ComboFix 08-03-17.1 - Nina Skjelbred 2008-03-19 13:03:59.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1044.18.385 [GMT 1:00]
Running from: D:\Mine dokumenter\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-02-19 to 2008-03-19  )))))))))))))))))))))))))))))))
.

2008-03-19 00:19 . 2008-03-19 00:19	<DIR>	d--------	C:\Programfiler\SUPERAntiSpyware
2008-03-19 00:19 . 2008-03-19 00:19	<DIR>	d--------	C:\Documents and Settings\Nina Skjelbred\Programdata\SUPERAntiSpyware.com
2008-03-19 00:19 . 2008-03-19 00:19	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\SUPERAntiSpyware.com
2008-03-19 00:18 . 2008-03-19 00:18	<DIR>	d--------	C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-03-19 00:13 . 2008-03-19 00:13	<DIR>	dr-h-----	C:\Documents and Settings\Nina Skjelbred\Siste
2008-03-19 00:12 . 2008-03-19 00:12	<DIR>	d--------	C:\Programfiler\CCleaner
2008-03-14 18:19 . 2008-03-14 18:19	<DIR>	d--------	C:\Programfiler\Lavasoft
2008-03-11 15:26 . 2008-03-11 15:26	<DIR>	d--------	C:\Programfiler\Trend Micro
2008-03-11 15:26 . 2008-03-11 15:27	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\Trend Micro
2008-03-11 00:19 . 2008-03-11 00:20	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\AntiSpyInfo
2008-03-10 23:44 . 2008-03-11 00:13	<DIR>	d--------	C:\Programfiler\RegistryFix
2008-03-10 23:29 . 2008-03-10 23:36	<DIR>	d-a------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\TEMP
2008-03-10 23:19 . 2008-03-10 23:19	<DIR>	d--------	C:\Documents and Settings\Nina Skjelbred\Programdata\Antispyware
2008-03-10 23:18 . 2008-03-10 23:25	<DIR>	d--------	C:\Programfiler\AntiSpywareApp
2008-03-02 17:20 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll
2008-03-02 17:20 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll
2008-03-02 17:20 . 2007-07-30 19:18	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 10:07 . 2008-03-02 10:07	<DIR>	d--------	C:\Programfiler\Microsoft CAPICOM 2.1.0.2
2008-03-01 17:39 . 2006-11-29 13:06	3,426,072	--a------	C:\WINDOWS\system32\d3dx9_32.dll
2008-03-01 17:38 . 2008-03-01 17:38	<DIR>	d--------	C:\Programfiler\Microsoft SQL Server Compact Edition
2008-03-01 17:31 . 2008-03-02 23:01	<DIR>	d--------	C:\Programfiler\Windows Live
2008-03-01 17:31 . 2008-03-01 17:38	<DIR>	d--hsc---	C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2008-03-01 17:31 . 2008-03-01 17:31	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\PROGRA~1\WLInstaller

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 23:42	---------	d-----w	C:\Programfiler\BearShare
2008-03-14 17:19	---------	d-----w	C:\Documents and Settings\Nina Skjelbred\Programdata\Lavasoft
2008-03-12 22:30	---------	d-----w	C:\Programfiler\Fellesfiler\Symantec Shared
2008-03-11 14:14	---------	d-----w	C:\Documents and Settings\Nina Skjelbred\Programdata\AVG7
2008-03-11 14:14	---------	d-----w	C:\DOCUME~1\ALLUSE~1\PROGRA~1\avg7
2008-03-10 17:39	---------	d-----w	C:\Programfiler\iFinger
2008-03-09 21:57	---------	d-----w	C:\Documents and Settings\Nina Skjelbred\Programdata\SmartFTP
2008-02-18 14:21	---------	d-----w	C:\Programfiler\Fellesfiler\Adobe
2008-02-08 19:41	---------	d-----w	C:\Documents and Settings\LocalService\Programdata\AVG7
2008-02-08 19:02	---------	d-----w	C:\DOCUME~1\ALLUSE~1\PROGRA~1\Lavasoft
2008-02-01 10:17	587,264	----a-w	C:\WINDOWS\WLXPGSS.SCR
2008-01-11 05:53	44,544	----a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-04 15:07	30,336	----a-w	C:\Documents and Settings\Nina Skjelbred\Programdata\wklnhst.dat
2007-12-19 22:58	347,136	----a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-24 12:34	23,115,048	----a-w	C:\Programfiler\AdbeRdr810_nb_NO.exe
2005-09-19 21:23	3,759,800	----a-w	C:\Programfiler\MSReaderSetupUSA.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 09:49 67128]
"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 09:46 204288]
"OE"="C:\Programfiler\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-09-27 00:04 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2003-08-29 13:17 188416]
"LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2003-08-29 13:20 77824]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"WinampAgent"="C:\Programfiler\Winamp3\winampa.exe" [ ]
"ATICCC"="C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"IntelliPoint"="C:\Programfiler\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088]
"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"pccguide.exe"="C:\Programfiler\Trend Micro\Internet Security 2007\pccguide.exe" [2006-09-29 07:49 3112960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [ ]

C:\DOCUME~1\ALLUSE~1\START-~1\PROGRA~1\Oppstart\
Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-28 13:28:56 113664]
Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 09:49:40 67128]
Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-12-12 09:13:01 784912]
Post-it© Software Notes Lite.lnk - C:\Programfiler\3M\PSNLite\PsnLite.exe [2004-10-15 13:26:54 2080768]
WinZip Quick Pick.lnk - C:\Programfiler\WinZip\WZQKPICK.EXE [2005-10-09 22:47:03 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Programfiler\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programfiler\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programfiler\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programfiler\\iTunes\\iTunes.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2005-01-13 10:28]
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2003-08-29 07:43]
S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 11:03]
S3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\rt2571.sys [2004-06-21 10:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5973427-921b-11d9-bae0-806d6172696f}]
\Shell\AutoRun\command - E:\SETUP.EXE /AUTORUN
\Shell\configure\command - E:\SETUP.EXE
\Shell\install\command - E:\SETUP.EXE

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 13:09:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-03-19 13:11:51
ComboFix-quarantined-files.txt  2008-03-19 12:11:39
ComboFix2.txt  2008-03-18 23:57:02
.
2008-03-14 16:29:03	--- E O F ---