ComboFix 08-11-09.01 - JULIE ARNTZEN 2008-11-09 21:45:03.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.418 [GMT 1:00] Running from: c:\program files\ComboFix.exe Command switches used :: c:\documents and settings\JULIE ARNTZEN\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] FILE :: c:\windows\Tasks\AC311416918A8BE6.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Gjest\Programdata\This Hide Hold c:\documents and settings\Gjest\Programdata\This Hide Hold\[u]0[/u] c:\documents and settings\Gjest\Programdata\This Hide Hold\nojvwtzk.exe c:\windows\Tasks\AC311416918A8BE6.job . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-09 20:02 . 2008-11-09 20:02 d-------- c:\program files\Sun 2008-11-09 20:02 . 2008-06-10 02:32 73,728 --a------ c:\windows\system32\javacpl.cpl 2008-11-09 16:26 . 2008-11-09 16:26 d-------- c:\program files\SUPERAntiSpyware 2008-11-09 16:26 . 2008-11-09 16:26 d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-09 16:25 . 2008-11-09 16:26 6,637,592 --a------ c:\program files\SUPERAntiSpyware.exe 2008-11-09 15:20 . 2008-11-09 15:20 d-------- c:\program files\Trend Micro 2008-11-09 15:20 . 2008-11-09 15:20 812,344 --a------ c:\program files\HJTInstall.exe 2008-11-09 14:49 . 2008-11-09 21:43 3,044,467 -ra------ c:\program files\ComboFix.exe 2008-11-09 14:31 . 2008-11-09 14:31 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-09 14:31 . 2008-11-09 14:31 d-------- c:\documents and settings\JULIE ARNTZEN\Programdata\Malwarebytes 2008-11-09 14:31 . 2008-11-09 14:31 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-09 14:31 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-09 14:31 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-09 13:49 . 2008-11-09 21:29 d-------- c:\program files\CCleaner 2008-11-09 13:47 . 2008-11-09 13:48 893,096 --a------ c:\program files\ccsetup213_slim.exe 2008-11-08 22:39 . 2008-11-08 22:39 d-------- c:\documents and settings\Gjest\Programdata\SUPERAntiSpyware.com 2008-11-08 22:00 . 2008-11-08 22:00 d-------- c:\windows\system32\scripting 2008-11-08 22:00 . 2008-11-08 22:00 d-------- c:\windows\system32\en 2008-11-08 22:00 . 2008-11-08 22:00 d-------- c:\windows\system32\bits 2008-11-08 22:00 . 2008-11-08 22:00 d-------- c:\windows\l2schemas 2008-11-08 21:54 . 2008-11-08 22:01 d-------- c:\windows\ServicePackFiles 2008-11-08 21:26 . 2008-11-08 21:26 d-------- c:\program files\NetWaiting 2008-11-08 21:10 . 2007-08-13 18:54 33,792 --a------ c:\windows\system32\dllcache\custsat.dll 2008-11-08 21:02 . 2008-11-08 21:21 d-------- C:\88f1f6033b263b9e34 2008-11-08 19:56 . 2008-04-14 01:12 412,160 --------- c:\windows\system32\photometadatahandler.dll 2008-11-08 19:55 . 2008-04-14 01:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll 2008-11-08 19:54 . 2008-04-14 01:11 397,312 --------- c:\windows\system32\mmcex.dll 2008-11-08 19:54 . 2008-04-14 01:11 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll 2008-11-08 19:54 . 2008-04-14 01:11 106,496 --------- c:\windows\system32\mmcfxcommon.dll 2008-11-08 19:54 . 2008-04-14 01:11 61,440 --------- c:\windows\system32\kmsvc.dll 2008-11-08 19:54 . 2008-04-14 01:11 37,376 --------- c:\windows\system32\l2gpstore.dll 2008-11-08 19:54 . 2008-04-14 01:12 33,792 --------- c:\windows\system32\mmcperf.exe 2008-11-08 19:54 . 2008-04-14 01:09 6,144 --------- c:\windows\system32\kbdpash.dll 2008-11-08 19:54 . 2008-04-14 01:09 6,144 --------- c:\windows\system32\kbdnepr.dll 2008-11-08 19:54 . 2008-04-14 01:09 6,144 --------- c:\windows\system32\kbdiultn.dll 2008-11-08 19:54 . 2008-04-14 01:09 6,144 --------- c:\windows\system32\kbdbhc.dll 2008-11-08 19:52 . 2008-04-14 01:11 1,888,992 --------- c:\windows\system32\ati3duag.dll 2008-11-08 19:51 . 2008-04-14 01:11 136,192 --------- c:\windows\system32\aaclient.dll 2008-11-08 19:51 . 2008-04-14 01:11 4,255 --------- c:\windows\system32\drivers\adv01nt5.dll 2008-11-08 19:51 . 2008-04-14 01:11 3,967 --------- c:\windows\system32\drivers\adv02nt5.dll 2008-11-08 19:51 . 2008-04-14 01:11 3,775 --------- c:\windows\system32\drivers\adv11nt5.dll 2008-11-08 19:51 . 2008-04-14 01:11 3,711 --------- c:\windows\system32\drivers\adv09nt5.dll 2008-11-08 19:51 . 2008-04-14 01:11 3,647 --------- c:\windows\system32\drivers\adv07nt5.dll 2008-11-08 19:51 . 2008-04-14 01:11 3,615 --------- c:\windows\system32\drivers\adv05nt5.dll 2008-11-08 19:51 . 2008-04-14 01:11 3,135 --------- c:\windows\system32\drivers\adv08nt5.dll 2008-11-08 19:01 . 2008-08-14 11:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-08 19:01 . 