ComboFix 07-11-08.1 - gjølstad 2007-11-13 18:53:36.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1578 [GMT 1:00] Running from: C:\Documents and Settings\gjølstad\Skrivebord\Antivirus greier\ComboFix.exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start-meny\Live Safety Center.lnk C:\Documents and Settings\All Users\Start-meny\Online Security Guide.lnk C:\Documents and Settings\gjølstad\Favoritter\Online Security Guide.lnk C:\WINDOWS\cookies.ini C:\WINDOWS\system32\__c003A047.dat C:\WINDOWS\system32\__c0066E31.dat C:\WINDOWS\system32\__c0085ACA.dat C:\WINDOWS\system32\__c0091111.dat C:\WINDOWS\system32\__c00BF905.dat C:\WINDOWS\system32\__c00FC5A8.dat C:\WINDOWS\system32\afodvowp.dllbox C:\WINDOWS\system32\ahkqobrp.dllbox C:\WINDOWS\system32\axxjiodb.dllbox C:\WINDOWS\system32\cpusnnhx.dllbox C:\WINDOWS\system32\efhkj.bak1 C:\WINDOWS\system32\efhkj.bak2 C:\WINDOWS\system32\efhkj.ini2 C:\WINDOWS\system32\efhkj.tmp C:\WINDOWS\system32\ljetfvsh.dll C:\WINDOWS\system32\mgjpmeqm.dllbox C:\WINDOWS\system32\nukepntu.dllbox C:\WINDOWS\system32\osdtrcej.dll C:\WINDOWS\system32\xwaebvjp.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 18:52 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 18:46 3,374 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-13 18:44 dr------- C:\Documents and Settings\Administrator\Start-meny 2007-11-13 18:44 d--h----- C:\Documents and Settings\Administrator\Skrivere 2007-11-13 18:44 d-------- C:\Documents and Settings\Administrator\Skrivebord 2007-11-13 18:44 d--h----- C:\Documents and Settings\Administrator\Siste 2007-11-13 18:44 dr-h----- C:\Documents and Settings\Administrator\Programdata 2007-11-13 18:44 d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2007-11-13 18:44 d--h----- C:\Documents and Settings\Administrator\Maler 2007-11-13 18:44 d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2007-11-13 18:44 d-------- C:\Documents and Settings\Administrator\Favoritter 2007-11-13 18:44 d--h----- C:\Documents and Settings\Administrator\AndrMask 2007-11-13 18:07 d-------- C:\Programfiler\SUPERAntiSpyware 2007-11-13 18:07 d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-11-13 18:07 d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2007-11-11 18:51 88,128 --a------ C:\WINDOWS\system32\qgvxgydd.dll 2007-11-07 19:35 d-------- C:\Programfiler\Windows Live Safety Center 2007-11-06 18:31 d--h----- C:\Programfiler\ApplePie 2007-11-02 22:00 d--h----- C:\WINDOWS\PIF 2007-11-02 21:08 40,960 --a------ C:\WINDOWS\system32\psfind.dll 2007-11-02 21:04 d-------- C:\Programfiler\THQ 2007-10-30 17:03 d-------- C:\Documents and Settings\All Users\Programdata\Messenger Plus! 2007-10-29 21:09 d-------- C:\Programfiler\Windows Live 2007-10-13 18:54 d-------- C:\Programfiler\Western Digital Technologies . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-02 20:04 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-11-01 21:39 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys 2007-11-01 19:47 304,160 ----a-w C:\StiImg.dat 2007-10-29 20:09 --------- d-----w C:\Programfiler\MSN Messenger 2007-10-13 10:45 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-10-12 19:15 37,027 ----a-w C:\WINDOWS\atmoUn.exe 2007-10-12 19:15 --------- d--h--w C:\Documents and Settings\All Users\Programdata\Viewpoint 2007-10-12 19:15 --------- d-----w C:\Programfiler\Viewpoint 2007-10-12 17:58 --------- d--h--w C:\Documents and Settings\All Users\Programdata\NVIDIA 2007-10-12 17:54 70,768,312 ----a-w C:\Programfiler\163.71_forceware_winxp_32bit_international_whql.exe 2007-10-10 13:46 --------- d--h--w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-09-26 16:27 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-09-19 17:20 606,848 -c--a-w C:\WINDOWS\flashax.exe 2007-09-19 17:20 503,808 ----a-w C:\WINDOWS\hitchhikers.scr 2007-09-19 17:20 12,288 ----a-w C:\WINDOWS\impborl.dll 2007-09-18 16:12 --------- d-----w C:\Programfiler\SystemRequirementsLab 2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D}] 2007-11-06 18:31 95232 --a------ C:\Programfiler\ApplePie\ie-improver.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-10-30 12:49 C:\WINDOWS\RTHDCPL.exe] "Gainward"="C:\WINDOWS\TBPanel.exe" [2006-06-23 14:29] "RemoteControl"="C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 02:01] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50] "GrooveMonitor"="E:\Microsoft Office 2007 Norsk\Office12\GrooveMonitor.exe" [2006-10-26 23:47] "DAEMON Tools"="E:\Programmer\DAEMON tools\daemon.exe" [2006-11-12 11:48] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07] "nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "QuickTime Task"="E:\Programmer\Bitcomet\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2007-07-04 01:06] "64f56c63"="C:\WINDOWS\system32\qgvxgydd.dll" [2007-11-11 18:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00] "BitComet"="E:\Programmer\Bitcomet\BitComet.exe" [2007-06-19 08:03] "msnmsgr"="C:\Programfiler\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions R3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys R3 vgadrv;vgadrv;C:\WINDOWS\system32\DRIVERS\vgadrv.sys S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld S3 XDva014;XDva014;\??\C:\WINDOWS\system32\XDva014.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 18:57:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 18:58:56 - machine was rebooted . --- E O F ---