ComboFix 08-06-19.2 - steinag 2008-06-24 15:44:19.2 - NTFSx86 Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1044.18.939 [GMT 2:00] Running from: C:\Users\steinag\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-24 09:46 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-06-24 09:45 --------- d-----w C:\Users\steinag\AppData\Roaming\SUPERAntiSpyware.com 2008-06-24 09:45 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-06-24 09:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-24 09:40 --------- d-----w C:\Program Files\Trend Micro 2008-06-24 09:39 --------- d-----w C:\Program Files\CCleaner 2008-06-12 16:23 --------- d-----w C:\Users\steinag\AppData\Roaming\Ahead 2008-06-12 16:21 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-12 16:17 --------- d-----w C:\ProgramData\Nero 2008-06-12 01:02 --------- d-----w C:\Program Files\Windows Mail 2008-06-11 19:05 --------- d-----w C:\ProgramData\FLEXnet 2008-06-10 13:48 --------- d-----w C:\Users\steinag\AppData\Roaming\APLI 2008-06-10 13:47 --------- d-----w C:\Program Files\APLI 2008-06-05 08:15 --------- d-----w C:\Program Files\HP 2008-06-05 07:59 --------- d-----w C:\ProgramData\HP 2008-06-05 07:58 --------- d-----w C:\Program Files\Hewlett-Packard 2008-06-03 20:15 --------- d-----w C:\ProgramData\Mamut for Altinn 2008-06-03 16:24 --------- d-----w C:\Program Files\Mamut for Altinn 2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-05-06 09:11 100,928 ----a-w C:\Users\steinag\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-04-30 13:50 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe 2008-04-30 13:50 --------- d-----w C:\Program Files\Logitech 2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-09-08 00:47 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-06-20_ 9.50.09,76 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-20 07:09:01 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-24 10:57:52 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-24 09:45:58 18,944 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-06-24 09:45:58 65,024 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2008-06-20 07:09:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-24 10:57:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-06-20 07:09:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-06-24 10:57:53 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-20 07:11:14 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-06-24 11:08:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-06-24 11:08:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-20 07:48:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-06-24 13:52:40 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-06-20 07:12:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-24 13:12:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-20 07:12:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-24 13:12:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-20 07:12:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-24 13:12:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-20 19:44:38 2,456 ----a-w C:\Windows\System32\networklist\icons\{984C4AB8-9E85-4A24-B83D-EF901925C1CF}_24.bin + 2008-06-20 19:44:38 4,280 ----a-w C:\Windows\System32\networklist\icons\{984C4AB8-9E85-4A24-B83D-EF901925C1CF}_32.bin + 2008-06-20 19:44:38 9,560 ----a-w C:\Windows\System32\networklist\icons\{984C4AB8-9E85-4A24-B83D-EF901925C1CF}_48.bin - 2008-06-19 19:29:06 110,484 ----a-w C:\Windows\System32\perfc009.dat + 2008-06-23 08:52:31 110,484 ----a-w C:\Windows\System32\perfc009.dat - 2008-06-19 19:29:06 85,968 ----a-w C:\Windows\System32\perfc014.dat + 2008-06-23 08:52:32 85,968 ----a-w C:\Windows\System32\perfc014.dat - 2008-06-19 19:29:06 634,028 ----a-w C:\Windows\System32\perfh009.dat + 2008-06-23 08:52:32 634,028 ----a-w C:\Windows\System32\perfh009.dat - 2008-06-19 19:29:06 500,744 ----a-w C:\Windows\System32\perfh014.dat + 2008-06-23 08:52:32 500,744 ----a-w C:\Windows\System32\perfh014.dat - 2008-06-20 07:11:27 8,840 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3011934835-3564112178-844580321-1000_UserData.bin + 2008-06-23 08:50:37 8,864 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3011934835-3564112178-844580321-1000_UserData.bin - 2008-06-20 07:11:27 71,078 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-23 08:50:36 71,332 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-20 07:11:25 50,236 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-23 08:50:35 50,308 