ComboFix 09-01-21.04 - HP_Administrator 2009-01-29 20:17:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.509 [GMT 1:00] Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090129-0] *On-access scanning enabled* (Updated) * Created a new restore point . [color=purple]The following files were disabled during the run:[/color] c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 ))))))))))))))))))))))))))))))) . 2009-01-29 19:29 . 2009-01-29 19:29 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-29 19:29 . 2009-01-29 19:29 d----c--- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2009-01-29 19:29 . 2009-01-29 19:29 d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-29 19:29 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-29 19:29 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-06 17:11 . 2009-01-06 17:11 d-------- c:\windows\system32\IOSUBSYS 2009-01-01 18:34 . 2005-07-28 20:48 1,054,848 -ra------ c:\windows\system32\drivers\lvuvc.sys 2009-01-01 18:34 . 2005-07-28 20:41 204,800 -ra------ c:\windows\system32\lvcodec2.dll 2009-01-01 18:34 . 2005-07-28 20:51 142,848 -ra------ c:\windows\system32\drivers\lvmjpeg.sys 2009-01-01 18:34 . 2005-07-28 20:38 110,592 -ra------ c:\windows\system32\lvcoinst.dll 2009-01-01 18:34 . 2005-07-28 20:44 22,528 -ra------ c:\windows\system32\drivers\LVUSBSta.sys 2009-01-01 18:34 . 2005-07-28 20:52 14,080 -ra------ c:\windows\system32\drivers\lvuvcflt.sys 2009-01-01 18:34 . 2005-07-28 19:37 10,081 -ra------ c:\windows\system32\lvcoinst.ini 2009-01-01 18:34 . 2005-07-28 19:36 1,464 -ra------ c:\windows\system32\Repository.reg 2009-01-01 18:06 . 2005-07-28 20:47 376,832 --------- c:\windows\system32\LVUI2RC.dll 2009-01-01 18:06 . 2003-02-21 13:42 348,160 -ra------ c:\windows\system\msvcr71.dll 2009-01-01 18:06 . 2005-07-28 20:43 212,992 --------- c:\windows\system32\LVUI2.dll 2009-01-01 18:02 . 2005-07-28 20:37 86,016 -ra------ c:\windows\system32\vatee.ax 2009-01-01 18:01 . 2005-07-28 13:01 360,448 --a------ c:\windows\system32\camcpl.cpl 2009-01-01 18:01 . 2005-07-28 12:56 327,680 --a------ c:\windows\system32\CamCplRes.dll 2009-01-01 18:01 . 2004-11-01 18:22 262,144 --a------ c:\windows\system32\ElkCtrl.exe 2009-01-01 18:01 . 2005-07-28 13:29 233,536 -ra------ c:\windows\system32\InstExec.exe 2009-01-01 18:01 . 2005-07-28 13:34 233,536 -ra------ c:\windows\Instexec.exe 2009-01-01 18:01 . 2005-07-28 13:09 155,648 --a------ c:\windows\system32\VxLib.dll 2009-01-01 18:01 . 2005-07-28 13:04 147,456 --a------ c:\windows\system32\VLib.dll 2009-01-01 18:01 . 2004-11-01 18:22 57,344 --a------ c:\windows\system32\ElkCtlPS.dll 2009-01-01 18:01 . 2003-04-18 17:29 44,544 --a------ c:\windows\system32\msxml4a.dll 2009-01-01 18:01 . 2005-07-28 13:05 39,936 --a------ c:\windows\system32\VxLibRes.dll 2009-01-01 18:01 . 2005-07-28 13:29 719 -ra------ c:\windows\system32\InstExec.ini 2009-01-01 17:56 . 2008-04-14 02:12 16,384 --a------ c:\windows\system32\ipsink.ax 2009-01-01 17:56 . 2008-04-14 02:12 16,384 --a------ c:\windows\system32\dllcache\ipsink.ax 2009-01-01 17:56 . 2008-04-13 20:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys 2009-01-01 17:56 . 2008-04-13 20:46 15,232 --a------ c:\windows\system32\dllcache\streamip.sys 2009-01-01 17:56 . 2008-04-13 20:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2009-01-01 17:56 . 2008-04-13 20:46 10,880 --a------ c:\windows\system32\dllcache\ndisip.sys 2009-01-01 17:56 . 2008-04-13 20:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2009-01-01 17:56 . 2008-04-13 20:39 5,504 --a------ c:\windows\system32\dllcache\mstee.sys 2009-01-01 17:54 . 2008-04-14 02:12 20,992 --a------ c:\windows\system32\dshowext.ax 2009-01-01 17:54 . 2008-04-14 02:12 20,992 --a------ c:\windows\system32\dllcache\dshowext.