Like I said, it is not my PC
LimeWire and BerShare are now gone and Java updated.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20, on 2008-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
C:\Programfiler\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.adressa.no/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programfiler\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programfiler\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cabO16 - DPF: {112857FE-03FF-11D5-9A3F-0080C8D85044} (GameDesire Solitaires) -
http://67.15.101.33/g_bin/eng/solitaire_2_0_0_28.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cabO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b56986.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -
http://appdirectory.messenger.msn.com/A ... tPkMSN.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b56986.cabO23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Programfiler\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
--
End of file - 8043 bytes
ComboFix:
ComboFix 08-01-31.4 - Wenche 2008-01-31 18:12:05.2 - NTFSx86
Running from: C:\Documents and Settings\Wenche\Skrivebord\ComboFix.exe
Command switches used :: C:\Documents and Settings\Wenche\Skrivebord\CFScript.txt
* Created a new restore point
FILE
C:\tmp.bat
C:\WINDOWS\RBossing05.exe
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\NTSpool.exe
C:\WINDOWS\system32\sysregi.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\tmp.bat
C:\WINDOWS\RBossing05.exe
C:\WINDOWS\system32\actskn45.ocx
C:\WINDOWS\system32\sysregi.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-31 18:06 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-31 18:03 . 2008-01-31 18:03 <DIR> d-------- C:\Programfiler\Fellesfiler\Java
2008-01-31 17:45 . 2008-01-31 17:45 382,352 --a------ C:\Documents and Settings\Wenche\jdk-6u4-windows-i586-p-iftw.exe
2008-01-31 17:43 . 2008-01-31 17:47 <DIR> d-------- C:\Documents and Settings\Wenche\.SunDownloadManager
2008-01-31 17:14 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-31 17:14 . 2004-11-25 15:31 211 --a------ C:\Boot.bak
2008-01-31 12:28 . 2007-12-06 18:12 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll
2008-01-31 09:57 . 2007-10-11 00:53 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-31 09:57 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-31 09:57 . 2007-07-01 04:36 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-31 09:57 . 2007-10-11 00:53 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-31 09:57 . 2007-10-11 00:53 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-31 09:57 . 2007-10-11 00:53 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-31 09:57 . 2007-10-11 00:53 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-31 09:57 . 2007-10-11 00:53 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-31 09:57 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-31 09:55 . 2008-01-31 09:58 <DIR> d-------- C:\WINDOWS\system32\nb-no
2008-01-31 09:52 . 2008-01-31 09:56 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-31 09:38 . 2008-01-31 09:38 <DIR> d-------- C:\Programfiler\Trend Micro
2008-01-30 22:15 . 2008-01-31 10:41 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-30 22:11 . 2008-01-30 22:11 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-30 20:50 . 2008-01-30 20:50 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\TuneUp Software
2008-01-30 19:34 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-30 19:34 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-30 19:34 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-30 19:34 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-30 19:33 . 2008-01-30 19:33 <DIR> d-------- C:\Programfiler\Alwil Software
2008-01-30 19:33 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-30 19:33 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-30 19:33 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-30 19:33 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-30 19:28 . 2003-05-04 06:15 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny
2008-01-30 19:28 . 2003-05-04 06:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere
2008-01-30 19:28 . 2008-01-31 08:42 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-01-30 19:28 . 2008-01-30 20:34 <DIR> dr-h----- C:\Documents and Settings\Administrator\Siste
2008-01-30 19:28 . 2003-05-03 23:26 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Symantec