2008-08-14 11:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-08 19:01 . 2008-08-14 10:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-08 19:01 . 2008-08-14 10:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-08 19:01 . 2008-09-15 13:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys 2008-11-08 19:01 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys 2008-11-08 19:00 . 2008-10-15 17:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-09 19:02 --------- d-----w c:\program files\Java 2008-11-08 20:26 --------- d-----w c:\program files\CONEXANT 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-09_15.14.49.12 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll + 2007-08-13 17:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll + 2007-08-13 17:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll + 2007-08-13 17:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll + 2007-08-13 17:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll + 2007-08-13 17:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll + 2007-08-13 17:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll + 2007-08-13 17:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe + 2007-08-13 17:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll + 2007-08-13 17:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll + 2007-08-13 16:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll + 2007-02-12 15:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat + 2007-07-11 11:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll + 2007-08-13 17:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll + 2007-08-13 17:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll + 2007-08-13 17:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll + 2007-08-13 17:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll + 2007-08-13 17:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe + 2007-08-13 17:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe + 2007-08-13 17:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll + 2007-08-13 17:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll + 2007-08-13 17:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll + 2007-08-13 17:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll + 2007-08-13 17:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll + 2007-08-13 17:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll + 2007-08-13 17:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll + 2007-08-13 17:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll + 2007-08-13 17:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll + 2007-08-13 17:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll + 2007-08-13 17:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll + 2007-08-13 17:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll + 2007-08-13 17:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll + 2008-11-09 15:26:36 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-11-09 15:26:36 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2007-08-13 17:39:00 123,904 ----a-w c:\windows\system32\advpack.dll + 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll - 2008-04-14 00:12:15 139,264 ----a-w c:\windows\system32\cscript.exe + 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe - 2007-08-13 17:39:00 123,904 ------w c:\windows\system32\dllcache\advpack.dll + 2008-08-26 07:24:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll + 2008-05-07 09:07:23 135,168 ------w c:\windows\system32\dllcache\cscript.exe - 2007-08-13 17:35:46 346,624 ----a-w c:\windows\system32\dllcache\dxtmsft.dll + 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll - 2007-08-13 17:35:38 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll + 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll - 2007-08-13 17:54:10 131,584 ----a-w c:\windows\system32\dllcache\extmgr.dll + 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll + 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll - 2007-08-13 17:39:26 152,064 ------w c:\windows\system32\dllcache\ieakeng.dll + 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll - 2007-08-13 17:39:54 229,376 ------w c:\windows\system32\dllcache\ieaksie.dll + 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll + 2007-04-17 09:32:38 2,455,488 ------w c:\windows\system32\dllcache\ieapfltr.dat + 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll - 2007-08-13 17:39:50 382,976 ------w