ComboFix 08-03-07.4 - ingve E 2008-03-08 23:20:12.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.546 [GMT 1:00]
Running from: C:\Documents and Settings\ingve E\Skrivebord\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-02-08 to 2008-03-08  )))))))))))))))))))))))))))))))
.

2008-03-08 21:32 . 2008-03-08 21:32	268	--ah-----	C:\sqmdata00.sqm
2008-03-08 21:32 . 2008-03-08 21:32	244	--ah-----	C:\sqmnoopt00.sqm
2008-03-08 21:30 . 2008-03-08 21:30	<DIR>	d--------	C:\WINNT\LastGood
2008-03-08 21:08 . 2008-03-08 21:08	<DIR>	d----c---	C:\WINNT\system32\DRVSTORE
2008-03-08 21:08 . 2008-03-08 21:23	<DIR>	d--------	C:\Documents and Settings\ingve E\Contacts
2008-03-08 21:01 . 2008-03-08 21:01	0	--a------	C:\Documents and Settings\ingve E\Programdata\wklnhst.dat
2008-03-08 21:00 . 2008-03-08 21:08	<DIR>	d--------	C:\Programfiler\Windows Live
2008-03-08 21:00 . 2008-03-08 21:04	<DIR>	d--hsc---	C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-03-08 21:00 . 2008-03-08 21:00	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\WLInstaller
2008-03-08 20:54 . 2008-03-08 20:54	<DIR>	d--------	C:\Programfiler\Windows Media Connect 2
2008-03-08 20:54 . 2008-03-08 20:54	2,402,832	--a------	C:\Programfiler\WLinstaller.exe
2008-03-08 20:54 . 2004-08-04 13:00	221,184	--a------	C:\WINNT\system32\wmpns.dll
2008-03-08 20:53 . 2008-03-08 20:53	<DIR>	d--------	C:\WINNT\system32\LogFiles
2008-03-08 20:53 . 2008-03-08 20:53	<DIR>	d--------	C:\WINNT\system32\drivers\UMDF
2008-03-08 20:52 . 2008-03-08 20:52	25,745,992	--a------	C:\Programfiler\wmp11-windowsxp-x86-NB-NO.exe
2008-03-08 20:49 . 2008-03-08 20:49	<DIR>	d--------	C:\Programfiler\Java
2008-03-08 20:49 . 2008-02-22 02:33	69,632	--a------	C:\WINNT\system32\javacpl.cpl
2008-03-08 20:48 . 2008-03-08 20:48	<DIR>	d--------	C:\Programfiler\Fellesfiler\Java
2008-03-08 20:48 . 2008-03-08 20:48	382,352	--a------	C:\Programfiler\Java install.exe
2008-03-08 20:46 . 2008-03-08 20:47	1,491,592	--a------	C:\Programfiler\install flash player.exe
2008-03-08 20:37 . 2008-03-08 20:37	<DIR>	d--hs----	C:\WINNT\ftpcache
2008-03-08 20:36 . 2008-03-08 20:36	<DIR>	d--------	C:\Documents and Settings\LocalService\Programdata\AVG7
2008-03-08 20:36 . 2008-03-08 21:24	<DIR>	d--------	C:\Documents and Settings\ingve E\Programdata\AVG7
2008-03-08 20:36 . 2008-03-08 20:36	499,712	--a------	C:\WINNT\system32\msvcp71.dll
2008-03-08 20:36 . 2008-03-08 20:36	348,160	--a------	C:\WINNT\system32\msvcr71.dll
2008-03-08 20:35 . 2008-03-08 20:35	<DIR>	d--------	C:\Documents and Settings\ingve E\Programdata\Logitech
2008-03-08 20:35 . 2008-03-08 20:35	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Grisoft
2008-03-08 20:35 . 2008-03-08 21:24	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\avg7
2008-03-08 20:34 . 2008-03-08 20:34	<DIR>	d--------	C:\Programfiler\Logitech
2008-03-08 20:34 . 2008-03-08 20:34	<DIR>	d--------	C:\Programfiler\Fellesfiler\Logitech
2008-03-08 20:34 . 2004-10-21 13:30	71,535	--a------	C:\WINNT\system32\drivers\LMouKE.Sys
2008-03-08 20:34 . 2004-10-21 13:31	54,851	--a------	C:\WINNT\system32\drivers\L8042mou.Sys
2008-03-08 20:34 . 2004-10-21 13:32	13,107	--a------	C:\WINNT\system32\drivers\L8042Kbd.sys
2008-03-08 20:31 . 2008-03-08 20:31	<DIR>	d--------	C:\Documents and Settings\ingve E\Programdata\Winamp
2008-03-08 20:21 . 2008-03-08 20:21	<DIR>	d--------	C:\Programfiler\flash player
2008-03-08 20:14 . 2008-03-08 20:31	<DIR>	d--------	C:\Programfiler\Winamp