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-29 19:11 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2 2009-01-28 20:29 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Skype 2009-01-28 20:23 --------- dc----w c:\documents and settings\Ingvild.LINDKJENN\Application Data\Skype 2009-01-28 18:27 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\skypePM 2009-01-28 15:01 --------- dc----w c:\documents and settings\Ingvild.LINDKJENN\Application Data\skypePM 2009-01-28 14:09 --------- dc----w c:\documents and settings\Ingvild.LINDKJENN\Application Data\OpenOffice.org2 2009-01-15 15:43 --------- dc----w c:\documents and settings\Kristian.LINDKJENN\Application Data\skypePM 2009-01-15 15:43 --------- dc----w c:\documents and settings\Kristian.LINDKJENN\Application Data\Skype 2009-01-10 10:50 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-01-06 16:10 --------- d-----w c:\program files\Google 2009-01-01 17:31 --------- d-----w c:\program files\Common Files\Logitech 2009-01-01 17:01 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-01 17:01 --------- d-----w c:\program files\Logitech 2009-01-01 16:55 --------- d-----w c:\program files\Common Files\Logishrd 2008-12-15 17:46 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-15 17:46 --------- d-----w c:\program files\Java 2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-12-03 17:35 --------- dc----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-03 17:35 --------- d-----w c:\program files\iTunes 2008-12-03 17:35 --------- d-----w c:\program files\iPod 2008-12-03 17:35 --------- d-----w c:\program files\Common Files\Apple 2008-12-03 17:33 --------- d-----w c:\program files\QuickTime 2008-12-03 17:26 --------- d-----w c:\program files\Safari 2008-11-28 13:00 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-28 13:00 --------- dc-h--r c:\documents and settings\HP_Administrator\Application Data\SecuROM 2008-11-28 13:00 --------- dc----w c:\documents and settings\HP_Administrator\Application Data\Red Alert 3 2008-11-28 12:59 6,330 ----a-w c:\windows\system32\ealregsnapshot1.reg 2008-11-28 12:39 --------- d-----w c:\program files\Electronic Arts 2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr 2008-02-22 17:01 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat 2007-02-23 01:43 22 -csha-w c:\windows\SMINST\HPCD.sys 2008-10-01 15:53 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100120081002\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-18 180269] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "fssui"="c:\program files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-07-28 389120] "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-07-28 13:09 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-28 221184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\Ingvild\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] c:\documents and settings\Ingvild.LINDKJENN\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] c:\documents and settings\Kristian\Start Menu\Programs\Startup\ OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-18 36903] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\game.exe"= "c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Red Alert(tm) II\\RA2\\mph.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\EA GAMES\\Command & Conquer The First Decade\\Command & Conquer Renegade(tm)\\Renegade\\Game.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-13 111184] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-13 20560] R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-09-09 43816] R4 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816] R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592] . Contents of the 'Scheduled Tasks' folder 2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-29 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20] 2009-01-29 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 20:25:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2783615411-661317264-2582225486-1008\Software\SecuROM\License information*] "datasecu"=hex:ab,8e,df,ec,4c,f0,21,10,aa,9f,35,81,95,d7,37,41,36,3b,d9,38,5f, 3b,c2,7c,a7,05,d7,c7,20,0f,54,c1,18,b1,3a,22,b2,51,80,9e,8d,4c,8d,f6,6d,9d,\ "rkeysecu"=hex:64,8d,85,36,89,cc,fc,72,32,fa,3c,92,6d,b9,f0,eb . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(596) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-01-29 20:27:13 ComboFix-quarantined-files.txt 2009-01-29 19:27:11 Pre-Run: 125,926,473,728 bytes free Post-Run: 128,983,625,728 bytes free 220 --- E O F --- 2009-01-29 17:28:57