ComboFix 08-08-16.01 - Eirik Nesset 2008-08-17 14:15:27.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.64.1044.18.2324 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Programdata\inst.exe
C:\Documents and Settings\Administrator\Programdata\rhc3rkj0e51c
C:\Documents and Settings\LocalService\Programdata\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Programdata\Microsoft\SystemCertificates\My
C:\WINDOWS\BMdb315491.txt
C:\WINDOWS\BMdb315491.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\blphc7rkj0e51c.scr
C:\WINDOWS\system32\eeuvjaoy.ini
C:\WINDOWS\system32\ekxgnrle.ini
C:\WINDOWS\system32\elrngxke.dll
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kjkwluhy.ini
C:\WINDOWS\system32\lscqfhlj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\miiihjxw.dll
C:\WINDOWS\system32\MSYayccf.ini
C:\WINDOWS\system32\MSYayccf.ini2
C:\WINDOWS\system32\muobpq.dll
C:\WINDOWS\system32\nydcrjmr.ini
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pxjygufv.dll
C:\WINDOWS\system32\tpmmmccy.dll
C:\WINDOWS\system32\uqpybhib.ini
C:\WINDOWS\system32\wdrqejsn.dll
C:\WINDOWS\system32\wxjhiiim.ini
C:\WINDOWS\system32\zkkurr.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWNETPKER
-------\Service_windownetpker


(((((((((((((((((((((((((   Files Created from 2008-07-17 to 2008-08-17  )))))))))))))))))))))))))))))))
.

2008-08-17 14:13 . 2008-08-17 14:13	<DIR>	dr-h-----	C:\Documents and Settings\Administrator\Siste
2008-08-17 14:06 . 2008-08-17 14:06	<DIR>	d--------	C:\Programfiler\Trend Micro
2008-08-17 13:38 . 2008-08-17 13:38	<DIR>	d--------	C:\Programfiler\SUPERAntiSpyware
2008-08-17 13:38 . 2008-08-17 13:38	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com
2008-08-17 13:38 . 2008-08-17 13:38	<DIR>	d--------	C:\Documents and Settings\Administrator\Programdata\SUPERAntiSpyware.com
2008-08-17 13:16 . 2008-08-17 13:17	153	--a------	C:\WINDOWS\wininit.ini
2008-08-16 21:17 . 2008-08-16 21:17	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\vsosdk
2008-08-16 20:31 . 2008-08-16 20:31	<DIR>	d--------	C:\Programfiler\VSO
2008-08-16 20:31 . 2008-08-17 00:34	<DIR>	d--------	C:\Documents and Settings\Administrator\Programdata\Vso
2008-08-16 20:31 . 2004-05-04 12:53	1,645,320	--a------	C:\WINDOWS\gdiplus.dll
2008-08-16 20:31 . 2006-05-20 17:16	1,184,984	--a------	C:\WINDOWS\system32\wvc1dmod.dll
2008-08-16 20:31 . 2006-09-29 13:24	217,127	--a------	C:\WINDOWS\system32\drv43260.dll
2008-08-16 20:31 . 2006-09-29 13:25	208,935	--a------	C:\WINDOWS\system32\drv33260.dll
2008-08-16 20:31 . 2006-09-29 13:26	176,165	--a------	C:\WINDOWS\system32\drv23260.dll
2008-08-16 20:31 . 2007-03-18 21:37	65,602	--a------	C:\WINDOWS\system32\cook3260.dll
2008-08-16 20:31 . 2008-08-16 20:31	47,360	--a------	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-08-16 20:31 . 2008-08-16 20:31	47,360	--a------	C:\Documents and Settings\Administrator\Programdata\pcouffin.sys
2008-08-16 20:19 . 2008-08-16 20:19	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\NCH Swift Sound
2008-08-10 15:07 . 2008-08-10 15:07	23	--a------	C:\WINDOWS\BlendSettings.ini
2008-08-08 17:55 . 2008-08-17 12:09	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-08-04 01:23 . 2008-08-17 12:03	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
2008-08-04 01:23 . 2008-08-04 01:23	<DIR>	d--------	C:\Programfiler\AVG
2008-08-04 01:23 . 2008-08-14 21:13	<DIR>	d--------	C:\Documents and Settings\All Users\Programdata\avg8
2008-08-04 01:23 . 2008-08-04 01:23	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-04 01:23 . 2008-08-04 01:23	76,040	--a------	C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-04 01:23 . 2008-08-04 01:23	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
2008-07-31 17:47 . 2008-07-31 17:47	244	--ah-----	C:\sqmnoopt07.sqm
2008-07-31 17:47 . 2008-07-31 17:47	232	--ah-----	C:\sqmdata07.sqm
2008-07-31 17:41 . 2008-07-31 17:41	244	--ah-----	C:\sqmnoopt06.sqm
2008-07-31 17:41 . 2008-07-31 17:41	232	--ah-----	C:\sqmdata06.sqm
2008-07-21 17:24 . 2008-07-21 17:24	0	--a------	C:\WINDOWS\system32\5j4bY3oi.exe.a_a

