ComboFix 08-01-20.1 - And 2008-01-20 21:23:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1667 [GMT 1:00]
Running from: C:\Documents and Settings\And\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Programmer\Helper
C:\WINDOWS\system32\drivers\spool.exe
----- Unknown downloads made by BITS: ----
http://hq-pharma.org.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.
2008-01-20 21:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 21:18 . 2007-07-06 18:39 401,720 --a------ C:\Programmer\HJTrenamed.exe
2008-01-20 21:01 . 2008-01-20 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-20 21:00 . 2008-01-20 21:16 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-01-20 21:00 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-20 21:00 . 2008-01-20 21:00 <DIR> d-------- C:\Documents and Settings\And\Application Data\SUPERAntiSpyware.com
2008-01-20 20:50 . 2008-01-20 20:50 <DIR> d-------- C:\Programmer\CCleaner
2008-01-20 15:53 . 2001-10-09 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-20 15:52 . 2004-08-26 18:53 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-01-20 15:51 . 2008-01-20 15:51 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-20 15:51 . 2008-01-20 15:51 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-01-20 15:51 . 2008-01-20 15:51 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-01-20 15:40 . 2004-08-26 19:26 1,086,058 -ra------ C:\WINDOWS\SET32.tmp
2008-01-20 15:40 . 2004-08-26 19:30 1,013,849 -ra------ C:\WINDOWS\SET2F.tmp
2008-01-20 15:40 . 2004-08-26 19:26 14,043 -ra------ C:\WINDOWS\SET3E.tmp
2008-01-20 15:08 . 2008-01-20 21:21 2,145,386,496 --a------ C:\WINDOWS\MEMORY.DMP
2008-01-20 14:33 . 2008-01-20 14:33 <DIR> d-------- C:\WINDOWS\NV1028388.TMP
2008-01-20 14:33 . 2007-10-04 17:14 136,260 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-01-20 13:49 . 2008-01-20 13:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-01-20 13:48 . 2008-01-20 13:48 <DIR> d-------- C:\Documents and Settings\And\Application Data\dvdcss
2008-01-20 13:23 . 2008-01-20 13:23 164 --a------ C:\install.dat
2008-01-20 12:34 . 2008-01-20 13:47 <DIR> d-------- C:\Programmer\eMule
2008-01-20 12:27 . 2008-01-20 13:10 281 --a------ C:\WINDOWS\wininit.ini
2008-01-20 12:02 . 2008-01-20 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-19 23:40 . 2008-01-20 13:47 <DIR> d-------- C:\Documents and Settings\And\Contacts
2008-01-19 23:36 . 2008-01-19 23:36 <DIR> d-------- C:\Documents and Settings\And\Application Data\vlc
2008-01-19 22:35 . 2008-01-19 22:37 <DIR> d-------- C:\Programmer\Windows Live
2008-01-19 22:35 . <DIR> C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-01-19 22:35 . 2008-01-19 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-19 22:22 . 2008-01-19 22:22 <DIR> d-------- C:\Programmer\VideoLAN
2008-01-19 21:29 . 2008-01-20 13:47 <DIR> d-------- C:\Programmer\Winamp
2008-01-19 21:29 . 2008-01-20 13:47 <DIR> d-------- C:\Documents and Settings\And\Application Data\Winamp
2008-01-16 22:03 . 2008-01-16 22:03 <DIR> d-------- C:\Programmer\SlySoft
2008-01-16 21:56 . 2008-01-16 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-01-16 21:53 . 2008-01-16 21:53 25,984 --a------ C:\WINDOWS\system32\drivers\Fcv11.sys
2008-01-16 21:53 . 2008-01-16 21:53 10,240 --ahs---- C:\WINDOWS\system32\drivers\spool.exe~
2008-01-16 21:51 . 2008-01-16 21:51 <DIR> d-------- C:\Programmer\Elaborate Bytes
2008-01-16 21:51 . 2008-01-16 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-01-16 21:50 . 2008-01-16 22:01 58,880 --a------ C:\oipiy.exe
2008-01-16 21:50 . 2008-01-16 21:50 54,764 --a------ C:\WINDOWS\system32\dxdss.sys
2008-01-16 21:50 . 2008-01-16 22:01 41,472 --a------ C:\osfj.exe
2008-01-16 21:50 . 2008-01-16 21:50 14,848 --a------ C:\WINDOWS\system32\drivers\win32.exe~
2008-01-16 21:50 . 2008-01-16 21:50 14,848 --a------ C:\Documents and Settings\And\ntuser.exe
2008-01-16 21:50 . 2008-01-16 21:52 6,144 --a------ C:\WINDOWS\system32\msftp.dll
2008-01-16 21:50 . 2008-01-16 21:52 6,144 --a------ C:\Documents and Settings\And\msftp.dll
2008-01-16 21:50 . 2008-01-16 21:56 72 ---hs---- C:\WINDOWS\S926572FD.tmp
2008-01-16 21:50 . 2008-01-16 22:01 2 --a------ C:\412363067
2008-01-15 00:46 . 2007-12-03 11:21 2,513,432 --a------ C:\WINDOWS\system32\pcifmdio.dll
2008-01-15 00:46 . 2007-12-03 11:21 727,560 --a------ C:\WINDOWS\system32\DeltaIICpl.exe
2008-01-15 00:46 . 2007-12-03 11:21 297,992 --a------ C:\WINDOWS\system32\drivers\deltaII.sys
2008-01-15 00:46 . 2007-12-03 11:21 236,040 --a------ C:\WINDOWS\system32\DeltaIITray.exe
2008-01-15 00:46 . 2007-12-03 11:21 26,632 --a------ C:\WINDOWS\system32\DeltaII.cpl
2008-01-15 00:46 . 2007-12-03 11:21 25,096 --a------ C:\WINDOWS\system32\deltaIIasio.dll
2008-01-15 00:46 . 2007-12-03 11:21 21,000 --a------ C:\WINDOWS\system32\DeltaIIpnl.dll
2008-01-15 00:46 . 2007-12-03 11:21 12,296 --a------ C:\WINDOWS\system32\deltaIICoIn.dll
2008-01-15 00:11 . 2008-01-15 00:11 <DIR> d-------- C:\Programmer\Lavalys
