PDA

View Full Version : Smithfraud


bkwas
2008-02-28, 22:36
I'm trying to rid my son's pc of annoying pop-ups...can't get rid of the Smithfraud-C.CoreService...we have McAfee virus scan and have run S&D...I tried HJT and Combofix based on a thread from this forum...I can't fit both so I'll send the combofix in another post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:02 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee.com\Agent\mcagent .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [64772ead] rundll32.exe "C:\WINDOWS\system32\txfdpnlk.dll",b
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [BM67441d31] Rundll32.exe "C:\WINDOWS\system32\nwogibpp.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203020766906
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
O22 - SharedTaskScheduler: AutoDisc Ware - {89aef01d-d237-49c7-84dc-4e1904c1fd31} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0300731204222797) (0300731204222797mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Jason\LOCALS~1\Temp\030073~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteqepr.html

--
End of file - 6924 bytes
bkwas
2008-02-28, 22:38
here's the combofix log...I will run S&D again to see what it comes up with...

ComboFix 08-02-25.3 - Jason 2008-02-28 15:19:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.122 [GMT -5:00]
Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Gaming Zone\rteqepr.html
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ahdngplm.ini
C:\WINDOWS\system32\aitqcnbr.dll
C:\WINDOWS\system32\allvbkjw.dll
C:\WINDOWS\system32\amqdfofw.ini
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\bdigwlwc.ini
C:\WINDOWS\system32\cmxpmnrh.ini
C:\WINDOWS\system32\crixaisa.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cwlwgidb.dll
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\dlkdsujk.ini
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\dvgiegtn.ini
C:\WINDOWS\system32\eebxrmbi.ini
C:\WINDOWS\system32\eyuwcbsf.ini
C:\WINDOWS\system32\fsbcwuye.dll
C:\WINDOWS\system32\gccspvxc.dll
C:\WINDOWS\system32\gcfxfdhd.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\gqiuxopw.dll
C:\WINDOWS\system32\grtlmmwv.dll
C:\WINDOWS\system32\gzmrt.dll
C:\WINDOWS\system32\hbvoobgl.dll
C:\WINDOWS\system32\ierbvqwx.dll
C:\WINDOWS\system32\igotskkt.dll
C:\WINDOWS\system32\irtytjuv.dll
C:\WINDOWS\system32\jebjdupf.dll
C:\WINDOWS\system32\jtelbgao.dll
C:\WINDOWS\system32\jtqkhgvl.ini
C:\WINDOWS\system32\klnpdfxt.ini
C:\WINDOWS\system32\ktsdloyb.ini
C:\WINDOWS\system32\legajtjb.ini
C:\WINDOWS\system32\lflmvwrh.dll
C:\WINDOWS\system32\ljssirpo.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mghimrlu.dll
C:\WINDOWS\system32\mhnpwalx.ini
C:\WINDOWS\system32\mmxqjjem.ini
C:\WINDOWS\system32\mxjntpyr.ini
C:\WINDOWS\system32\myixnusw.ini
C:\WINDOWS\system32\ntvtxtdo.ini
C:\WINDOWS\system32\nwogibpp.dll
C:\WINDOWS\system32\ohghlfmr.ini
C:\WINDOWS\system32\oprissjl.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pktutyme.dll
C:\WINDOWS\system32\qybfnhte.ini
C:\WINDOWS\system32\ribubusn.ini
C:\WINDOWS\system32\riwryfua.ini
C:\WINDOWS\system32\rjjxemsg.dll
C:\WINDOWS\system32\rrxdetgn.ini
C:\WINDOWS\system32\rtytrrjc.ini
C:\WINDOWS\system32\ryptnjxm.dll
C:\WINDOWS\system32\tdjuwgqm.dll
C:\WINDOWS\system32\tiaxmjwc.ini
C:\WINDOWS\system32\tmwtykrt.dll
C:\WINDOWS\system32\txfdpnlk.dll
C:\WINDOWS\system32\txldjrrg.dll
C:\WINDOWS\system32\udnyliyt.ini
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\utmplrxp.dll
C:\WINDOWS\system32\uvnnoxcb.ini
C:\WINDOWS\system32\vujtytri.ini
C:\WINDOWS\system32\vwmmltrg.ini
C:\WINDOWS\system32\winlogo.exe
C:\WINDOWS\system32\wl.exe
C:\WINDOWS\system32\wremekaf.dll
C:\WINDOWS\system32\wsunxiym.dll
C:\WINDOWS\system32\xinlxgoa.dll
C:\WINDOWS\system32\xlawpnhm.dll
C:\WINDOWS\system32\xodyhgxd.ini
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\ydmstmmo.ini
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z9

