Apoint
2008-01-17 11:33	---------	d-----w	C:\Programfiler\Windows Live Safety Center
2007-12-02 22:24	---------	d-----w	C:\Programfiler\Azureus
2005-09-02 20:41	29,579,238	----a-w	C:\Programfiler\samsung_Image_Editor.exe
2005-09-02 20:35	64,657,637	----a-w	C:\Programfiler\samsung pc studio.exe
2005-07-28 15:51	15,958,889	----a-w	C:\Programfiler\sonic.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [ ]
"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programfiler\Apoint\Apoint.exe" [ ]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [ ]
"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"Dell QuickSet"="C:\Programfiler\Dell\QuickSet\quickset.exe" [ ]
"DVDLauncher"="C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"DMXLauncher"="C:\Programfiler\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [ ]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [ ]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [ ]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [ ]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [ ]
"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [ ]
"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Bluetooth Manager.lnk - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 13:42:36 45056]
Digital Line Detect.lnk - C:\Programfiler\Digital Line Detect\DLG.exe [2005-07-04 21:54:44 24576]
HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
Microsoft Office.lnk - C:\Powerpoint\Office\OSA9.EXE [1999-02-17 20:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Programfiler\Intel\Wireless\Bin\LgNotify.dll

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 09:45]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 11:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 Fadpu16E;Fadpu16E;C:\DOCUME~1\Trine\LOKALE~1\Temp\Fadpu16E.sys []
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys []
S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 09:12:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 11:42:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  MsnMsgr = "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background??e?r?\ 

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-22 11:45:24 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-22 10:45:19
.
2008-01-18 09:52:19	--- E O F ---