2008-03-08 20:07 . 2008-03-08 20:07	<DIR>	d--------	C:\Programfiler\Common Files
2008-03-08 20:07 . 2008-03-08 20:07	<DIR>	d--------	C:\Programfiler\Brother
2008-03-08 20:05 . 2008-03-08 20:05	<DIR>	d--------	C:\Programfiler\Fellesfiler\ScanSoft Shared
2008-03-08 20:05 . 2008-03-08 20:05	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\InstallShield
2008-03-08 20:05 . 2005-03-19 12:39	27,022	--a------	C:\WINNT\maxlink.ini
2008-03-08 20:04 . 2008-03-08 20:04	<DIR>	d--------	C:\Programfiler\ScanSoft
2008-03-08 20:04 . 2008-03-08 20:05	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\ScanSoft
2008-03-08 20:02 . 2008-03-08 20:02	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\Brother
2008-03-08 20:00 . 2008-03-08 20:19	<DIR>	d--------	C:\WINNT\system32\nb-no
2008-03-08 19:54 . 2008-03-08 19:55	<DIR>	d--------	C:\Programfiler\internett eksplorer 7
2008-03-08 19:50 . 2008-03-08 19:50	<DIR>	d--------	C:\Programfiler\uTorrent
2008-03-08 19:50 . 2008-03-08 21:21	<DIR>	d--------	C:\Documents and Settings\ingve E\Programdata\uTorrent
2008-03-08 19:49 . 2008-03-08 20:34	32,981,120	--a------	C:\Programfiler\avg75free_516a1262.exe
2008-03-08 19:48 . 2006-09-25 17:58	23,856	--a------	C:\WINNT\system32\spupdsvc.exe
2008-03-08 19:48 . 2008-03-08 19:48	0	--a------	C:\WINNT\nsreg.dat
2008-03-08 19:46 . 2008-03-08 19:47	<DIR>	d--------	C:\Programfiler\opera
2008-03-08 19:44 . 2008-03-08 19:44	282,624	--a------	C:\WINNT\Dit.DLL
2008-03-08 19:44 . 2003-12-29 23:33	94,208	--a------	C:\WINNT\Dit.exe
2008-03-08 19:44 . 2003-07-11 10:31	61,440	--a------	C:\WINNT\DitExp.exe
2008-03-08 19:44 . 2008-03-08 19:44	595	--a------	C:\WINNT\ICCLR.INF
2008-03-08 19:44 . 2008-03-08 19:44	258	--a------	C:\WINNT\Dit.INI
2008-03-08 19:43 . 2008-03-08 19:42	12,598	--a------	C:\WINNT\system32\wpa.bak
2008-03-08 19:42 . 2008-03-08 19:42	<DIR>	d--------	C:\Programfiler\AVG
2008-03-08 19:41 . 2008-03-08 19:41	<DIR>	d--hs----	C:\Documents and Settings\ingve E\UserData
2008-03-08 18:38 . 2004-12-31 16:27	284,224	--a------	C:\WINNT\system32\drivers\ar5523.sys
2008-03-08 18:38 . 2004-12-31 16:27	284,224	--a------	C:\WINNT\system32\ar5523.sys
2008-03-08 18:38 . 2005-02-02 10:47	143,800	--a------	C:\WINNT\system32\drivers\ar5523.bin
2008-03-08 18:38 . 2005-02-02 10:47	143,800	--a------	C:\WINNT\system32\ar5523.bin
2008-03-08 18:38 . 2004-10-29 00:31	45,128	--a------	C:\WINNT\system32\athgina.dll
2008-03-08 18:38 . 2004-10-29 10:02	43,392	--a------	C:\WINNT\system32\drivers\Athfmwdl.sys
2008-03-08 18:38 . 2004-10-29 10:02	43,392	--a------	C:\WINNT\system32\athfmwdl.sys
2008-03-08 18:38 . 2004-12-24 17:38	14,165	--a------	C:\WINNT\system32\net5523.inf
2008-03-08 18:38 . 2004-12-24 20:11	1,788	--a------	C:\WINNT\system32\athfmwdl.inf
2008-03-08 18:37 . 2008-03-08 18:37	<DIR>	d--------	C:\Programfiler\3COM
2008-03-08 18:37 . 2008-03-08 18:37	15,890	--a------	C:\WINNT\system32\drivers\mdc8021x.sys
2008-03-08 18:31 . 2005-09-27 08:50	<DIR>	dr-------	C:\Documents and Settings\ingve E\Start-meny
2008-03-08 18:31 . 2005-09-26 09:28	<DIR>	d--h-----	C:\Documents and Settings\ingve E\Skrivere
2008-03-08 18:31 . 2008-03-08 23:18	<DIR>	d--------	C:\Documents and Settings\ingve E\Skrivebord
2008-03-08 18:31 . 2008-03-08 21:57	<DIR>	dr-h-----	C:\Documents and Settings\ingve E\Siste
2008-03-08 18:31 . 2005-09-26 11:32	<DIR>	d--------	C:\Documents and Settings\ingve E\Programdata\CyberLink
2008-03-08 18:31 . 2008-03-08 21:01	<DIR>	dr-h-----	C:\Documents and Settings\ingve E\Programdata