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-28 15:15 . 2008-02-28 15:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 21:07 . 2008-02-28 05:38 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\U3
2008-02-27 18:35 . 2008-02-27 20:57 <DIR> d-------- C:\Program Files\Abcc Free DIVX AVI MP4 WMV iPod Converter
2008-02-27 18:35 . 2007-08-18 02:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-02-27 18:35 . 2008-02-27 18:35 34 --ah----- C:\WINDOWS\system32\DVDRippper_sysquict.dat
2008-02-27 18:34 . 2008-02-27 18:35 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-02-27 17:42 . 2008-02-27 17:42 <DIR> d-------- C:\Program Files\ImTOO
2008-02-26 16:06 . 2008-02-28 13:18 99,512 --a------ C:\WINDOWS\BM67441d31.xml
2008-02-26 16:06 . 2008-02-28 13:42 22 --a------ C:\WINDOWS\pskt.ini
2008-02-21 06:16 . 2008-02-21 06:16 <DIR> d-------- C:\Program Files\IronClad Games
2008-02-20 21:12 . 2008-02-20 21:12 <DIR> d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-02-20 21:04 . 2008-02-20 21:04 <DIR> d-------- C:\Program Files\Stardock Games
2008-02-20 15:33 . 2008-02-20 15:33 <DIR> d-------- C:\Program Files\Stardock
2008-02-17 17:30 . 2008-02-17 17:30 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Moyea
2008-02-17 17:29 . 2008-02-17 17:29 <DIR> d-------- C:\Program Files\Moyea
2008-02-10 09:53 . 2008-02-24 10:51 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Azureus
2008-02-10 09:53 . 2008-02-10 09:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
2008-02-09 19:49 . 2008-02-09 19:49 <DIR> d-------- C:\Program Files\Azureus
2008-01-28 19:47 . 2008-02-22 05:35 <DIR> d-------- C:\Program Files\winvi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 20:24 --------- d-----w C:\Program Files\iTunes
2008-02-28 20:16 --------- d-----w C:\Documents and Settings\Jason\Application Data\MSN6
2008-02-28 18:42 --------- d-----w C:\Documents and Settings\Jason\Application Data\OpenOffice.org2
2008-02-28 18:21 --------- d-----w C:\Program Files\McAfee
2008-02-28 18:21 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-28 18:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-02-27 23:38 --------- d-----w C:\Documents and Settings\Jason\Application Data\Apple Computer
2008-02-23 14:53 --------- d-----w C:\Program Files\Microsoft Games
2008-02-23 14:52 --------- d-----w C:\Program Files\Electronic Arts
2008-02-16 08:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 00:02 --------- d-----w C:\Program Files\THQ
2008-02-11 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-11 15:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-02-11 00:29 --------- d-----w C:\Program Files\NoteBurner
2008-02-11 00:24 --------- d-----w C:\Program Files\01-mp3search
2008-01-22 23:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-22 23:26 --------- d-----w C:\Program Files\Napster
2008-01-22 23:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
2008-01-22 20:24 --------- d-----w C:\Program Files\Tunebite
2008-01-22 19:19 --------- d-----w C:\Documents and Settings\Jason\Application Data\tunebite
2008-01-22 14:04 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-01-17 01:25 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-01-10 22:18 --------- d-----w C:\Program Files\Google
2008-01-09 08:01 --------- d-----w C:\Program Files\QuickTime
2008-01-07 03:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Age of Empires 3
2008-01-06 04:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak
2008-01-06 04:04 --------- d-----w C:\Program Files\Design Science
2008-01-06 04:02 --------- d-----w C:\Program Files\NCH Swift Sound
2008-01-06 04:02 --------- d-----w C:\Program Files\NCH Software
2008-01-06 00:48 --------- d-----w C:\Program Files\McAfee.com
2008-01-06 00:37 25,214 ----a-w C:\Program Files\B.ico
2008-01-06 00:37 25,214 ----a-w C:\Program Files\A.ico
2008-01-06 00:37 --------- d-----w C:\Program Files\Common Files\Motive
2008-01-06 00:36 --------- d-----w C:\Program Files\verizon
2008-01-06 00:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Verizon
2008-01-06 00:23 --------- d-----w C:\Documents and Settings\Jason\Application Data\MSNInstaller
2008-01-06 00:06 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-01-05 21:43 --------- d-----w C:\Documents and Settings\Jason\Application Data\Verizon
2008-01-05 02:53 --------- d-----w C:\Program Files\BrowsingAdvisor
2008-01-02 21:04 --------- d-----w C:\Documents and Settings\Jason\Application Data\Sony
2008-01-02 21:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
2008-01-02 21:02 --------- d-----w C:\Program Files\Sony
2007-12-29 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2007-12-29 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2007-12-29 01:51 --------- d-----w C:\Documents and Settings\Jason\Application Data\NCH Swift Sound
2007-12-01 01:25 22,328 ----a-w C:\Documents and Settings\Jason\Application Data\PnkBstrK.sys
2007-10-22 08:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
2007-10-22 08:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
2007-10-22 08:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
2007-10-22 08:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-10-22 08:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
2007-10-22 08:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
2007-10-22 08:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
2007-10-22 08:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
2007-10-22 08:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
2001-02-09 00:11 28,672 ----a-w C:\Program Files\burutter.dll
.

