ComboFix 10-07-04.04 - anh 07/06/2010 17:10:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2552 [GMT -5:00]
Running from: c:\documents and settings\anh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\anh\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-05 13:28 . 2010-07-05 13:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-29 03:19 . 2010-06-29 03:19 -------- d-----w- c:\windows\system32\vmm32
2010-06-29 03:07 . 2005-05-25 22:34 158464 ----a-w- c:\windows\system32\drivers\ctusfsyn.sys
2010-06-29 03:07 . 2005-01-10 23:15 20992 ----a-w- c:\windows\system32\sfman32.dll
2010-06-29 03:07 . 2005-01-10 23:15 138752 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2010-06-29 03:07 . 2005-01-10 23:15 115200 ----a-w- c:\windows\system32\sfms32.dll
2010-06-29 03:07 . 2005-01-10 23:15 106496 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2010-06-29 03:07 . 2005-12-07 16:34 40448 ----a-w- c:\windows\system32\CiEcho.dll
2010-06-29 03:07 . 2005-10-30 00:42 11776 ----a-w- c:\windows\inres.dll
2010-06-29 03:07 . 2006-01-19 03:07 160768 ----a-w- c:\windows\system32\cifilter.dll
2010-06-29 03:07 . 2006-01-04 20:41 1389056 ----a-w- c:\windows\system32\drivers\monfilt.sys
2010-06-29 03:07 . 2010-06-29 03:07 -------- d-----w- c:\program files\Creative
2010-06-29 02:54 . 2010-06-29 02:57 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\Deployment
2010-06-25 01:58 . 2010-06-25 01:58 -------- d-----w- c:\program files\Trend Micro
2010-06-25 01:50 . 2010-06-25 02:22 -------- d-----w- c:\program files\Snood 4
2010-06-21 17:29 . 2010-06-21 17:29 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\anwljwgfj
2010-06-21 00:40 . 2010-06-21 00:40 -------- d-----w- c:\documents and settings\anh\Application Data\SUPERAntiSpyware.com
2010-06-21 00:40 . 2010-06-21 00:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-06-21 00:39 . 2010-06-21 00:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-20 14:48 . 2010-06-20 14:48 -------- d-----w- c:\documents and settings\anh\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\documents and settings\Administrator.HOANG\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 13:20 . 2010-06-20 13:20 -------- d-----w- c:\program files\CCleaner
2010-06-20 06:59 . 2010-06-20 14:44 -------- d-----w- c:\documents and settings\Administrator.HOANG\Application Data\Uwmyf
2010-06-20 06:58 . 2010-06-20 06:58 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-06-20 06:58 . 2010-06-26 14:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 13:20 . 2010-06-19 13:20 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-06-19 13:08 . 2010-06-19 13:08 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\itnackthn
2010-06-13 23:30 . 2010-06-13 23:30 -------- d-----w- c:\program files\pdfsam
2010-06-13 22:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 01:40 . 2010-06-09 01:40 -------- d-----w- c:\documents and settings\anh\Application Data\NewSoft
2010-06-09 01:39 . 2010-06-09 01:39 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\NewSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 13:11 . 2009-03-28 00:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-07-05 13:28 . 2006-09-08 15:45 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 13:28 . 2006-09-08 15:45 -------- d-----w- c:\program files\Java
2010-07-05 12:18 . 2006-09-08 15:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-29 03:07 . 2006-09-08 15:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 02:56 . 2006-09-08 15:49 -------- d-----w- c:\program files\Dell
2010-06-21 00:47 . 2009-05-07 11:41 -------- d-----w- c:\documents and settings\anh\Application Data\Skype
2010-06-20 14:49 . 2009-09-05 22:12 -------- d-----w- c:\documents and settings\anh\Application Data\Otoxi
2010-06-20 13:42 . 2007-03-04 18:50 -------- d-----w- c:\program files\Canon
2010-06-16 02:58 . 2009-06-18 03:23 -------- d-----w- c:\documents and settings\anh\Application Data\Canon
2010-06-15 01:23 . 2010-03-25 02:17 -------- d-----w- c:\documents and settings\anh\Application Data\PrimoPDF
2010-06-09 01:40 . 2009-06-18 02:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ScanSoft
2010-06-09 01:40 . 2007-03-04 18:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-09 01:40 . 2009-06-18 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanWizard
2010-06-09 01:40 . 2009-06-18 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2010-05-18 02:04 . 2006-09-08 15:54 -------- d-----w- c:\program files\Google
2010-05-14 16:25 . 2010-05-14 16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-05-14 16:25 . 2010-05-14 16:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-10 00:55 . 2007-01-22 15:25 -------- d-----w- c:\program files\PeerGuardian2
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator.HOANG\Application Data\Uwmyf ----
---- Directory of c:\documents and settings\anh\Application Data\Otoxi ----
---- Directory of c:\documents and settings\anh\Local Settings\Application Data\itnackthn ----
---- Directory of c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\anwljwgfj ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-11 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-21 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-11 19:52 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-02-20 22:22 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-11 02:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9ba4e5b101f64"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S4 gupdate1c9ba4e5b101f64;Google Update Service (gupdate1c9ba4e5b101f64);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 9:36 PM 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2009 5:45 PM 721904]
.
Contents of the 'Scheduled Tasks' folder
2010-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-05 00:17]
2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 02:36]
2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} -
hxxp://picasaweb.google.com/s/v/61.12/uploader2.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-06 21:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\windows\system32\dllhost.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\eHome\ehmsas.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2010-07-06 21:52:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 02:52
ComboFix2.txt 2010-07-05 13:14
ComboFix3.txt 2010-07-02 01:08
Pre-Run: 106,823,331,840 bytes free
Post-Run: 106,962,722,816 bytes free
- - End Of File - - 825E1CFE3C87E9CB87C701177E6A5195