ComboFix 08-04-14.2 - Administrator 2008-04-16 18:17:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.199 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\pc rydding\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))) . 2008-04-16 18:14 . 2008-04-16 18:14 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-04-16 18:14 . 2008-04-16 18:15 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7 2008-04-16 18:13 . 2008-04-16 18:13 d-------- C:\Program Files\SUPERAntiSpyware 2008-04-16 18:13 . 2008-04-16 18:13 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-04-16 18:13 . 2008-04-16 18:13 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-04-16 18:13 . 2008-04-16 18:15 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-04-16 18:13 . 2008-04-16 18:13 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-04-16 18:12 . 2008-04-16 18:12 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-16 18:11 . 2008-04-16 18:11 d-------- C:\Program Files\Trend Micro 2008-04-16 17:49 . 2008-04-16 17:49 d-------- C:\WINDOWS\LastGood 2008-04-10 15:36 . 2008-02-20 07:32 148,992 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-04-10 15:36 . 2008-02-20 07:32 45,568 --------- C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-04-01 12:13 . 2008-04-01 12:13 268 --ah----- C:\sqmdata03.sqm 2008-04-01 12:13 . 2008-04-01 12:13 244 --ah----- C:\sqmnoopt03.sqm 2008-03-17 23:22 . 2008-03-17 23:22 d-------- C:\Program Files\MSXML 4.0 2008-03-17 23:21 . 2008-04-10 23:26 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-03-17 19:39 . 2008-03-17 19:39 244 --ah----- C:\sqmnoopt02.sqm 2008-03-17 19:39 . 2008-03-17 19:39 232 --ah----- C:\sqmdata02.sqm 2008-03-17 19:07 . 2008-03-17 19:07 268 --ah----- C:\sqmdata01.sqm 2008-03-17 19:07 . 2008-03-17 19:07 244 --ah----- C:\sqmnoopt01.sqm 2008-03-17 18:56 . 2008-03-01 15:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-03-17 18:55 . 2007-04-16 17:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll 2008-03-17 18:55 . 2007-11-07 11:26 721,920 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll 2008-03-17 18:55 . 2007-07-09 15:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-03-17 18:55 . 2007-02-09 13:10 574,464 --------- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-03-17 18:55 . 2007-12-04 20:38 550,912 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll 2008-03-17 18:55 . 2007-04-25 16:21 144,896 --------- C:\WINDOWS\system32\dllcache\schannel.dll 2008-03-17 18:55 . 2008-03-17 18:55 268 --ah----- C:\sqmdata00.sqm 2008-03-17 18:55 . 2008-03-17 18:55 244 --ah----- C:\sqmnoopt00.sqm 2008-03-17 18:52 . 2007-01-23 21:29 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-03-17 18:45 . 2008-04-01 17:18 d-------- C:\Documents and Settings\Administrator\Contacts 2008-03-17 18:40 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-03-17 18:40 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-03-17 18:40 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-03-17 18:39 . 2008-03-17 18:39 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-03-17 18:39 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-03-17 18:39 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-03-17 18:39 . 2007-07-30 20:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-03-17 18:39 . 2007-07-30 20:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-03-17 18:38 . 2008-03-17 18:40 d-------- C:\Program Files\Windows Live Toolbar 2008-03-17 18:35 . 2008-03-17 18:35 d-------- C:\Program Files\MSN Messenger . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-16 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-04-10 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania United 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-10 18:07 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-01 16:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-21 19:25 --------- d-----w C:\Program Files\QuickTime Alternative 2008-02-21 19:25 --------- d-----w C:\Program Files\Bonjour 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-12-27 09:26 260,624 ----a-w C:\Documents and Settings\Administrator\Application Data\setup_no[1].exe . ------- Sigcheck ------- 2004-08-04 13:00 30208 de8fa9cf18f95341079c7e6a215c226a C:\WINDOWS\system32\ctfmon.exe 2004-08-04 13:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\XPize\Backup\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 00:29 62976] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 30208] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-07 21:33 53248 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2006-03-23 10:02 176128 C:\WINDOWS\system32\VTTrayp.exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 23:51 257088] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 02:07 593920] "QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-02-01 00:13 385024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 18:14 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-16 18:14 219136] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-03-01 15:06 124928 C:\WINDOWS\system32\advpack.dll] "TSClientMSIUninstaller"="cmd.exe" [2004-08-04 13:00 388608 C:\WINDOWS\system32\cmd.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDesktopCleanupWizard"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= S0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 21:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 21:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 21:07] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 21:08] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 21:06] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 21:09] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 21:06] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 11:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 11:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 11:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 11:42] S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 11:42] *Newly Created Service* - AVG7ALRT *Newly Created Service* - AVG7CORE *Newly Created Service* - AVG7RSW *Newly Created Service* - AVG7RSXP *Newly Created Service* - AVG7UPDSVC *Newly Created Service* - AVGCLEAN *Newly Created Service* - AVGEMS *Newly Created Service* - AVGTDI *Newly Created Service* - CATCHME *Newly Created Service* - SASDIFSV *Newly Created Service* - SASENUM *Newly Created Service* - SASKUTIL . Contents of the 'Scheduled Tasks' folder "2007-12-31 12:04:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-04-16 16:02:00 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-16 18:19:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 2 ************************************************************************** . Completion time: 2008-04-16 18:20:08 ComboFix-quarantined-files.txt 2008-04-16 16:20:01 Pre-Run: 66,440,491,008 bytes free Post-Run: 66,562,125,824 bytes free . 2008-04-10 21:26:34 --- E O F ---