Hello,
This is the HijackThis Log after I ran Combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'Default user')
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1189776875845
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) -
http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adaptive Server Anywhere - hollandica (ASANYs_hollandica) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12480 bytes
And this is the log from Combofix.txt
ComboFix 08-04-12.10 - Rogerca 2008-04-13 17:31:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT 2:00]
Running from: C:\Documents and Settings\rogerca\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\MS_Ext1.DLL
C:\WINDOWS\MS_VXD_Ext.DLL
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FAD
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\rogerca\Application Data\Malwarebytes
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:33 . 2008-04-13 16:33 50,688 --a------ C:\Temp\ATF-Cleaner.exe
2008-04-13 16:22 . 2008-04-13 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-13 13:08 . 2008-04-13 13:01 10,360,321 --a------ C:\Enterprise_LEV_080413.zip
2008-04-11 11:43 . 2008-04-11 11:43 268 --ah----- C:\sqmdata04.sqm
2008-04-11 11:43 . 2008-04-11 11:43 244 --ah----- C:\sqmnoopt04.sqm
2008-04-11 11:25 . 2004-05-05 18:40 414,720 -ra------ C:\WINDOWS\system32\ftcunin.exe
2008-04-11 11:25 . 2004-03-16 12:03 69,632 -ra------ C:\WINDOWS\system32\ftd2xx.dll
2008-04-11 11:25 . 2004-03-23 18:36 56,031 -ra------ C:\WINDOWS\system32\drivers\ftcser2k.sys
2008-04-11 11:25 . 2003-06-11 13:48 48,625 -ra------ C:\WINDOWS\system32\ftcsui2.dll
2008-04-11 11:25 . 2004-05-05 12:10 43,235 -ra------ C:\WINDOWS\system32\drivers\ftcusb.sys
2008-04-11 11:25 . 2004-05-06 13:47 20,198 -ra------ C:\WINDOWS\system32\ftcserco.dll
2008-04-11 11:25 . 2004-03-11 13:27 92 -ra------ C:\WINDOWS\system32\ftcun2k.ini
2008-04-11 11:14 . 2008-04-11 11:14 <DIR> d-------- C:\Program Files\Kockum Sonics
2008-04-11 11:14 . 2004-10-07 20:03 74,240 --a------ C:\Norcontrol_sim.exe
2008-04-10 16:32 . 2008-03-28 10:00 57,594 --a------ C:\00008NL.D
2008-04-10 16:10 . 2008-04-10 16:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 16:10 . 2008-04-11 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 16:08 . 2008-04-10 16:08 9,722,720 --a------ C:\Temp\spybotsd152.exe
2008-04-09 16:44 . 2008-04-09 16:44 276 --a------ C:\Temp\TS-fix.bat
2008-04-09 09:32 . 2008-04-09 09:32 18,264,120 --a------ C:\Temp\Norman_Malware_Cleaner.exe
2008-04-08 09:25 . 2008-04-08 09:25 268 --ah----- C:\sqmdata03.sqm
2008-04-08 09:25 . 2008-04-08 09:25 244 --ah----- C:\sqmnoopt03.sqm
2008-04-08 09:18 . 2008-04-08 09:18 268 --ah----- C:\sqmdata02.sqm
2008-04-08 09:18 . 2008-04-08 09:18 244 --ah----- C:\sqmnoopt02.sqm
2008-04-07 11:28 . 2008-04-07 11:28 <DIR> d-------- C:\Temp\ar6341
2008-04-07 08:17 . 2008-04-07 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 08:16 . 2008-04-07 08:16 812,344 --a------ C:\Temp\HJTInstall.exe
2008-04-04 14:01 . 2008-04-07 07:54 <DIR> d-------- C:\cbm
2008-04-04 09:15 . 2008-04-04 09:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 09:12 . 2008-04-04 12:41 <DIR> d-------- C:\Documents and Settings\rogerca\.housecall6.6
2008-04-03 08:45 . 2008-04-03 08:46 8,161,400 --a------ C:\Temp\Windows-KB890830-V1.39.exe
2008-04-01 12:03 . 2008-04-02 08:58 <DIR> d-------- C:\Temp\Repl_explorer
2008-04-01 12:02 . 2008-04-01 12:02 1,845,168 --a------ C:\Temp\Amos Replication Export Files Explorer.zip
2008-04-01 08:30 . 2008-04-01 08:30 <DIR> d-------- C:\Program Files\RealVNC
2008-04-01 08:29 . 2008-04-01 08:29 739,240 --a------ C:\Temp\vnc-4_1_2-x86_win32.exe
2008-03-31 09:35 . 2008-03-31 09:35 2,593 --a------ C:\Temp\uploaded-8407_update helpfile.zip
2008-03-28 15:48 . 2008-03-28 15:57 <DIR> d-------- C:\Program Files\putty
2008-03-28 15:34 . 2008-03-28 15:35 1,518,921 --a------ C:\Temp\putty.zip
2008-03-28 15:04 . 2008-03-28 15:04 233,308 --a------ C:\Temp\ABS8515.zip
2008-03-27 09:57 . 2008-04-13 16:21 33,830 ---hs---- C:\rogerca.vbs
2008-03-26 15:16 . 2008-03-26 15:47 35,960,792 --a------ C:\Temp\avg75free_519a1276.exe
2008-03-25 09:02 . 2008-03-25 09:02 268 --ah----- C:\sqmdata01.sqm
2008-03-25 09:02 . 2008-03-25 09:02 244 --ah----- C:\sqmnoopt01.sqm
2008-03-19 08:45 . 2008-03-19 08:45 268 --ah----- C:\sqmdata00.sqm
2008-03-19 08:45 . 2008-03-19 08:45 244 --ah----- C:\sqmnoopt00.sqm
2008-03-18 12:34 . 2008-03-18 12:34 <DIR> d-------- C:\Apps
2008-03-14 10:28 . 2008-03-31 14:17 <DIR> d-------- C:\Temp\abs8600
2008-03-13 09:46 . 2008-03-13 09:46 <DIR> d-------- C:\Temp\Moland Interface Ver1.1
2008-03-13 09:46 . 2008-04-04 14:54 <DIR> d-------- C:\Program Files\Hourcnt
2008-03-13 09:46 . 1997-07-19 18:00 97,552 --a------ C:\WINDOWS\system32\MSCOMM32.OCX
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 15:38 --------- d-----w C:\Program Files\Plaxo
2008-04-13 15:38 --------- d-----w C:\Documents and Settings\rogerca\Application Data\Skype
2008-04-13 14:54 --------- d-----w C:\Documents and Settings\rogerca\Application Data\skypePM
2008-04-13 14:20 33,830 --sh--w C:\WINDOWS\system32\rogerca.vbs