c:\windows\system32\dllcache\iedkcs32.dll + 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll - 2007-08-13 17:39:10 43,008 ------w c:\windows\system32\dllcache\iernonce.dll + 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\dllcache\iernonce.dll + 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll + 2008-05-09 10:53:39 512,000 ------w c:\windows\system32\dllcache\jscript.dll - 2007-08-13 17:54:10 27,136 ----a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll + 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll + 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll - 2007-08-13 17:54:10 475,648 ----a-w c:\windows\system32\dllcache\mshtmled.dll + 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll - 2007-08-13 17:44:26 192,000 ----a-w c:\windows\system32\dllcache\msrating.dll + 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll - 2007-08-13 17:54:10 670,720 ----a-w c:\windows\system32\dllcache\mstime.dll + 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll - 2007-08-13 17:44:06 101,376 ------w c:\windows\system32\dllcache\occache.dll + 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\dllcache\occache.dll - 2007-08-13 17:36:12 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll + 2008-05-09 10:53:39 180,224 ------w c:\windows\system32\dllcache\scrobj.dll + 2008-05-09 10:53:40 172,032 ------w c:\windows\system32\dllcache\scrrun.dll - 2007-08-13 17:44:30 105,984 ------w c:\windows\system32\dllcache\url.dll + 2008-08-26 07:24:30 105,984 ------w c:\windows\system32\dllcache\url.dll - 2007-08-13 17:54:10 1,162,240 ----a-w c:\windows\system32\dllcache\urlmon.dll + 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll + 2008-05-09 10:53:40 430,080 ------w c:\windows\system32\dllcache\vbscript.dll - 2007-08-13 17:54:10 765,952 ----a-w c:\windows\system32\dllcache\VGX.dll + 2008-05-27 17:23:58 765,952 ----a-w c:\windows\system32\dllcache\vgx.dll - 2007-08-13 17:54:10 231,424 ------w c:\windows\system32\dllcache\webcheck.dll + 2008-08-26 07:24:31 233,472 ------w c:\windows\system32\dllcache\webcheck.dll - 2007-08-13 17:54:10 818,688 ----a-w c:\windows\system32\dllcache\wininet.dll + 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll + 2008-05-08 11:24:44 155,648 ------w c:\windows\system32\dllcache\wscript.exe + 2008-05-09 10:53:40 90,112 ------w c:\windows\system32\dllcache\wshext.dll - 2007-08-13 17:35:46 346,624 ----a-w c:\windows\system32\dxtmsft.dll + 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll - 2007-08-13 17:35:38 214,528 ----a-w c:\windows\system32\dxtrans.dll + 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll - 2007-08-13 17:54:10 131,584 ----a-w c:\windows\system32\extmgr.dll + 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll - 2007-08-13 17:36:26 61,952 ------w c:\windows\system32\icardie.dll + 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll - 2007-08-13 17:39:06 54,784 ----a-w c:\windows\system32\ie4uinit.exe + 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe - 2007-08-13 17:39:26 152,064 ----a-w c:\windows\system32\ieakeng.dll + 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll - 2007-08-13 17:39:54 229,376 ----a-w c:\windows\system32\ieaksie.dll + 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll - 2007-08-13 16:56:54 161,792 ----a-w c:\windows\system32\ieakui.dll + 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll - 2007-02-12 15:10:12 2,451,312 ------w c:\windows\system32\ieapfltr.dat + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat - 2007-07-11 11:27:48 383,488 ------w c:\windows\system32\ieapfltr.dll + 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll - 2007-08-13 17:39:50 382,976 ----a-w c:\windows\system32\iedkcs32.dll + 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll - 2007-08-13 17:54:10 6,049,280 ------w c:\windows\system32\ieframe.dll + 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll - 2007-08-13 17:39:10 43,008 ----a-w c:\windows\system32\iernonce.dll + 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll - 2007-08-13 17:34:04 266,752 ------w c:\windows\system32\iertutil.dll + 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll - 2007-08-13 17:39:10 13,312 ----a-w c:\windows\system32\ieudinit.exe + 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe - 2005-11-10 17:27:06 49,248 ----a-w c:\windows\system32\java.exe + 2008-06-10 00:21:01 135,168 ----a-w c:\windows\system32\java.exe - 2005-11-10 17:27:16 49,250 ----a-w c:\windows\system32\javaw.exe + 2008-06-10 00:21:04 