ComboFix 07-11-08.1 - Dorio-PC 2007-11-17 12:51:21.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.2698 [GMT 1:00]
Running from: C:\Documents and Settings\Dorio-PC\Skrivebord\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\pics06.zip
C:\WINDOWS\system32\NTSpool.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pics06.zip
C:\WINDOWS\system32\NTSpool.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 02:15 <DIR> d-------- C:\Temp
2007-11-17 02:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-11-17 02:03 <DIR> d-------- C:\Programmer\GameSpy
2007-11-17 01:59 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-17 01:59 22,328 --a------ C:\Documents and Settings\Dorio-PC\Application Data\PnkBstrK.sys
2007-11-17 01:44 <DIR> d-------- C:\Programmer\Electronic Arts
2007-11-16 22:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 22:35 <DIR> d-------- C:\Programmer\Lavasoft
2007-11-16 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 22:34 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-16 22:34 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\SUPERAntiSpyware.com
2007-11-16 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-16 22:28 <DIR> d-------- C:\Programmer\CCleaner
2007-11-16 22:14 401,720 --a------ C:\Programmer\HJTrenamed.exe
2007-11-15 12:29 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\vlc
2007-11-15 11:39 <DIR> d-------- C:\Programmer\VideoLAN
2007-11-15 00:50 <DIR> d-------- C:\Programmer\SpywareGuard
2007-11-15 00:12 <DIR> d-------- C:\Programmer\Spyware Terminator
2007-11-15 00:12 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\Spyware Terminator
2007-11-15 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-14 14:49 <DIR> d-------- C:\Programmer\Ventrilo
2007-11-14 14:49 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-14 00:26 <DIR> d-------- C:\Programmer\Microsoft Works
2007-11-14 00:25 <DIR> d-------- C:\Programmer\Microsoft.NET
2007-11-14 00:23 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-14 00:23 <DIR> dr-h----- C:\MSOCache
2007-11-14 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 00:20 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
2007-11-14 00:20 69,632 --------- C:\WINDOWS\system32\BrWebIns.dll
2007-11-14 00:20 61,440 --------- C:\WINDOWS\system32\BRWEBUP.EXE
2007-11-14 00:20 45,056 --------- C:\WINDOWS\system32\PTRCDAN.DLL
2007-11-14 00:20 0 --a------ C:\Programmer\error.dat
2007-11-14 00:16 52,224 --a------ C:\WINDOWS\system32\brinsstr.dll
2007-11-14 00:16 50 --a------ C:\WINDOWS\system32\bridf06a.dat
2007-11-14 00:15 <DIR> d-------- C:\Programmer\ScanSoft
2007-11-14 00:15 <DIR> d-------- C:\Programmer\Fælles filer\ScanSoft Shared
2007-11-14 00:15 <DIR> d-------- C:\Programmer\Brother
2007-11-14 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2007-11-14 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-14 00:15 147,456 --------- C:\WINDOWS\brunin03.dll
2007-11-14 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2007-11-12 15:33 <DIR> d-------- C:\Programmer\Fælles filer\Futuremark Shared
2007-11-12 08:21 <DIR> d-------- C:\Programmer\Hamachi
2007-11-12 08:21 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\Hamachi
2007-11-12 08:21 25,280 --------- C:\WINDOWS\system32\drivers\hamachi.sys
2007-11-11 15:46 <DIR> d-------- C:\Programmer\SpeedFan
2007-11-11 14:27 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\Azureus
2007-11-11 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-11 14:26 <DIR> d-------- C:\Programmer\Azureus
2007-11-11 14:19 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\SopCast
2007-11-10 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-09 23:03 <DIR> dr-h----- C:\Documents and Settings\Dorio-PC\Application Data\SecuROM
2007-11-09 23:03 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-09 22:26 <DIR> d-------- C:\Programmer\THQ
2007-11-09 22:25 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-11-09 22:25 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-09 22:25 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-11-09 22:24 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-09 22:07 <DIR> d-------- C:\Programmer\BurnInTest
2007-11-09 22:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-09 22:07 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-11-08 23:01 <DIR> d-------- C:\Programmer\Fælles filer\Adobe
2007-11-08 19:04 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\Grisoft
2007-11-08 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 19:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 17:44 24,944 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys
2007-11-08 17:43 40,136 --a------ C:\WINDOWS\system32\drivers\ET5Drv.sys
2007-11-08 17:41 327,168 --a------ C:\WINDOWS\IsUninst.exe
2007-11-08 14:51 <DIR> d-------- C:\Microgaming
2007-11-08 14:51 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\Microgaming
2007-11-08 14:48 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2007-11-08 13:01 <DIR> d-------- C:\Programmer\GIGABYTE
