ComboFix 07-12-19.2 - Administrator 2007-12-19 22:22:45.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.667 [GMT 1:00] Running from: D:\Downloads\Logi\ComboFix.exe * Created a new restore point . [color=purple]The following files were disabled during the run:[/color] C:\WINDOWS\system32\guard32.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\aftrcwyp.dll C:\WINDOWS\system32\aqoyvmch.dll C:\WINDOWS\system32\atjilpwv.exe C:\WINDOWS\system32\aykdmsxy.dll C:\WINDOWS\system32\bgnkkkps.exe C:\WINDOWS\system32\dabuxwnx.ini C:\WINDOWS\system32\dptgspbv.exe C:\WINDOWS\system32\dqbkdjdx.dll C:\WINDOWS\system32\eikwgkrm.exe C:\WINDOWS\system32\fxgawafj.dll C:\WINDOWS\system32\gdnoonlg.exe C:\WINDOWS\system32\gkkxluht.exe C:\WINDOWS\system32\hcmvyoqa.ini C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\itgajpoo.dll C:\WINDOWS\system32\jojmsjqi.dll C:\WINDOWS\system32\lnnfubsf.dll C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\mwnswwey.dll C:\WINDOWS\system32\nijiqgct.dll C:\WINDOWS\system32\nlefgjtw.dll C:\WINDOWS\system32\nnowysvj.dll C:\WINDOWS\system32\orlmrrar.dll C:\WINDOWS\system32\pqnupagt.dll C:\WINDOWS\system32\ptvtcplw.ini C:\WINDOWS\system32\pxuapcov.dll C:\WINDOWS\system32\tgapunqp.ini C:\WINDOWS\system32\ttvffbrt.exe C:\WINDOWS\system32\uhnausyq.dll C:\WINDOWS\system32\ujmjmmpd.exe C:\WINDOWS\system32\vocpauxp.ini C:\WINDOWS\system32\wlpctvtp.dll C:\WINDOWS\system32\wtjgfeln.ini C:\WINDOWS\system32\xdbafsok.exe C:\WINDOWS\system32\xdjdkbqd.ini C:\WINDOWS\system32\xnwxubad.dll C:\WINDOWS\system32\yewwsnwm.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))) . 2007-12-19 22:04 . 2007-12-19 22:04 d-------- C:\VundoFix Backups 2007-12-16 20:51 . 2007-12-16 20:51 d-------- C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2007-12-16 18:26 . 2007-12-16 18:26 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-12-15 19:54 . 2007-12-16 19:54 970,614 ---hs---- C:\WINDOWS\system32\btrrlxfg.ini 2007-12-15 18:10 . 2007-12-15 18:12 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-15 17:21 . 2007-12-15 17:21 d-------- C:\Program Files\COMODO 2007-12-15 17:21 . 2007-12-15 17:25 d-------- C:\Documents and Settings\All Users\Dane aplikacji\comodo 2007-12-15 17:21 . 2007-12-15 17:21 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Comodo 2007-12-15 17:21 . 2007-12-15 17:21 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir 2007-12-15 17:21 . 2007-12-15 17:21 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys 2007-12-15 17:21 . 2007-12-15 17:21 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys 2007-12-14 22:53 . 2007-12-14 22:53 d-------- C:\Program Files\City Interactive 2007-12-12 10:44 . 2007-12-13 18:48 934,278 ---hs---- C:\WINDOWS\system32\wrsrwbft.ini 2007-12-08 13:50 . 2007-12-08 13:50 d-------- C:\Program Files\Ad-Aware 2007 2007-12-08 13:50 . 2007-12-08 13:50 d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft 2007-12-08 13:49 . 2007-12-08 13:49 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-08 13:48 . 2007-12-08 13:48 d---s---- C:\Documents and Settings\Administrator\UserData 2007-12-06 18:48 . 2007-12-06 18:48 d-------- C:\Program Files\Alwil Software 2007-12-06 18:48 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-06 18:48 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-06 18:48 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-06 18:48 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-06 18:48 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-06 18:48 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-06 18:48 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-06 18:48 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-06 18:35 . 2007-12-06 18:48 d-------- C:\Program Files\mks_vir_2007 2007-12-05 22:39 . 2007-12-05 22:39 36,864 --a------ C:\WINDOWS\system32\ssqoool.dll.vir 2007-11-24 19:22 . 2007-11-24 19:22 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\CyberLink 2007-11-24 19:21 . 2007-11-24 19:21 d-------- C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-11-19 21:28 . 2007-12-05 22:44 d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Petroglyph . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-19 20:51 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2007-12-16 20:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-15 22:43 --------- d-----w C:\Program Files\eSkiMoS R2 2007-12-08 12:54 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-06 17:39 --------- d-----w C:\Program Files\DAEMON Tools 2007-12-06 17:33 --------- d-----w C:\Program Files\Avast4 2007-11-28 21:31 --------- d-----w C:\Program Files\Opera 2007-11-18 17:52 --------- d-----w C:\Program Files\hp deskjet 920c series 2007-11-15 19:04 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-15 18:31 --------- d-----w C:\Program Files\7-Zip 2007-11-14 21:39 --------- d-----w C:\Program Files\Dziobas Rar Player 2007-11-14 17:06 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint 2007-11-13 17:55 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-12 18:16 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\EPSON 2007-11-09 21:38 --------- d-----w C:\Program Files\TRUST 640U SILVERLINE HEADSET USB 2007-11-09 07:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar 2007-11-08 21:49 --------- d-----w C:\Program Files\Multimedia Combo Set 2007-11-08 19:45 --------- d-----w C:\Program Files\Desktop Restore 2007-11-08 18:09 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Winamp 2007-11-08 18:00 --------- d-----w C:\Program Files\Winamp 2007-11-08 17:25 --------- d-----w C:\Program Files\SAGEM 2007-11-07 22:12 --------- d-----w C:\Program Files\uTorrent 2007-11-07 21:33 --------- d-----w C:\Program Files\Google 2007-11-07 21:21 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\eSkiMoS R2 2007-11-07 17:53 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Gadu-Gadu 2007-11-07 17:52 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-07 17:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-07 17:43 --------- d-----w C:\Program Files\epson 2007-11-07 17:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\UDL 2007-11-07 17:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\EPSON 2007-11-07 17:40 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2007-11-07 12:36 --------- d-----w C:\Program Files\CyberLink DVD Solution 2007-11-07 12:36 --------- d-----w C:\Program Files\CyberLink 2007-11-07 12:36 --------- d-----w C:\Program Files\Common Files\Ahead 2007-11-07 12:36 --------- d-----w C:\Program Files\Ahead 2007-11-07 12:02 --------- d-----w C:\Program Files\Marvell 2007-11-07 12:00 --------- d-----w C:\Program Files\Intel 2007-11-07 11:57 --------- d-----w C:\Program Files\Realtek Sound Manager 2007-11-07 11:57 --------- d-----w C:\Program Files\Realtek AC97 2007-11-07 11:57 --------- d-----w C:\Program Files\AvRack 2007-11-07 11:04 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-07 11:03 --------- d-----w C:\Program Files\Usługi online 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44] "EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 07:00] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 08:39] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-07 19:04] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 C:\WINDOWS\soundman.exe] "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "nwiz"="nwiz.exe" [2005-08-02 16:35 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] "WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 15:38] "WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2005-08-02 22:45] "CmUsbSound"="RunDll32 cmcnfgu.cpl" [] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-19 15:57] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-15 17:21] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2004-05-18 17:55] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-15 17:21] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-15 17:21] S3 cmudau;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudau.sys [2004-04-26 16:54] S3 lac97inf;lac97inf;C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\lac97inf.sys [] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-19 22:26:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\guard32.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\guard32.dll . Completion time: 2007-12-19 22:27:20 - machine was rebooted . 2007-11-19 18:32:20 --- E O F ---