135,168 ----a-w c:\windows\system32\javaw.exe - 2005-11-10 19:03:54 127,078 ----a-w c:\windows\system32\javaws.exe + 2008-06-10 01:32:34 139,264 ----a-w c:\windows\system32\javaws.exe - 2008-04-14 00:11:56 512,000 ----a-w c:\windows\system32\jscript.dll + 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll - 2007-08-13 17:54:10 27,136 ----a-w c:\windows\system32\jsproxy.dll + 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll - 2007-08-13 17:54:10 458,752 ------w c:\windows\system32\msfeeds.dll + 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll - 2007-08-13 17:54:10 50,688 ------w c:\windows\system32\msfeedsbs.dll + 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll - 2007-08-13 17:54:12 3,578,368 ----a-w c:\windows\system32\mshtml.dll + 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll - 2007-08-13 17:54:10 475,648 ----a-w c:\windows\system32\mshtmled.dll + 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll - 2007-08-13 17:44:26 192,000 ----a-w c:\windows\system32\msrating.dll + 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll - 2007-08-13 17:54:10 670,720 ----a-w c:\windows\system32\mstime.dll + 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll - 2007-08-13 17:44:06 101,376 ----a-w c:\windows\system32\occache.dll + 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll - 2007-08-13 17:36:12 44,544 ----a-w c:\windows\system32\pngfilt.dll + 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll - 2008-04-14 00:12:05 180,224 ----a-w c:\windows\system32\scrobj.dll + 2008-05-09 10:53:39 180,224 ----a-w c:\windows\system32\scrobj.dll - 2008-04-14 00:12:05 172,032 ----a-w c:\windows\system32\scrrun.dll + 2008-05-09 10:53:40 172,032 ----a-w c:\windows\system32\scrrun.dll - 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll + 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll - 2007-08-13 17:44:30 105,984 ----a-w c:\windows\system32\url.dll + 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll - 2007-08-13 17:54:10 1,162,240 ----a-w c:\windows\system32\urlmon.dll + 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll - 2008-04-14 00:12:08 434,176 ----a-w c:\windows\system32\vbscript.dll + 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll - 2007-08-13 17:54:10 231,424 ----a-w c:\windows\system32\webcheck.dll + 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll - 2007-08-13 17:54:10 818,688 ----a-w c:\windows\system32\wininet.dll + 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll - 2008-04-14 00:12:41 155,648 ----a-w c:\windows\system32\wscript.exe + 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe - 2008-04-14 00:12:10 90,112 ----a-w c:\windows\system32\wshext.dll + 2008-05-09 10:53:40 90,112 ----a-w c:\windows\system32\wshext.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "Norman ZANDA"="c:\norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "nwiz"="nwiz.exe" [2006-08-18 c:\windows\system32\nwiz.exe] "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 c:\windows\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Photosmart Premier Hurtigstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728] Hurtigstart for Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R2 Ndiskio;Ndiskio;c:\norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2008-09-02 19512] R3 nvcoas;Norman Virus Control on-access component;c:\norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488] S3 nvcfsr;nvcfsr;c:\norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712] S3 nvcoafl51;nvcoafl51;c:\norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264] S3 nvcoaft51;nvcoaft51;c:\norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848] S3 nvcoarc51;nvcoarc51;c:\norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224] S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\DRIVERS\SE30bus.sys [2006-05-01 61600] S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE30mdfl.sys [2006-05-01 9360] S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE30mdm.sys [2006-05-01 97184] S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE30mgmt.sys [2006-05-01 88688] S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\DRIVERS\se30nd5.sys [2006-05-01 18704] S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE30obex.sys [2006-05-01 86560] S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\DRIVERS\se30unic.sys [2006-05-01 90800] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-09 21:47:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????