2008-03-08 18:31 . 2008-03-08 21:52	<DIR>	dr-------	C:\Documents and Settings\ingve E\Mine dokumenter
2008-03-08 18:31 . 2005-09-26 07:33	<DIR>	d--h-----	C:\Documents and Settings\ingve E\Maler
2008-03-08 18:31 . 2005-09-26 09:28	<DIR>	d--h-----	C:\Documents and Settings\ingve E\Lokale innstillinger
2008-03-08 18:31 . 2008-03-08 20:01	<DIR>	dr-------	C:\Documents and Settings\ingve E\Favoritter
2008-03-08 18:31 . 2005-09-26 09:28	<DIR>	d--h-----	C:\Documents and Settings\ingve E\AndrMask
2008-03-08 18:28 . 2004-08-03 23:08	31,616	--a------	C:\WINNT\system32\drivers\usbccgp.sys
2008-03-08 18:28 . 2004-08-03 23:01	25,856	--a------	C:\WINNT\system32\drivers\usbprint.sys
2008-03-08 18:27 . 2008-03-08 18:27	8,192	--a------	C:\WINNT\REGLOCS.OLD

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 19:52	---------	d-----w	C:\Programfiler\Windows Media Connect
2008-03-08 19:34	---------	d--h--w	C:\Programfiler\InstallShield Installation Information
2008-03-08 19:07	---------	d-----w	C:\Programfiler\Fellesfiler\InstallShield
2008-03-08 19:01	---------	d-----w	C:\Documents and Settings\All Users\Programdata\CyberLink
2008-03-08 17:34	---------	d-----w	C:\Programfiler\CyberLink
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"Power2GoExpress"="" []
"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]
"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2005-08-02 15:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 15:35 1519616 C:\WINNT\system32\nwiz.exe]
"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 06:27 860160]
"RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 00:07 32768]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="C:\Programfiler\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-08 17:33 69721]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [2005-08-02 15:35 86016]
"WlanUI"="C:\Programfiler\3COM\3Com Wireless 108 Mbps 11g USB Utility \WlanUI.exe" [2004-12-31 17:22 385024]
"SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Programfiler\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 15:03 57393]
"IndexSearch"="C:\Programfiler\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 15:15 40960]
"SetDefPrt"="C:\Programfiler\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="C:\Programfiler\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-08 20:35 579072]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 20:35 219136]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\KEM.exe [2008-03-08 20:34:38 581632]
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]
Statusoverv†kning.lnk - C:\Programfiler\Brother\Brmfcmon\BrMfcWnd.exe [2008-03-08 20:07:12 802816]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\uTorrent\\uTorrent.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R3 AR5523;3Com OfficeConnect Wireless 108Mbps 11g USB Adapter Service;C:\WINNT\system32\DRIVERS\ar5523.sys [2004-12-31 16:27]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINNT\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 ATHFMWDL;3Com USB Wireless Adapter Bootloader driver;C:\WINNT\system32\Drivers\ATHFMWDL.sys [2004-10-29 10:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 23:21:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\explorer.exe [6.00.2900.3156]
-> C:\Programfiler\Logitech\SetPoint\lgscroll.dll
-> C:\Programfiler\Logitech\SetPoint\HookDll.dll
.
Completion time: 2008-03-08 23:21:38
.
2008-03-08 20:32:57	--- E O F ---