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 12:13	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy
2008-08-17 12:12	---------	d-----w	C:\Programfiler\CCleaner
2008-08-17 12:06	---------	d-----w	C:\Programfiler\Java
2008-08-17 11:37	---------	d-----w	C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-08-17 11:01	---------	d-----w	C:\Documents and Settings\Administrator\Programdata\OpenOffice.org2
2008-08-17 10:36	---------	d-----w	C:\Documents and Settings\All Users\Programdata\Lavasoft
2008-08-17 10:34	---------	d-----w	C:\Programfiler\Lavasoft
2008-08-09 11:59	---------	d--h--w	C:\Programfiler\InstallShield Installation Information
2008-07-20 13:58	---------	d-----w	C:\Documents and Settings\Administrator\Programdata\gtk-2.0
2008-07-20 13:49	---------	d-----w	C:\Programfiler\Avidemux 2.4
2008-06-21 12:08	---------	d-----w	C:\Programfiler\Tunatic
2008-06-21 11:26	---------	d-----w	C:\Documents and Settings\All Users\Programdata\nView_Profiles
2008-06-19 15:32	---------	d-----w	C:\Programfiler\Google
2006-05-03 09:06	163,328	--sh--r	C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47	31,232	--sh--r	C:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 20:59	2953216	--a------	C:\Programfiler\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 20:59	2953216	--a------	C:\Programfiler\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"DWQueuedReporting"="C:\PROGRA~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 14:06 8462336]
"WLSS"="C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 19:55 190000]
"snp2uvc"="C:\WINDOWS\vsnp2uvc.exe" [2006-12-29 12:48 569344]
"PSQLLauncher"="C:\Programfiler\Protector Suite QL\launcher.exe" [2007-03-28 20:23 49168]
"IntelZeroConfig"="C:\Programfiler\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 11:51 823296]
"IntelWireless"="C:\Programfiler\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 11:49 974848]
"FastUser"="C:\Programfiler\powertoys\fast.exe" [2001-10-08 13:59 49216]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"CTCheck"="C:\Programfiler\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-04 01:23 1232152]
"nwiz"="nwiz.exe" [2007-06-26 14:06 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 19:42 16858624 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 01:03 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:03 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
Adobe Gamma Loader.exe.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-21 16:53:54 113664]
Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 20:46 90112 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-12-23 04:28 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2006-02-14 13:00 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Spill\\Hellgate London\\Launcher.exe"=
"C:\\Programfiler\\LimeWire\\LimeWire.exe"=
"D:\\Spill\\Call Of Duty 4\\iw3mp.exe"=
"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 11:16]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-04 01:23]
R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-04 01:23]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-04 01:23]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-04 01:23]
R3 CamFilter;CamFilter;C:\WINDOWS\system32\Drivers\CamFilter.sys [2007-05-11 16:56]
S3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 03:55]
S4 Smart Watchdog;Smart Watchdog Service;C:\Programfiler\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [2007-05-15 00:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{474C31C5-578B-4192-8562-2E474578DC27} - C:\WINDOWS\system32\tuvsRkLD.dll
HKCU-Run-Pop-Up-Blocker - (no file)
HKCU-Run-BlockAds - (no file)
HKLM-Run-KTPWare - C:\Programfiler\Elantech\ktp.exe
HKLM-Run-SMBTray - C:\Program Files\Compal\Smart Battery\SMBTray.exe
HKLM-Run-lphc7rkj0e51c - C:\WINDOWS\system32\lphc7rkj0e51c.exe
HKLM-Run-SMrhc3rkj0e51c - C:\Programfiler\rhc3rkj0e51c\rhc3rkj0e51c.exe
HKLM-Run-d802670d - C:\WINDOWS\system32\elrngxke.dll
HKLM-Run-BMdb315491 - C:\WINDOWS\system32\aqkotsve.dll
ShellExecuteHooks-{474C31C5-578B-4192-8562-2E474578DC27} - C:\WINDOWS\system32\tuvsRkLD.dll
Notify-gebcawt - gebcawt.dll
Notify-tuvsRkLD - tuvsRkLD.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Programdata\Mozilla\Firefox\Profiles\8xheyl15.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 14:19:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programfiler\Intel\Wireless\Bin\S24EvMon.exe
C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe
C:\Programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programfiler\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programfiler\Intel\Wireless\Bin\EvtEng.exe
C:\Programfiler\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programfiler\Intel\Wireless\Bin\RegSrvc.exe
C:\Programfiler\NetLimiter 2 Pro\NLClient.exe
C:\Programfiler\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programfiler\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-08-17 14:23:19 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-17 12:23:10

Pre-Run: 7,351,410,688 byte ledig
Post-Run: 7,270,694,912 byte ledig

228	--- E O F ---	2008-01-15 19:09:45