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 04:03 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [ ] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-09 14:32 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-09 14:32 133912] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-23 07:15 827392] "LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-18 00:38 80688] "IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-07 23:45 97072] "LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 02:09 260912] "LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2007-02-06 19:00 68400] "TvOutSwitch"="C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-04-17 09:08 86016] "PSUtility"="C:\Program Files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 16:37 136744] "SSUtility"="C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-13 04:02 239144] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 08:50 4399104 C:\Windows\RtHDVCpl.exe] "ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [ ] "C:\Windows\system32\P1370Cvw.dll"="C:\Windows\system32\RegSvr32.exe" [2006-11-02 11:45 14336] "Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 10:21 648072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992] "AirCardEnabler"="" [] "WatcherHelper"="C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2007-05-29 15:58 120352] "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-05 20:00 185896] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 08:27 570664] C:\Users\steinag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2008-01-14 19:55:25 98304] Mamut Teamwork.lnk - C:\Users\steinag\AppData\Roaming\Microsoft\Installer\{B1A0C792-C497-44AD-8030-A46A9D4A2792}\_26e91eb.exe [2007-10-29 14:31:35 3638] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2008-01-14 19:55:25 98304] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-30 15:50:38 67128] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-26 13:47:02 692224] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.dvsd"= pdvcodec.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8B366907-5D08-4C75-9547-7CCC071BF711}"= Disabled:UDP:C:\Users\steinag\AppData\Local\Temp\7zS1CC3.tmp\setup\HPZnui01.exe:hpznui01.exe "{153EE470-6C74-456F-9963-613F1DA9E1BC}"= Disabled:TCP:C:\Users\steinag\AppData\Local\Temp\7zS1CC3.tmp\setup\HPZnui01.exe:hpznui01.exe "{B1A3BED0-F3B1-4C90-9F25-6B279D5A9EA5}"= UDP:9100:OKI C5200 "TCP Query User{B8C17571-EDEA-4D62-8EDA-3141918D3B4E}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{68F63947-891F-4EA4-A25A-A481AE766221}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{FF5D1677-56DD-4F43-87B9-74DCC697CF4D}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "UDP Query User{E96E97D2-7A40-4084-B3DF-FECEF84DCD51}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger "TCP Query User{55DAEE21-BA93-4B08-B05F-C8E03A0F8774}C:\\program files\\sybase\\sql anywhere 9\\win32\\dbeng9.exe"= UDP:C:\program files\sybase\sql anywhere 9\win32\dbeng9.exe:Adaptive Server Anywhere Database Engine "UDP Query User{8BCE7173-D27E-4923-8E6C-6000D909B32E}C:\\program files\\sybase\\sql anywhere 9\\win32\\dbeng9.exe"= TCP:C:\program files\sybase\sql anywhere 9\win32\dbeng9.exe:Adaptive Server Anywhere Database Engine "{33C9AAEE-C4BC-4635-ACBF-13B5FF44592F}"= UDP:C:\Users\steinag\AppData\Roaming\Facebook\facebook.exe:Facebook "{E7165186-C087-43E1-B53E-73D83829BEF2}"= TCP:C:\Users\steinag\AppData\Roaming\Facebook\facebook.exe:Facebook "{80E06CA2-E014-4E4D-BADE-E8CD29152D62}"= Disabled:UDP:C:\Users\steinag\AppData\Local\Temp\7zS2F4E.tmp\setup\HPZnui01.exe:hpznui01.exe "{FAE65B12-E774-4FB1-BA8E-D746285D6F5F}"= Disabled:TCP:C:\Users\steinag\AppData\Local\Temp\7zS2F4E.tmp\setup\HPZnui01.exe:hpznui01.exe "{95A5B6F3-CAF0-4DD3-8043-BC9E230AD00F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D1943B16-3CBC-4671-9932-9F3B3CAA5848}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{B9A4435B-F9B1-4BDD-9417-CA169A29CE03}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{35D4BF33-F110-41B1-BA1D-6A4C77ECE7F5}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{BD9D281D-785F-428D-BE78-8B38DD0D2208}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{7BC69BBB-FD26-4D37-93E6-3CD55886D52D}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{8CB9CF40-9ADC-42A6-8972-9D1F48EE3E5D}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger "{9493DB9C-AD1C-4C0A-8B85-42B15A5DEA23}"= Disabled:UDP:C:\Users\steinag\AppData\Local\Temp\7zSA2D.tmp\setup\HPZnui01.exe:hpznui01.exe "{A34AC272-5C6D-4D22-A390-7326857743C4}"= Disabled:TCP:C:\Users\steinag\AppData\Local\Temp\7zSA2D.tmp\setup\HPZnui01.exe:hpznui01.exe "TCP Query User{AE3148A5-DD87-4A3F-A6FB-B0E40EC78D17}C:\\program files\\sybase\\sql anywhere 9\\win32\\dbeng9.exe"= UDP:C:\program files\sybase\sql anywhere 9\win32\dbeng9.exe:Adaptive Server Anywhere Database Engine "UDP Query User{7016C753-2F48-4438-BCF9-67A7544C03AA}C:\\program files\\sybase\\sql anywhere 9\\win32\\dbeng9.exe"= TCP:C:\program files\sybase\sql anywhere 9\win32\dbeng9.exe:Adaptive Server Anywhere Database Engine "TCP Query User{8C0CBF0A-260D-4F66-B04F-C8395783AE09}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{47DB50A4-8BE7-40FD-94FD-528D5CB3A06A}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] ""= "C:\\Program Files\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"= C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux R0 FJGSDisk;G-Sensor Application Filter Driver;C:\Windows\system32\DRIVERS\FJGSDisk.sys [2007-10-27 01:23] R0 O2MDRDR;O2MDRDR;C:\Windows\system32\drivers\o2media.sys [2006-10-03 07:23] R0 O2SDRDR;O2SDRDR;C:\Windows\system32\drivers\o2sd.sys [2007-04-02 11:50] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 GlidePoint;GlidePoint Touchpad Client;"C:\Program Files\GlidePoint\glidesvc.exe" [2007-06-12 11:02] R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 NetSentinel;NetSentinel;C:\Windows\System32\NSSRVICE.EXE [2006-08-30 15:05] R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 16:37] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 02:00] R2 SSIPDDP;SSIPDDP Parallel port device driver;C:\Windows\system32\DRIVERS\SSIPDDP.SYS [2006-08-30 15:05] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45] R2 WirelessSelectorService;WirelessSelectorService;C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [2006-12-05 01:06] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 20:59] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 11:57] R3 P1370VID;Live! Cam Voice;C:\Windows\system32\DRIVERS\P1370Vid.sys [2006-04-10 12:08] R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 13:32] R3 swivsp;AC8xx Virtual Serial Port;C:\Windows\system32\DRIVERS\swivspnt.sys [2007-03-26 15:18] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-29 10:16] S2 LvIBTSvr;Logitech IBT Service;"C:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe" [2007-04-02 23:29] S3 ACGPRS;Sierra Wireless 3G Adapter;C:\Windows\system32\DRIVERS\acgprs.sys [2007-03-26 15:18] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30] S3 P1370Aud;Creative WebCam Audio Control;C:\Windows\system32\Drivers\P1370Aud.sys [2005-12-05 02:29] S3 P1370Aul;PD1370 Lower Filter Driver;C:\Windows\system32\Drivers\P1370Aul.sys [2005-12-06 02:58] S3 scrswi;Sierra Wireless Smart Card Reader;C:\Windows\system32\DRIVERS\scrswi.sys [2007-03-26 15:18] S4 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);C:\Windows\system32\drivers\swumx00.sys [2007-03-12 16:18] S4 swumx12;Sierra Wireless USB MUX Driver (UMTS12);C:\Windows\system32\drivers\swumx12.sys [2007-03-12 16:18] S4 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32);C:\Windows\system32\drivers\swumx32.sys [2007-03-12 16:18] S4 SWUMX33;Sierra Wireless USB MUX Driver (UMTS33);C:\Windows\system32\drivers\swumx33.sys [2007-03-12 16:18] S4 SWUMX3A;Sierra Wireless USB MUX Driver (UMTS3A);C:\Windows\system32\drivers\swumx3a.sys [2007-03-12 16:18] S4 SWUMX50;Sierra Wireless USB MUX Driver (UMTS50);C:\Windows\system32\drivers\swumx50.sys [2007-03-12 16:18] S4 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);C:\Windows\system32\drivers\swumx52.sys [2007-03-12 16:18] S4 SWUMX53;Sierra Wireless USB MUX Driver (UMTS53);C:\Windows\system32\drivers\swumx53.sys [2007-03-12 16:18] S4 SWUMX54;Sierra Wireless USB MUX Driver (UMTS54);C:\Windows\system32\drivers\swumx54.sys [2007-03-12 16:18] S4 SWUMX70;Sierra Wireless USB MUX Driver (UMTS70);C:\Windows\system32\drivers\swumx70.sys [2007-03-12 16:18] S4 SWUMX71;Sierra Wireless USB MUX Driver (UMTS71);C:\Windows\system32\drivers\swumx71.sys [2007-03-12 16:18] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder "2008-06-12 13:53:17 C:\Windows\Tasks\20080611_171825_steinag.job" - C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe;/TASKTYPE:NBSERVICE /JOBFILE: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-24 15:52:49 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-24 15:57:03 ComboFix-quarantined-files.txt 2008-06-24 13:56:51 ComboFix2.txt 2008-06-20 07:51:35 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. 233 --- E O F --- 2008-06-20 07:15:42