ComboFix 08-01-11.1 - Stig-Are 2008-01-11 22:42:56.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1554 [GMT 1:00] Running from: C:\Documents and Settings\Stig-Are\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Stig-Are\Skrivebord\CFScript.txt C:\Documents and Settings\Stig-Are\Skrivebord\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))) . 2008-01-11 22:10 . 2008-01-11 22:10 d-------- C:\WINDOWS\LastGood 2008-01-11 21:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 00:02 . 2008-01-11 00:02 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe 2007-12-19 20:32 . 2007-12-19 20:32 d-------- C:\Programfiler\DivX 2007-12-19 00:30 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-12-19 00:30 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-12-19 00:13 . 2007-12-19 00:31 d-------- C:\Programfiler\The Golden Compass 2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 21:08 --------- d-----w C:\Documents and Settings\Stig-Are\Programdata\WTablet 2007-11-28 17:44 --------- d-----w C:\Documents and Settings\Stig-Are\Programdata\Toshiba 2007-11-25 01:31 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2007-11-25 01:31 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2007-11-25 01:31 --------- d-----w C:\Programfiler\OpenAL 2007-11-25 01:26 --------- d-----w C:\Programfiler\The Adventure Company 2007-11-12 22:02 --------- d-----w C:\Documents and Settings\Stig-Are\Programdata\Ambient Design 2007-10-27 20:00 88,358 ----a-w C:\WINDOWS\agrsmmsg.exe 2007-10-27 20:00 77,824 ----a-w C:\WINDOWS\system32\tosmreg.exe 2007-10-27 20:00 64,512 ------w C:\WINDOWS\agrsmdel.exe 2007-10-27 20:00 45,056 ----a-w C:\WINDOWS\system32\csellang.dll 2007-10-27 20:00 110,592 ----a-w C:\WINDOWS\system32\cselect.exe . ((((((((((((((((((((((((((((( snapshot@2008-01-11_21.28.23,28 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-11 20:26:23 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-11 21:42:53 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-11 20:26:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-11 21:42:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-11 20:26:23 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-11 21:42:53 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-11 20:26:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-11 21:42:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-11 20:26:23 3,497,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-11 21:42:54 3,497,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-11 20:26:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-11 21:42:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-11 21:07:48 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temp\Perflib_Perfdata_694.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544] "SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "AGRSMMSG"="AGRSMMSG.exe" [2007-10-27 21:00 88358 C:\WINDOWS\agrsmmsg.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-23 17:33 7122944] "nwiz"="nwiz.exe" [2005-08-23 17:33 1519616 C:\WINDOWS\system32\nwiz.exe] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224] "Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-06-08 12:40 196608] "TouchED"="C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 13:07 122880] "00THotkey"="C:\WINDOWS\system32\[u]0[/u]0THotkey.exe" [2005-01-27 09:14 270336] "000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe] "LanguageShortcut"="C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 19:51 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2006-10-27 00:47 31016 C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-02-07 16:24 71216 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteX] --a------ 2006-04-05 16:58 69632 C:\Programfiler\Remotex\RemoteX.exe R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2006-05-28 13:59] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programfiler\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55] R3 tosrfec;Bluetooth ACPI;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32] R3 ttv200x;TOSHIBA PCI TV Tuner type W;C:\WINDOWS\system32\DRIVERS\ttv200x.sys [2005-06-08 12:43] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 20:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 19:30] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-11 22:43:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-11 22:44:03 ComboFix-quarantined-files.txt 2008-01-11 21:43:49 ComboFix2.txt 2008-01-11 21:30:08 ComboFix3.txt 2008-01-11 20:28:49