CriminalPiece
New member
ComboFix 07-11-19.3 - Doc Pham 2007-11-25 18:05:07.1 - NTFSx86
Running from: C:\Documents and Settings\Doc Pham\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Doc Pham\Application Data\FNTS~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem~1\??stem\
C:\Program Files\poolsv
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\mwinsys.ini
C:\WINDOWS\notedad.exe
C:\WINDOWS\System\AlxRes071024.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\comrep.dll
C:\WINDOWS\system32\drivers\ecdysrrv.sys
C:\WINDOWS\system32\drivers\hsfumwfc.dat
C:\WINDOWS\system32\drivers\hsfumwfc.sys
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G5
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\inf\scrsys071024.scr
C:\WINDOWS\system32\inf\scrsys16_071024.dll
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\W1
C:\WINDOWS\system32\W2
C:\WINDOWS\system32\W3
C:\WINDOWS\system32\W4
C:\WINDOWS\system32\W5
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wkvnypbg.dll
C:\WINDOWS\wr.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_APIMON
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FUJQCXVL
-------\LEGACY_NET_AGENT
-------\fujqcxvl
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.
2007-11-25 09:06 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-25 09:06 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-11-24 19:22 <DIR> d-------- C:\Program Files\VS Revo Group
2007-11-24 14:28 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-24 14:27 5,329 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-21 22:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 22:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 22:50 <DIR> d-------- C:\Documents and Settings\Doc Pham\Application Data\SUPERAntiSpyware.com
2007-11-21 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 19:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 17:11 <DIR> d-------- C:\Deckard
2007-11-20 02:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-14 04:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-13 02:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-01 19:56 23,104 --a------ C:\WINDOWS\system32\oOXJ7P77.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 22:28 --------- d-----w C:\Program Files\Java
2007-10-13 00:25 --------- d-----w C:\Documents and Settings\Doc Pham\Application Data\Aim
2007-10-07 16:57 --------- d-----w C:\Program Files\Trend Micro
2007-10-07 02:45 --------- d-----w C:\Program Files\Dell
2007-10-07 02:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 02:32 --------- d-----w C:\Program Files\Yahoo!
2007-10-07 02:27 5,120 ----a-w C:\WINDOWS\system32\drivers\ecdysrrv.dat
2007-10-06 05:37 --------- d-----w C:\Documents and Settings\Doc Pham\Application Data\Yahoo!
2007-07-20 20:14 1,808,451 --sha-w C:\WINDOWS\system32\kjllm.bak1
2007-07-12 19:25 1,953,700 --sha-w C:\WINDOWS\system32\pstwa.bak1
2007-07-11 19:25 1,953,722 --sha-w C:\WINDOWS\system32\pstwa.bak2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-10-26 15:01]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 09:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 07:42]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 11:45]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 03:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 03:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 06:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 21:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 21:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 21:10]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-11-02 04:43:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 16:04:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-26 01:31:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-25 09:56:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 18:10:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 18:11:29 - machine was rebooted
.
--- E O F ---
Running from: C:\Documents and Settings\Doc Pham\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Doc Pham\Application Data\FNTS~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\stem~1\??stem\
C:\Program Files\poolsv
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\cs_cache.ini
C:\WINDOWS\mwinsys.ini
C:\WINDOWS\notedad.exe
C:\WINDOWS\System\AlxRes071024.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\comrep.dll
C:\WINDOWS\system32\drivers\ecdysrrv.sys
C:\WINDOWS\system32\drivers\hsfumwfc.dat
C:\WINDOWS\system32\drivers\hsfumwfc.sys
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G5
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\inf\scrsys071024.scr
C:\WINDOWS\system32\inf\scrsys16_071024.dll
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\W1
C:\WINDOWS\system32\W2
C:\WINDOWS\system32\W3
C:\WINDOWS\system32\W4
C:\WINDOWS\system32\W5
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wkvnypbg.dll
C:\WINDOWS\wr.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_APIMON
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FUJQCXVL
-------\LEGACY_NET_AGENT
-------\fujqcxvl
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.
2007-11-25 09:06 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-25 09:06 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-11-24 19:22 <DIR> d-------- C:\Program Files\VS Revo Group
2007-11-24 14:28 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-24 14:27 5,329 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log
2007-11-21 22:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-21 22:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 22:50 <DIR> d-------- C:\Documents and Settings\Doc Pham\Application Data\SUPERAntiSpyware.com
2007-11-21 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 19:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 17:11 <DIR> d-------- C:\Deckard
2007-11-20 02:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-14 04:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-13 02:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-11-01 19:56 23,104 --a------ C:\WINDOWS\system32\oOXJ7P77.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 22:28 --------- d-----w C:\Program Files\Java
2007-10-13 00:25 --------- d-----w C:\Documents and Settings\Doc Pham\Application Data\Aim
2007-10-07 16:57 --------- d-----w C:\Program Files\Trend Micro
2007-10-07 02:45 --------- d-----w C:\Program Files\Dell
2007-10-07 02:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 02:32 --------- d-----w C:\Program Files\Yahoo!
2007-10-07 02:27 5,120 ----a-w C:\WINDOWS\system32\drivers\ecdysrrv.dat
2007-10-06 05:37 --------- d-----w C:\Documents and Settings\Doc Pham\Application Data\Yahoo!
2007-07-20 20:14 1,808,451 --sha-w C:\WINDOWS\system32\kjllm.bak1
2007-07-12 19:25 1,953,700 --sha-w C:\WINDOWS\system32\pstwa.bak1
2007-07-11 19:25 1,953,722 --sha-w C:\WINDOWS\system32\pstwa.bak2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 14:08]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-10-26 15:01]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 09:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 07:42]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 11:45]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 03:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 03:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 06:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 21:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 21:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 21:10]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 22:20 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-11-02 04:43:54]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 16:04:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-26 01:31:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-11-25 09:56:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 18:10:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-25 18:11:29 - machine was rebooted
.
--- E O F ---