2008-01-30 19:28 . 2003-05-03 22:51 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Sonic
2008-01-30 19:28 . 2003-05-03 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Share-to-Web-opplastingsmappe
2008-01-30 19:28 . 2008-01-30 22:09 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata
2008-01-30 19:28 . 2008-01-31 08:37 <DIR> dr------- C:\Documents and Settings\Administrator\Mine dokumenter
2008-01-30 19:28 . 2003-05-04 06:15 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler
2008-01-30 19:28 . 2008-01-31 09:30 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger
2008-01-30 19:28 . 2003-05-04 06:15 <DIR> dr------- C:\Documents and Settings\Administrator\Favoritter
2008-01-30 19:28 . 2003-05-04 06:15 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask
2008-01-30 18:39 . 2008-01-31 18:09 <DIR> dr-h----- C:\Documents and Settings\Wenche\Siste
2008-01-30 17:27 . 2008-01-30 17:27 <DIR> d-------- C:\Programfiler\CCleaner
2008-01-29 22:48 . 2008-01-29 22:48 <DIR> d-------- C:\Documents and Settings\Wenche\Programdata\TuneUp Software
2008-01-29 22:47 . 2008-01-29 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TuneUp Software
2008-01-29 22:47 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-01-29 22:46 . 2008-01-29 22:48 <DIR> d-------- C:\Programfiler\TuneUp Utilities 2007
2008-01-29 22:45 . 2008-01-29 22:45 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-01-28 18:34 . 2008-01-29 21:37 <DIR> d-------- C:\Documents and Settings\Maikenpii\Programdata\LimeWire
2008-01-28 18:04 . 2008-01-28 18:04 <DIR> d-------- C:\Documents and Settings\Maikenpii\Programdata\DivX
2008-01-28 16:48 . 2008-01-28 16:49 <DIR> d-------- C:\Documents and Settings\Maikenpii\Contacts
2008-01-28 16:48 . 2008-01-28 16:48 268 --ah----- C:\sqmdata00.sqm
2008-01-28 16:48 . 2008-01-28 16:48 244 --ah----- C:\sqmnoopt07.sqm
2008-01-28 16:46 . 2008-01-28 16:46 <DIR> d-------- C:\Documents and Settings\Maikenpii\Programdata\Creative
2008-01-28 16:44 . 2003-05-04 06:15 <DIR> dr------- C:\Documents and Settings\Maikenpii\Start-meny
2008-01-28 16:44 . 2003-05-04 06:15 <DIR> d--h----- C:\Documents and Settings\Maikenpii\Skrivere
2008-01-28 16:44 . 2008-01-28 19:23 <DIR> d-------- C:\Documents and Settings\Maikenpii\Skrivebord
2008-01-28 16:44 . 2008-01-29 21:37 <DIR> dr-h----- C:\Documents and Settings\Maikenpii\Siste
2008-01-28 16:44 . 2003-05-03 23:26 <DIR> d-------- C:\Documents and Settings\Maikenpii\Programdata\Symantec
2008-01-28 16:44 . 2003-05-03 22:51 <DIR> d-------- C:\Documents and Settings\Maikenpii\Programdata\Sonic
2008-01-28 16:44 . 2003-05-03 23:35 <DIR> d-------- C:\Documents and Settings\Maikenpii\Programdata\Share-to-Web-opplastingsmappe
2008-01-28 16:44 . 2008-01-28 18:34 <DIR> dr-h----- C:\Documents and Settings\Maikenpii\Programdata
2008-01-28 16:44 . 2008-01-31 08:37 <DIR> dr------- C:\Documents and Settings\Maikenpii\Mine dokumenter
2008-01-28 16:44 . 2003-05-04 06:15 <DIR> d--h----- C:\Documents and Settings\Maikenpii\Maler
2008-01-28 16:44 . 2003-05-04 06:15 <DIR> d--h----- C:\Documents and Settings\Maikenpii\Lokale innstillinger
2008-01-28 16:44 . 2008-01-28 16:45 <DIR> dr------- C:\Documents and Settings\Maikenpii\Favoritter
2008-01-28 16:44 . 2003-05-04 06:15 <DIR> d--h----- C:\Documents and Settings\Maikenpii\AndrMask
2008-01-28 16:27 . 2008-01-28 16:27 <DIR> d-------- C:\Documents and Settings\Wenche\Programdata\HP
2008-01-28 16:27 . 2008-01-28 16:27 <DIR> d-------- C:\Documents and Settings\Wenche\Programdata\Common Files
2008-01-14 22:26 . 2008-01-28 01:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-14 22:26 . 2008-01-14 22:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\WINDOWS\bdoscandellang.ini
2008-01-07 23:03 . 2008-01-07 23:03 <DIR> d-------- C:\Programfiler\BearShare Applications
2007-12-28 21:58 . 2008-01-15 18:48 <DIR> d-------- C:\Programfiler\StepMania
2007-12-28 20:52 . 2008-01-31 18:01 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2007-12-28 20:46 . 2007-12-28 20:46 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{E122442F-4D48-49BD-9E2A-C34F1604040C}
2007-12-28 20:44 . 2008-01-29 17:45 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{E122442F-4D48-49BD-9E2A-C34F1604040C}
2007-12-28 20:43 . 2007-12-28 20:43 <DIR> d-------- C:\Programfiler\ANI
2007-12-28 20:42 . 2007-12-28 20:42 <DIR> d-------- C:\Programfiler\D-Link