2007-11-08 05:52 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-11-08 05:52 27,672 --------- C:\WINDOWS\system32\drivers\Entech.sys
2007-11-08 05:52 5,632 --------- C:\WINDOWS\system32\drivers\Entech64.sys
2007-11-08 05:52 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2007-11-08 05:51 <DIR> d-------- C:\Programmer\Futuremark
2007-11-07 20:43 <DIR> d-------- C:\Programmer\SopCast
2007-11-07 18:31 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\Ventrilo
2007-11-07 00:44 <DIR> d-------- C:\Programmer\Lavalys
2007-11-07 00:35 <DIR> d-------- C:\WINDOWS\Sun
2007-11-07 00:34 <DIR> d-------- C:\Programmer\RivaTuner v2.06
2007-11-07 00:13 <DIR> d-------- C:\Programmer\NVIDIA Corporation
2007-11-07 00:03 1,144 --a------ C:\WINDOWS\mozver.dat
2007-11-06 23:50 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Application Data\Talkback
2007-11-06 23:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-06 23:41 <DIR> d-------- C:\Programmer\PowerStrip
2007-11-06 22:43 <DIR> d-------- C:\Steam
2007-11-06 22:40 <DIR> d-------- C:\Programmer\MSXML 6.0
2007-11-06 22:29 <DIR> d-------- C:\Programmer\MSBuild
2007-11-06 22:27 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-11-06 22:27 <DIR> d-------- C:\Programmer\Reference Assemblies
2007-11-06 22:26 <DIR> d-------- C:\Programmer\Windows Media Connect 2
2007-11-06 22:26 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-11-06 22:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-11-06 22:17 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-11-06 22:05 <DIR> d-------- C:\Programmer\Java
2007-11-06 22:04 <DIR> d-------- C:\Programmer\Fælles filer\Java
2007-11-06 21:57 <DIR> d-------- C:\Programmer\MSN Messenger
2007-11-06 21:57 <DIR> d-------- C:\Documents and Settings\Dorio-PC\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 11:40 7,999 ----a-w C:\Programmer\hijackthis.log
2007-11-17 00:58 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-17 00:58 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-17 00:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-16 21:29 --------- d-----w C:\Programmer\Yahoo!
2007-11-13 23:20 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-11-13 23:20 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 16:14 6,854,464 ------w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-10-04 16:14 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 16:14 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-10-04 16:14 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-10-04 16:14 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 16:14 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-10-04 16:14 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
.
((((((((((((((((((((((((((((( snapshot_2007-11-17_ 2.19.59,17 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 22:02:18 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1030-7B44-A81000000003}\SC_Reader.exe
+ 2007-11-17 01:39:47 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1030-7B44-A81000000003}\SC_Reader.exe
+ 2007-11-17 11:33:15 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5b0.dat
+ 2007-11-17 11:32:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_78c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 10:33 C:\WINDOWS\RTHDCPL.exe]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 13:44]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2007-02-06 13:08]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"RefreshLock"="E:\ekstern hdd\formatere\RefreshLock.exe" [2002-05-28 20:30]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14]
"PowerStrip"="c:\programmer\powerstrip\pstrip.exe" [2007-07-14 10:35]
"EasyTuneVPro"="C:\Programmer\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 15:05]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SSBkgdUpdate"="C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 16:11]
"IndexSearch"="C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 16:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"Steam"="c:\steam\steam.exe" [2007-11-15 23:00]
"NVIDIA nTune"="C:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"Comrade.exe"="C:\Programmer\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03]
C:\Documents and Settings\Dorio-PC\Menuen Start\Programmer\Start\
hamachi.lnk - C:\Programmer\Hamachi\hamachi.exe [2007-11-12 08:21:08]
SpywareGuard.lnk - C:\Programmer\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
R2 PStrip;PSTRIP;\??\C:\WINDOWS\system32\DRIVERS\PSTRIP.SYS
R3 GVTDrv;GVTDrv;\??\C:\WINDOWS\system32\Drivers\GVTDrv.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 MarkFun_NT;MarkFun_NT;\??\C:\Programmer\Gigabyte\ET5Pro\markfun.w32
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 RivaTuner32;RivaTuner32;\??\C:\Programmer\RivaTuner v2.06\RivaTuner32.sys
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-17 12:51:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 12:52:10
C:\ComboFix2.txt ... 2007-11-17 12:39
C:\ComboFix3.txt ... 2007-11-17 12:36
.
--- E O F ---
