ComboFix 08-01-11.3 - Jon-Arne 2008-01-13 12:59:25.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1495 [GMT 1:00] Running from: C:\Documents and Settings\Jon-Arne\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-12 16:56 . 2008-01-13 12:58 dr-h----- C:\Documents and Settings\Jon-Arne\Siste 2008-01-12 15:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 16:24 . 2008-01-12 16:43 16,896 --ahs---- C:\WINDOWS\system32\Thumbs.db 2008-01-05 11:26 . 2008-01-05 11:26 d-------- C:\WINDOWS\Sun 2008-01-04 13:51 . 2008-01-04 13:51 d-------- C:\Programfiler\PowerQuest 2008-01-04 09:12 . 2008-01-06 09:44 0 --a------ C:\WINDOWS\system32\drivers\logiflt.iad 2008-01-01 16:36 . 2008-01-01 16:36 d-------- C:\ATI 2007-12-31 13:47 . 2007-12-31 13:53 d-------- C:\WINDOWS\system32\NtmsData 2007-12-31 10:11 . 2007-10-12 02:57 195,096 --a------ C:\WINDOWS\system32\lvci1150.dll 2007-12-31 10:08 . 2007-12-31 10:08 d-------- C:\Programfiler\Logitech 2007-12-31 10:08 . 2007-12-31 11:26 d-------- C:\Documents and Settings\All Users\Programdata\Logishrd 2007-12-24 10:03 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-12-24 10:03 . 2004-08-04 01:03 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll 2007-12-24 10:03 . 2004-08-04 00:57 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2007-12-24 10:03 . 2004-08-04 00:57 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys 2007-12-21 00:56 . 2007-12-21 00:56 268 --ah----- C:\sqmdata00.sqm 2007-12-21 00:56 . 2007-12-21 00:56 244 --ah----- C:\sqmnoopt00.sqm 2007-12-20 11:52 . 2007-12-20 11:52 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll 2007-12-20 11:52 . 2007-12-20 11:52 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll 2007-12-20 11:52 . 2007-12-20 11:52 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll 2007-12-13 05:46 . 2008-01-12 16:42 7,680 --ahs---- C:\WINDOWS\Thumbs.db . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 11:05 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-01-11 11:04 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-01-06 08:44 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs 2008-01-05 13:36 --------- d-----w C:\Programfiler\Google 2008-01-04 12:51 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-01-04 08:12 --------- d-----w C:\Programfiler\Fellesfiler\LogiShrd 2008-01-03 13:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-12-27 12:21 --------- d-----w C:\Programfiler\Windows Media Connect 2 2007-12-27 11:50 --------- d-----w C:\Documents and Settings\Jon-Arne\Programdata\uTorrent 2007-12-14 06:06 --------- d-----w C:\Documents and Settings\Jon-Arne\Programdata\dvdcss 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-12-02 04:29 --------- d-----w C:\Programfiler\OpenOffice.org 2.0 2007-11-28 05:13 94,208 ----a-w C:\WINDOWS\DIIUnin.exe 2007-11-28 05:13 --------- d-----w C:\Programfiler\Diablo II 2007-11-26 05:48 --------- d-----w C:\Programfiler\Electronic Arts 2007-11-14 15:55 --------- d-----w C:\Documents and Settings\Jon-Arne\Programdata\vlc 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 18:33 94,297 ----a-w C:\WINDOWS\system32\SynTPAPI.dll 2007-10-29 18:33 82,012 ----a-w C:\WINDOWS\system32\SynCOM.dll 2007-10-29 18:33 81,920 ----a-w C:\WINDOWS\system32\SynTPCo2.dll 2007-10-29 18:33 69,721 ----a-w C:\WINDOWS\system32\SynTPFcs.dll 2007-10-29 18:33 114,688 ----a-w C:\WINDOWS\system32\SynCtrl.dll 2007-10-29 15:03 86,016 ----a-w C:\WINDOWS\system32\mdmxsdk.dll 2007-10-29 15:03 114,688 ----a-w C:\WINDOWS\system32\uci32102.dll 2007-10-29 14:27 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.291 Uninstall.exe 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-12_15.36.35,06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-12 14:34:27 1,331,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-12 16:32:39 1,331,200 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-12 14:34:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-12 16:32:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-12 14:34:27 1,335,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-12 16:32:39 1,335,296 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-12 14:34:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-12 16:32:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-12 14:34:27 5,332,992 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-12 16:32:40 5,476,352 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-12 14:34:27 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-12 16:32:40 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-13 11:00:56 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_69c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe" [2007-10-29 14:58 32881] "IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718] "IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182] "AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 344064 C:\WINDOWS\system32\atiptaxx.exe] "LaunchAp"="C:\Programfiler\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "PowerKey"="C:\Programfiler\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208] "LManager"="C:\Programfiler\Launch Manager\HotkeyApp.exe" [2006-01-10 18:06 69632] "CtrlVol"="C:\Programfiler\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480] "LMgrOSD"="C:\Programfiler\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664] "Wbutton"="C:\Programfiler\Launch Manager\Wbutton.exe" [2005-11-08 10:19 81920] "RTHDCPL"="RTHDCPL.EXE" [2005-12-19 13:52 15797248 C:\WINDOWS\RTHDCPL.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-10-29 19:33 761945] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2005-12-15 19:13 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-18 16:06 3079680] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-10-19 20:16 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Programfiler\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\Jon-Arne\Start-meny\Programmer\Oppstart\ OneNote 2007 Screen Clipper og Launcher.lnk - C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ PC-s›k i Windows.lnk - C:\Programfiler\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] R3 POWERKEY;POWERKEY;C:\Programfiler\Launch Manager\POWERKEY.sys [2000-12-19 18:29] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c039367d-8627-11dc-b824-e04509c3befc}] \Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 13:02:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 13:03:15 ComboFix-quarantined-files.txt 2008-01-13 12:02:52 ComboFix2.txt 2008-01-12 16:33:56 ComboFix3.txt 2008-01-12 16:05:25 ComboFix4.txt 2008-01-12 15:41:26 ComboFix5.txt 2008-01-12 15:23:15 . 2008-01-09 08:18:32 --- E O F ---