ComboFix 07-10-26.4 - Jørgen 2007-10-27 3:39:01.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.47.1044.18.240 [GMT 2:00] Running from: C:\Documents and Settings\Jørgen\Skrivebord\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Favoritter\Online Security Guide.lnk C:\Documents and Settings\Administrator\Skrivebord\Live Safety Center.lnk C:\Documents and Settings\Administrator\Skrivebord\Online Security Guide.lnk C:\Documents and Settings\All Users\Start-meny\Live Safety Center.lnk C:\Documents and Settings\All Users\Start-meny\Online Security Guide.lnk C:\Documents and Settings\Jørgen\Favoritter\Online Security Guide.lnk C:\Documents and Settings\Jørgen\Skrivebord\Live Safety Center.lnk C:\Documents and Settings\Jørgen\Skrivebord\Online Security Guide.lnk C:\Programfiler\myglobalsearch C:\Programfiler\myglobalsearch\bar\History\search C:\Programfiler\outlook C:\WINDOWS\OPTIONS\CABS\_desktop.ini C:\WINDOWS\system32\bqijsyhj.dllbox C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))) . 2007-10-27 03:38 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-27 03:34 1,092 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-27 02:55 9,133 ---hs---- C:\WINDOWS\system32\uttss.ini2 2007-10-27 02:43 d-------- C:\Programfiler\SUPERAntiSpyware 2007-10-27 02:42 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-10-27 02:18 dr-h----- C:\Documents and Settings\Jørgen\Siste 2007-10-27 02:18 dr-h----- C:\Documents and Settings\Jørgen\Siste 2007-10-27 02:15 d-------- C:\Documents and Settings\NetworkService\Programdata\Webroot 2007-10-27 02:15 dr------- C:\Documents and Settings\Administrator\Start-meny 2007-10-27 02:15 d--h----- C:\Documents and Settings\Administrator\Skrivere 2007-10-27 02:15 d-------- C:\Documents and Settings\Administrator\Skrivebord 2007-10-27 02:15 dr-h----- C:\Documents and Settings\Administrator\Siste 2007-10-27 02:15 dr-h----- C:\Documents and Settings\Administrator\Programdata 2007-10-27 02:15 dr------- C:\Documents and Settings\Administrator\Mine dokumenter 2007-10-27 02:15 d--h----- C:\Documents and Settings\Administrator\Maler 2007-10-27 02:15 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2007-10-27 02:15 dr------- C:\Documents and Settings\Administrator\Favoritter 2007-10-27 02:15 d--h----- C:\Documents and Settings\Administrator\AndrMask 2007-10-27 02:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-27 02:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-27 02:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-10-27 02:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-27 02:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-27 01:56 d-------- C:\Programfiler\CCleaner 2007-10-27 00:40 d-------- C:\Programfiler\NoAdware5.0 2007-10-26 20:42 d-------- C:\Programfiler\McAfee.com 2007-10-26 20:41 d-------- C:\Programfiler\McAfee 2007-10-26 20:41 d-------- C:\Programfiler\Fellesfiler\McAfee 2007-10-26 20:17 d-------- C:\Documents and Settings\All Users\Programdata\McAfee 2007-10-26 17:31 d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2007-10-26 15:22 d-------- C:\Programfiler\Spyware Doctor 2007-10-26 15:22 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-26 15:22 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-26 15:22 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-26 15:22 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-26 15:20 d-------- C:\Programfiler\Google 2007-10-26 15:20 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-26 14:32 d--hs---- C:\FOUND.002 2007-10-26 07:46 83,008 --a------ C:\WINDOWS\system32\qyqknwau.dll 2007-10-26 07:39 340,032 --a------ C:\WINDOWS\system32\adklkave.dll 2007-10-26 07:37 6,289 ---hs---- C:\WINDOWS\system32\uttss.bak2 2007-10-25 19:49 1,526,072 --a------ C:\WINDOWS\WRSetup.dll 2007-10-25 19:49 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys 2007-10-25 19:42 d-------- C:\Programfiler\Webroot 2007-10-25 19:42 d-------- C:\Documents and Settings\LocalService\Programdata\Webroot 2007-10-25 19:42 d-------- C:\Documents and Settings\All Users\Programdata\Webroot 2007-10-25 19:42 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-10-25 19:42 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-10-25 19:42 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-10-25 19:41 d-------- C:\Documents and Settings\Jørgen\Programdata\Webroot 2007-10-25 19:36 6,505 ---hs---- C:\WINDOWS\system32\uttss.bak1 2007-10-25 19:31 d--h----- C:\Programfiler\SystemA 2007-10-25 16:47 d-------- C:\Programfiler\MathType 2007-10-25 16:47 d-------- C:\Documents and Settings\Jørgen\Programdata\Design Science 2007-10-25 01:27 d-------- C:\Poker 2007-10-20 22:59 d-------- C:\Documents and Settings\All Users\Programdata\live 64 math does 2007-10-20 22:58 d-------- C:\Programfiler\WinZix 2007-10-13 21:20 d-------- C:\WINDOWS\SxsCaPendDel 2007-10-06 16:38 dr-h----- C:\Documents and Settings\Jørgen\Programdata\SecuROM 2007-10-06 16:38 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-10-06 16:28 d-------- C:\Programfiler\EA Sports 2007-10-06 12:43 d-------- C:\Programfiler\CDBurnerXP 2007-10-05 19:37 d--h----- C:\x . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-24 15:59 --------- d-----w C:\Documents and Settings\All Users\Programdata\PurePlay 2007-09-20 17:30 --------- d-----w C:\Programfiler\DAEMON Tools 2007-09-20 17:29 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-20 10:03 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:03 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:03 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:03 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:03 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:03 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:03 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:03 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:03 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:03 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:03 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:03 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:03 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:03 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:03 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:03 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:03 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:03 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:03 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:03 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:03 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:03 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:03 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:24 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:24 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:24 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-01-29 16:50 23,047,040 ----a-w C:\Programfiler\AdbeRdr709_no_NO.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bqijsyhj] bqijsyhj.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkhhe] pmnkhhe.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=C:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] AGRSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS R0 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys R2 NMSAccessU;NMSAccessU;C:\Programfiler\CDBurnerXP\NMSAccessU.exe S2 0155421193441444mcinstcleanup;McAfee Application Installer Cleanup (0155421193441444);C:\DOCUME~1\JØRGEN\LOKALE~1\Temp\[u]0[/u]15542~1.EXE C:\PROGRA~1\FELLES~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service S3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys S3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 03:41:44 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-27 3:42:15 - machine was rebooted . --- E O F ---