ComboFix 08-11-14.01 - Administrator 2008-11-16 13:46:50.7 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.423 [GMT 1:00] Running from: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 ))))))))))))))))))))))))))))))) . 2008-11-16 03:23 . 2008-11-16 13:45 dr-h----- c:\documents and settings\Administrator\Siste 2008-11-16 00:07 . 2008-11-16 00:07 d-------- c:\documents and settings\All Users\Programdata\comodo 2008-11-12 22:57 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 22:57 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-08 02:11 . 2008-11-16 13:41 d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-08 02:11 . 2008-11-08 02:11 d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-08 02:11 . 2008-11-08 02:11 d-------- c:\documents and settings\Administrator\Programdata\Malwarebytes 2008-11-08 02:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-08 02:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-02 23:46 . 2008-11-02 23:46 d-------- c:\programfiler\EagleEyeOS 2008-10-31 00:57 . 2008-10-31 00:57 410,976 --a------ c:\windows\system32\deploytk.dll 2008-10-30 02:04 . 2007-07-16 16:59 101,120 --a------ c:\windows\system32\drivers\ewusbmdm.sys 2008-10-30 02:04 . 2007-07-16 16:59 24,448 --a------ c:\windows\system32\drivers\ewdcsc.sys 2008-10-30 01:59 . 2008-10-30 01:59 268 --ah----- C:\sqmdata00.sqm 2008-10-30 01:59 . 2008-10-30 01:59 244 --ah----- C:\sqmnoopt00.sqm 2008-10-23 22:57 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2008-10-23 07:49 . 2008-10-23 14:48 d-------- c:\documents and settings\Administrator\Programdata\dvdcss 2008-10-19 11:42 . 2008-11-02 23:47 d-------- c:\programfiler\Fellesfiler\EagleEyeOS 2008-10-19 11:42 . 2008-10-19 11:42 d-------- c:\documents and settings\Administrator\Programdata\EagleEyeOS 2008-10-18 02:47 . 2008-10-18 02:48 d-------- c:\documents and settings\Administrator\Programdata\vlc 2008-10-17 22:08 . 2008-10-17 22:08 d-------- c:\programfiler\VideoLAN 2008-10-17 22:03 . 2008-10-17 22:03 d-------- c:\documents and settings\Administrator\Programdata\Windows Search . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-16 06:39 --------- d-----w c:\documents and settings\Administrator\Programdata\foobar2000 2008-11-15 21:33 --------- d-----w c:\programfiler\COMODO 2008-11-15 21:33 --------- d-----w c:\documents and settings\Administrator\Programdata\Comodo 2008-11-09 21:48 --------- d-----w c:\programfiler\Hp 2008-11-08 17:58 --------- d-----w c:\documents and settings\Administrator\Programdata\uTorrent 2008-11-02 03:50 99,856 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-11-02 03:50 31,504 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2008-11-02 03:49 143,096 ----a-w c:\windows\system32\guard32.dll 2008-10-31 14:40 --------- d-----w c:\programfiler\Hewlett-Packard 2008-10-30 23:57 --------- d-----w c:\programfiler\Java 2008-10-30 01:04 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 07:15 --------- d-----w c:\programfiler\Microsoft Silverlight 2008-10-09 09:16 --------- d-----w c:\programfiler\Mp3tag 2008-10-09 09:16 --------- d-----w c:\documents and settings\Administrator\Programdata\Mp3tag 2008-10-09 07:13 --------- d-----w c:\documents and settings\Administrator\Programdata\Windows Desktop Search 2008-10-09 07:12 --------- d-----w c:\programfiler\Windows Desktop Search 2008-10-03 17:31 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-25 20:16 --------- d-----w c:\documents and settings\Administrator\Programdata\ArcSoft 2008-09-20 17:41 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR(2) 2008-09-20 17:41 --------- d-----w c:\programfiler\Fellesfiler\Adobe AIR 2008-09-20 15:48 --------- d-----w c:\documents and settings\Administrator\Programdata\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2008-09-18 20:53 --------- d-----w c:\programfiler\iISystem Wiper 2008-09-18 20:27 --------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft 2008-09-18 20:25 --------- d-----w c:\programfiler\Lavasoft 2008-09-18 20:24 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-09-16 13:37 172 ----a-w c:\documents and settings\Administrator\Programdata\wklnhst.dat 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-15 15:29 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys 2008-09-10 01:16 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys 2008-09-05 21:30 950,824 ------w c:\windows\system32\dllcache\WgaTray.exe 