2008-01-14 23:54 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-01-14 23:54 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-01-14 23:54 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-01-14 19:06 . 2008-01-15 00:13 <DIR> d-------- C:\Programmer\Waves
2008-01-14 19:05 . 2008-01-14 19:05 <DIR> d-------- C:\Documents and Settings\And\Application Data\Steinberg
2008-01-14 19:01 . 2008-01-15 00:14 <DIR> d-------- C:\Programmer\Steinberg
2008-01-14 19:00 . 2008-01-15 00:14 <DIR> d-------- C:\Programmer\Syncrosoft
2008-01-14 18:01 . 2008-01-14 18:01 <DIR> d-------- C:\Programmer\M-Audio
2008-01-14 18:01 . 2008-01-14 18:01 <DIR> d-------- C:\Documents and Settings\And\Application Data\InstallShield
2008-01-14 18:01 . 2007-12-03 11:21 236,040 --a------ C:\WINDOWS\system32\DeltaIITray(2).exe
2008-01-12 10:15 . 2008-01-12 10:15 <DIR> d-------- C:\pnp
2008-01-12 00:41 . 2008-01-12 00:41 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-12 00:32 . 2008-01-12 00:32 <DIR> d-------- C:\Programmer\ASUS
2008-01-11 23:56 . 2008-01-11 23:56 <DIR> d-------- C:\Programmer\WinTV
2008-01-11 23:54 . 2001-07-19 09:44 393,216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll
2008-01-11 23:54 . 1999-10-29 14:21 157,612 --a------ C:\WINDOWS\system32\Hcwpsip.dll
2008-01-11 23:39 . 2008-01-11 23:39 <DIR> d-------- C:\Programmer\Alwil Software
2008-01-11 23:31 . 2008-01-11 23:31 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-01-11 23:30 . 2007-04-13 15:36 1,822,720 --a------ C:\WINDOWS\SkyTel.exe
2008-01-11 23:30 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-01-11 23:30 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-11 23:30 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-11 23:29 . 2008-01-11 23:33 <DIR> d-------- C:\Programmer\Realtek
2008-01-11 23:29 . 2008-01-14 18:01 <DIR> d--h----- C:\Programmer\InstallShield Installation Information
2008-01-11 22:38 . 2008-01-11 22:38 <DIR> d-------- C:\SWSetup
2008-01-11 22:34 . 2008-01-20 15:55 <DIR> d-------- C:\WINDOWS\nview
2008-01-11 22:34 . <DIR> C:\Programmer\Fælles filer\InstallShield
2008-01-11 22:34 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-11 22:34 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-11 22:34 . 2008-01-11 22:35 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-11 22:34 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-11 22:33 . 2008-01-11 22:33 <DIR> d-------- C:\NVIDIA
2008-01-11 22:29 . 2008-01-12 00:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-11 22:29 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-11 22:18 . 2006-01-12 14:52 1,904 --a------ C:\WINDOWS\system32\SetupBD.din
2008-01-11 22:17 . 2008-01-11 22:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-11 22:17 . 2008-01-11 22:18 <DIR> d-------- C:\Programmer\Intel
2008-01-11 22:17 . 2008-01-11 22:17 <DIR> d-------- C:\Intel
2008-01-11 22:17 . 2007-07-26 16:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-01-11 21:00 . 2004-08-26 18:48 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-11 21:00 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 20:26 --------- d-----w C:\Programmer\Helper
2008-01-20 20:18 4,547 ----a-w C:\Programmer\hijackthis.log
2008-01-20 20:00 --------- d-----w C:\Programmer\Fælles filer
2008-01-20 14:51 --------- d-----w C:\Programmer\Fælles filer\System
2008-01-19 21:37 --------- d-----w C:\Programmer\Fælles filer\Microsoft Shared
2008-01-11 22:29 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-11 19:58 --------- d-----w C:\Programmer\Fælles filer\SpeechEngines
2008-01-11 19:58 --------- d-----w C:\Programmer\Fælles filer\ODBC
2008-01-11 19:22 --------- d--h--w C:\Programmer\Uninstall Information
2008-01-11 19:18 --------- d-----w C:\Programmer\microsoft frontpage
2008-01-11 19:17 --------- d-----w C:\Programmer\Onlinetjenester
2008-01-11 19:17 --------- d-----w C:\Programmer\Fælles filer\Tjenester
2008-01-11 19:17 --------- d-----w C:\Programmer\Fælles filer\MSSoap
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-25 09:01 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore(3).dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf(3).dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 18:53 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\DeltaIITray.exe" [2007-12-03 11:21 236040]
"DeltaIITaskbarApp"="C:\WINDOWS\system32\DeltaIITray.exe" [2007-12-03 11:21 236040]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-26 18:53 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fcv11.sys]
@="Driver"
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\WINDOWS\system32\DRIVERS\deltaII.sys [2007-12-03 11:21]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Programmer\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 Fcv11;Fcv11;C:\WINDOWS\System32\drivers\Fcv11.sys [2008-01-16 21:53]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2007-09-10 12:34]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-20 21:26:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-20 21:27:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-20 20:27:55
.
2008-01-16 16:16:51 --- E O F ---
