combo fix 2 of 2
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F78FCB9-5E5E-47A3-8E69-5A5E97739DBD}]
C:\windows\system32\jkkjj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-01-24 02:45 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-01-24 02:45 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj .exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"Sonic RecordNow! Deluxe"="" []
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Router"="C:\Program Files\Router\Router.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [ ]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 01:56 50176]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"KYE_Showicon"="C:\Program Files\USB Storage RW\shwicon.exe" [ ]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [ ]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [ ]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [ ]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [ ]
"WHITNEY_S2P"="C:\Program Files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2004-02-23 15:43 3026944]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"@"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe [2004-11-29 19:55:44 569405]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-12-19 21:38:03 634880]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-19 16:46:46 67128]
Microsoft Office Outlook 2003.lnk - C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2007-05-01 09:17:58 794624]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\windows\system32\jkhfg
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
--a------ 2004-11-22 17:20 1126400 C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-02-23 15:43 753664 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-17 18:42 69632 c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-19 11:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
R0 PQV2i;PQV2i;C:\windows\system32\drivers\PQV2i.sys [2004-11-22 16:51]
R1 PQIMount;PQIMount;C:\windows\system32\drivers\PQIMount.sys [2004-11-22 17:08]
R2 lowpp;Lowrance MMC Parallel Port Driver;C:\windows\system32\Drivers\lowpp.sys [2000-11-14 09:30]
R3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder);C:\windows\system32\DRIVERS\hcwPVRP2.sys [2003-12-02 16:23]
S3 MSControlService;Microsoft cache control;C:\windows\system32\windows []
S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []
S3 StMp3Rec;Player Recovery Device Control Driver;C:\windows\system32\Drivers\StMp3Rec.sys [2006-05-16 14:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d57e89-9a7e-11db-bba9-000c6e4cb699}]
\Shell\AutoRun\command - N:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23d57e8a-9a7e-11db-bba9-000c6e4cb699}]
\Shell\AutoRun\command - O:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 23:15:00 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
"2008-01-26 05:04:07 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-04-04 14:38:46 C:\windows\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-01-28 15:12:14 C:\windows\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 09:10:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\ehome\ehSched.exe
C:\windows\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\windows\ALCXMNTR.EXE
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-01-28 9:16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 15:16:06
.
2008-01-24 22:40:08 --- E O F ---