2008-09-05 21:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-27 09:30 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-08-25 08:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-05-07 11:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008042120080428\index.dat 2008-05-07 11:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008050720080508\index.dat 2008-05-11 16:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008051120080512\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-11-16_ 6.05.25,39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-16 03:14:44 29,926 ----a-r c:\windows\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe + 2008-11-16 06:15:12 29,926 ----a-r c:\windows\Installer\{D70A63D1-2F54-4713-8AE6-BBD28D1A62E6}\MsblIco.Exe + 2008-11-16 06:23:26 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_37c.dat + 2008-11-16 09:06:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_714.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "filehippo.com"="c:\programfiler\filehippo.com\UpdateChecker.exe" [2008-07-03 137216] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] "iIWiper"="c:\programfiler\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-10-31 136600] "PTHOSTTR"="c:\programfiler\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656] "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920] "QlbCtrl"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072] "Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960] "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-23 802816] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928] "WatchDog"="c:\programfiler\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320] "avgnt"="c:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497] "COMODO Firewall Pro"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-11-02 1797880] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SynTPStart"="c:\programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "COMODO Internet Security"="c:\programfiler\COMODO\Firewall\cfp.exe" [2008-11-02 1797880] "MsmqIntCert"="mqrt.dll" [2008-04-14 c:\windows\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2006-02-15 581693] DVD Check.lnk - c:\programfiler\InterVideo\DVD Check\DVDCheck.exe [2008-04-26 184320] EagleEyeOS Update Manager.lnk - c:\programfiler\Fellesfiler\EagleEyeOS\EEOSUpdateMgr.exe [2008-10-19 482416] SqueezeCenter Tray Tool.lnk - c:\programfiler\SqueezeCenter\SqueezeTray.exe [2008-05-06 1728599] Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2005-07-25 19:41 40960 c:\programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "9000:TCP"= 9000:TCP:SqueezeCenter 9000 tcp "3483:UDP"= 3483:UDP:SqueezeCenter 3483 udp "3483:TCP"= 3483:TCP:SqueezeCenter 3483 tcp R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-07-23 99856] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-07-23 31504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-04 14336] R2 SqueezeMySQL;SqueezeMySQL;c:\progra~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe --defaults-file=c:\docume~1\ALLUSE~1\PROGRA~1\SQUEEZ~1\Cache\my.cnf SqueezeMySQL [] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fd45976-a61e-11dd-9b26-001b775013e1}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3fd45978-a61e-11dd-9b26-001b775013e1}] \Shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9d1d04-8273-11dd-9ad9-001b775013e1}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd628c74-63f2-11dd-9ad7-001b775013e1}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd628c77-63f2-11dd-9ad7-001b775013e1}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd628c7b-63f2-11dd-9ad7-001b775013e1}] \Shell\AutoRun\command - F:\AutoRun.exe *Newly Created Service* - USNJSVC . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-16 13:48:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe??????? ???@???????????????@??????t??????(?@???????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\system32\winlogon.exe -> c:\windows\system32\guard32.dll PROCESS: c:\windows\system32\lsass.exe -> c:\windows\system32\guard32.dll . Completion time: 2008-11-16 13:50:03 ComboFix-quarantined-files.txt 2008-11-16 12:49:58 ComboFix2.txt 2008-11-16 05:05:50 ComboFix3.txt 2008-07-23 09:15:30 Pre-Run: 54 581 465 088 byte ledig Post-Run: 54,574,632,960 byte ledig 202 --- E O F --- 2008-10-15 14:22:53