2008-04-13 14:20 33,830 --sh--w C:\WINDOWS\rogerca.vbs
2008-04-10 12:05 --------- d-----w C:\Program Files\LOGIHOLD
2008-04-07 09:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 07:39 --------- d-----w C:\Program Files\DB Commander 2000 PRO
2008-04-04 14:54 --------- d-----w C:\Program Files\AMOS
2008-03-28 14:03 --------- d-----w C:\Program Files\Wfwin
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 07:00 --------- d-----w C:\Program Files\Java
2008-03-13 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-03-10 07:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-10 07:13 --------- d-----w C:\Program Files\Skype
2008-03-10 07:13 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-07 13:04 --------- d-----w C:\Program Files\Oracle
2008-03-06 09:54 --------- d-----w C:\Program Files\TechSmith
2008-03-06 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-06 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 07:27 --------- d-----w C:\Program Files\Seiko Instruments USA Inc
2008-02-20 13:21 --------- d-----w C:\Program Files\Star IPS
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 07:48 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-02-15 15:20 --------- d-----w C:\Program Files\Cisco Systems
2008-02-15 09:37 --------- d-----w C:\Program Files\totalcmd
2008-02-14 10:23 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-09 15:10 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 15:10 79,440 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 15:10 75,344 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-11-09 15:10 140,880 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 15:10 42,576 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-11-09 15:10 50,768 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 15:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 15:11 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"DBISQL9"="C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2008-01-17 21:38 144688]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 18:21 227914]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [2007-12-19 11:15 31816]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 17:13 1207080]
"SybaseCentral43"="C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2008-01-17 21:38 136496]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\program filesNorman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 03:04 184320]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]
C:\Documents and Settings\rogerca\Start Menu\Programs\Startup\
SmartCapture.lnk - C:\WINDOWS\Seiko\slpcap.exe [2006-07-12 03:29:00 123917]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 12:11:48 6395464]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2008-02-18 09:49:44 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbisqlg.exe"=
"C:\\Program Files\\Sybase\\Shared\\Sybase Central 4.3\\win32\\scjview.exe"=
"C:\\Program Files\\Sybase\\ASA 8.0\\win32\\dbeng8.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Star IPS\\Star.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1207:UDP"= 1207:UDP:Windows Media Format SDK (firefox.exe)
"1206:UDP"= 1206:UDP:Windows Media Format SDK (firefox.exe)
"1183:UDP"= 1183:UDP:Windows Media Format SDK (firefox.exe)
"1182:UDP"= 1182:UDP:Windows Media Format SDK (firefox.exe)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 Ndiskio;Ndiskio;C:\program filesNorman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2006-05-09 18:47]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\program filesNorman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 ASANYs_hollandica;Adaptive Server Anywhere - hollandica;C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2008-01-17 21:38]
S3 D100IB;D100IB;C:\WINDOWS\system32\DRIVERS\D100IB5.SYS [2001-08-17 12:12]
S3 FTCSER2K;FTDI USB Dual Serial Port Driver;C:\WINDOWS\system32\drivers\ftcser2k.sys [2004-03-23 18:36]
S3 FTCUSB;FTCUSB.SYS FT2232C IO test driver;C:\WINDOWS\system32\drivers\ftcusb.sys [2004-05-05 12:10]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-04 07:31]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 20:34]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#gemensam]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#intranet]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#kunder]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2951483f-03ea-11dd-a3b8-00166f732749}]
\Shell\AutoRun\command - WScript.exe rogerca.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe rogerca.vbs "AutoRun"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9eb2f2-8b72-11dc-a2f9-444553544200}]
\Shell\AutoRun\command - Q:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 12:33:08 C:\WINDOWS\Tasks\CKUtil.job"
I also have Spybot Search And Destroy installed and it is warning me about a registry entry:
Category: REG Extension handler
Change: Value changed
Old Data: regedit.exe "%1"
New Data: %SystemRoot\System32\Wscript.exe "C:\Windows\rogerca.vbs" %1 %*
Should I allow it och deny it?
The problem is still there....
Best Regards
Roger Carlsson
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