<pre>
----a-w 39,792 2008-02-17 13:31:54 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 68,856 2008-01-06 03:50:20 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 267,048 2008-02-28 18:42:02 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-01-07 20:26:07 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w 582,992 2008-02-28 18:42:04 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 1,694,208 2008-01-12 17:16:00 C:\Program Files\Messenger\msmsgs .exe
----a-w 4,345,856 2008-01-22 12:03:14 C:\Program Files\NoteBurner\VTBurnerGUI .exe
----a-w 589,824 2008-01-07 20:26:06 C:\Program Files\NVIDIA Corporation\nTune\nTune .exe
----a-w 286,720 2008-01-11 09:36:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-11 09:36:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-11 09:36:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-11 09:36:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-11 09:36:02 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-11 09:36:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-07 20:26:09 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 09:36:03 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2008-01-11 09:36:03 C:\Program Files\QuickTime\qttask .exe
----a-w 2,483,496 2008-01-07 20:26:20 C:\Program Files\Registry Mechanic\RegMech .exe
----a-w 1,460,560 2008-01-21 18:44:24 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 2,846,720 2008-01-22 12:03:15 C:\Program Files\Tunebite\tunebite .exe
----a-w 936,960 2008-01-06 00:28:28 C:\Program Files\verizon\McciTrayApp .exe
----a-w 936,960 2008-01-06 00:32:03 C:\Program Files\verizon\MCCITR~1 .EXE
----a-w 50,744 2008-01-07 20:26:09 C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w 198,188 2008-02-09 19:10:25 C:\Program Files\winvi\wupda .exe
----a-w 64,512 2008-01-22 12:02:55 C:\WINDOWS\ehome\ehtray .exe
----a-w 15,360 2008-02-28 18:42:05 C:\WINDOWS\system32\ctfmon .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{743C451F-7380-43DD-9B06-019BEE395F75}]
2008-01-04 16:50 39936 --a------ C:\WINDOWS\system32\jkkijih.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-08 07:01 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2005-12-10 06:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-03-03 13:31 577536 C:\WINDOWS\soundman.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 06:06 7311360]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-02-28 13:45 582992]

C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 17:01:20 61440]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2006-03-03 00:30:34 914944]
DigiCell.lnk - C:\Program Files\MSI\DigiCell\DigiCell.exe [2005-05-25 11:26:38 1344512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{743C451F-7380-43DD-9B06-019BEE395F75}"= C:\WINDOWS\system32\jkkijih.dll [2008-01-04 16:50 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijih]
jkkijih.dll 2008-01-04 16:50 39936 C:\WINDOWS\system32\jkkijih.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2005-05-20 16:27]
R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2005-06-04 14:01]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S2 0300731204222797mcinstcleanup;McAfee Application Installer Cleanup (0300731204222797);C:\DOCUME~1\Jason\LOCALS~1\Temp\030073~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 15:12]
S3 jswmidin;jswmidin;C:\DOCUME~1\Jason\LOCALS~1\Temp\jswmidin.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{413b49ce-be4c-11dc-8af5-00d041a0c18f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db8dac0a-411c-11db-8a4c-0013d3ac25bb}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 03:25:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 06:10:46 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-06 00:48:55 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 16:14:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\jkkijih.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-02-28 16:18:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 21:18:13
.
2008-02-13 08:03:25 --- E O F ---
bkwas
2008-02-29, 14:08
ran S&D again...Smithfraud didn't come up, but Virtumonde still does...