2007-12-28 20:42 . 2007-03-13 12:35 476,416 --a------ C:\WINDOWS\system32\drivers\rt2870.sys
2007-12-28 20:40 . 2007-12-28 20:40 <DIR> d-------- C:\Documents and Settings\Wenche\Programdata\InstallShield
2007-12-19 20:42 . 2007-12-19 20:42 <DIR> d-------- C:\f1741e191bcbe7fe20d5
2007-12-03 18:54 . 2007-12-03 18:54 <DIR> d-------- C:\Documents and Settings\Wenche\Programdata\GanymedeNet
2007-12-03 18:54 . 2007-12-03 18:54 4 --a------ C:\WINDOWS\system32\proc-1963933865.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 17:06 --------- d-----w C:\Programfiler\Java
2008-01-30 20:04 --------- d-----w C:\Programfiler\F-secure
2008-01-30 20:02 --------- d-----w C:\Programfiler\Yahoo!
2008-01-27 20:40 --------- d-----w C:\Documents and Settings\Wenche\Programdata\LimeWire
2007-12-28 19:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information
2007-12-06 16:41 220,032 ----a-w C:\WINDOWS\system32\drivers\SynTP.sys
2007-12-06 16:20 147,456 ----a-w C:\WINDOWS\system32\SynTPAPI.dll
2007-12-06 16:09 196,608 ----a-w C:\WINDOWS\system32\SynCtrl.dll
2007-12-06 16:08 163,840 ----a-w C:\WINDOWS\system32\SynCOM.dll
2007-11-29 17:16 --------- d-----w C:\Programfiler\Windows Live
2007-11-29 16:54 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller
2007-11-29 16:44 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller
2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 04:00 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:57 8,460,800 ------w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-11 06:14 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:14 151,552 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:14 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:14 1,054,720 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:14 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:54 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-10 23:54 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:54 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:53 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:53 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:53 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:53 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:53 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:53 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:53 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:53 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:53 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:53 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:53 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:53 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:53 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:53 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:02 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-08-29 13:12 30,432 -c--a-w C:\Documents and Settings\Wenche\Programdata\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-30 09:46 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-30 09:33 118784]
"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 18:58 483328]
"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2005-12-20 19:54 278528]
"ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 11:49 49152]
"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-04-30 12:50 274432]
"D-Link D-Link Wireless N DWA-140"="C:\Programfiler\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2007-03-14 18:29 1388544]
"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2004-04-30 09:32 208958]
"HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 10:24 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 17:20 1024000]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:03 15360]
C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
S3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;C:\WINDOWS\system32\DRIVERS\3C154G72.sys []
S3 AIT800AC;BenQ-Siemens CF61;C:\WINDOWS\system32\DRIVERS\AIT800C.sys [2006-03-17 02:22]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 21:48:13 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programfiler\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-31 18:17:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????8?1?9?6??????? ???B???????????????B????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-31 18:19:34
ComboFix-quarantined-files.txt 2008-01-31 17:19:17
ComboFix2.txt 2008-01-31 08:30:46
.
2008-01-31 08:59:07 --- E O F ---