Results 1 to 3 of 3

Thread: Smithfraud

  1. 2008-02-28, 22:36 #1
    bkwas
    bkwas is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default Smithfraud

    I'm trying to rid my son's pc of annoying pop-ups...can't get rid of the Smithfraud-C.CoreService...we have McAfee virus scan and have run S&D...I tried HJT and Combofix based on a thread from this forum...I can't fit both so I'll send the combofix in another post:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:16:02 PM, on 2/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\iTunes\iTunesHelper .exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\McAfee.com\Agent\mcagent .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\Program Files\MSI\DigiCell\DigiCell.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN\MSNCoreFiles\msn.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [64772ead] rundll32.exe "C:\WINDOWS\system32\txfdpnlk.dll",b
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [BM67441d31] Rundll32.exe "C:\WINDOWS\system32\nwogibpp.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203020766906
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v10_en.cab
    O22 - SharedTaskScheduler: AutoDisc Ware - {89aef01d-d237-49c7-84dc-4e1904c1fd31} - (no file)
    O23 - Service: McAfee Application Installer Cleanup (0300731204222797) (0300731204222797mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Jason\LOCALS~1\Temp\030073~1.EXE
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\MSN Gaming Zone\rteqepr.html

    --
    End of file - 6924 bytes
  2. 2008-02-28, 22:38 #2
    bkwas
    bkwas is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default Combofix log

    here's the combofix log...I will run S&D again to see what it comes up with...

    ComboFix 08-02-25.3 - Jason 2008-02-28 15:19:30.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.122 [GMT -5:00]
    Running from: C:\Documents and Settings\Jason\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\MSN Gaming Zone\rteqepr.html
    C:\Program Files\Temporary
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\temp\tn3
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\ahdngplm.ini
    C:\WINDOWS\system32\aitqcnbr.dll
    C:\WINDOWS\system32\allvbkjw.dll
    C:\WINDOWS\system32\amqdfofw.ini
    C:\WINDOWS\system32\app.exe
    C:\WINDOWS\system32\bdigwlwc.ini
    C:\WINDOWS\system32\cmxpmnrh.ini
    C:\WINDOWS\system32\crixaisa.ini
    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\cwlwgidb.dll
    C:\WINDOWS\system32\ddayx.dll
    C:\WINDOWS\system32\dlkdsujk.ini
    C:\WINDOWS\system32\drivers\core.cache(2).dsk
    C:\WINDOWS\system32\drivers\core.cache(3).dsk
    C:\WINDOWS\system32\drivers\core.cache(4).dsk
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\dvgiegtn.ini
    C:\WINDOWS\system32\eebxrmbi.ini
    C:\WINDOWS\system32\eyuwcbsf.ini
    C:\WINDOWS\system32\fsbcwuye.dll
    C:\WINDOWS\system32\gccspvxc.dll
    C:\WINDOWS\system32\gcfxfdhd.dll
    C:\WINDOWS\system32\geebx.dll
    C:\WINDOWS\system32\gqiuxopw.dll
    C:\WINDOWS\system32\grtlmmwv.dll
    C:\WINDOWS\system32\gzmrt.dll
    C:\WINDOWS\system32\hbvoobgl.dll
    C:\WINDOWS\system32\ierbvqwx.dll
    C:\WINDOWS\system32\igotskkt.dll
    C:\WINDOWS\system32\irtytjuv.dll
    C:\WINDOWS\system32\jebjdupf.dll
    C:\WINDOWS\system32\jtelbgao.dll
    C:\WINDOWS\system32\jtqkhgvl.ini
    C:\WINDOWS\system32\klnpdfxt.ini
    C:\WINDOWS\system32\ktsdloyb.ini
    C:\WINDOWS\system32\legajtjb.ini
    C:\WINDOWS\system32\lflmvwrh.dll
    C:\WINDOWS\system32\ljssirpo.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mghimrlu.dll
    C:\WINDOWS\system32\mhnpwalx.ini
    C:\WINDOWS\system32\mmxqjjem.ini
    C:\WINDOWS\system32\mxjntpyr.ini
    C:\WINDOWS\system32\myixnusw.ini
    C:\WINDOWS\system32\ntvtxtdo.ini
    C:\WINDOWS\system32\nwogibpp.dll
    C:\WINDOWS\system32\ohghlfmr.ini
    C:\WINDOWS\system32\oprissjl.ini
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\pktutyme.dll
    C:\WINDOWS\system32\qybfnhte.ini
    C:\WINDOWS\system32\ribubusn.ini
    C:\WINDOWS\system32\riwryfua.ini
    C:\WINDOWS\system32\rjjxemsg.dll
    C:\WINDOWS\system32\rrxdetgn.ini
    C:\WINDOWS\system32\rtytrrjc.ini
    C:\WINDOWS\system32\ryptnjxm.dll
    C:\WINDOWS\system32\tdjuwgqm.dll
    C:\WINDOWS\system32\tiaxmjwc.ini
    C:\WINDOWS\system32\tmwtykrt.dll
    C:\WINDOWS\system32\txfdpnlk.dll
    C:\WINDOWS\system32\txldjrrg.dll
    C:\WINDOWS\system32\udnyliyt.ini
    C:\WINDOWS\system32\UpMedia
    C:\WINDOWS\system32\utmplrxp.dll
    C:\WINDOWS\system32\uvnnoxcb.ini
    C:\WINDOWS\system32\vujtytri.ini
    C:\WINDOWS\system32\vwmmltrg.ini
    C:\WINDOWS\system32\winlogo.exe
    C:\WINDOWS\system32\wl.exe
    C:\WINDOWS\system32\wremekaf.dll
    C:\WINDOWS\system32\wsunxiym.dll
    C:\WINDOWS\system32\xinlxgoa.dll
    C:\WINDOWS\system32\xlawpnhm.dll
    C:\WINDOWS\system32\xodyhgxd.ini
    C:\WINDOWS\system32\xyadd.ini
    C:\WINDOWS\system32\xyadd.ini2
    C:\WINDOWS\system32\ydmstmmo.ini
    C:\WINDOWS\system32\z1
    C:\WINDOWS\system32\z9

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_CORE
    -------\LEGACY_NETWORK_MONITOR
    -------\core


    ((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
    .

    2008-02-28 15:15 . 2008-02-28 15:15 <DIR> d-------- C:\Program Files\Trend Micro
    2008-02-27 21:07 . 2008-02-28 05:38 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\U3
    2008-02-27 18:35 . 2008-02-27 20:57 <DIR> d-------- C:\Program Files\Abcc Free DIVX AVI MP4 WMV iPod Converter
    2008-02-27 18:35 . 2007-08-18 02:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
    2008-02-27 18:35 . 2008-02-27 18:35 34 --ah----- C:\WINDOWS\system32\DVDRippper_sysquict.dat
    2008-02-27 18:34 . 2008-02-27 18:35 <DIR> d-------- C:\Program Files\XP Codec Pack
    2008-02-27 17:42 . 2008-02-27 17:42 <DIR> d-------- C:\Program Files\ImTOO
    2008-02-26 16:06 . 2008-02-28 13:18 99,512 --a------ C:\WINDOWS\BM67441d31.xml
    2008-02-26 16:06 . 2008-02-28 13:42 22 --a------ C:\WINDOWS\pskt.ini
    2008-02-21 06:16 . 2008-02-21 06:16 <DIR> d-------- C:\Program Files\IronClad Games
    2008-02-20 21:12 . 2008-02-20 21:12 <DIR> d--h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
    2008-02-20 21:04 . 2008-02-20 21:04 <DIR> d-------- C:\Program Files\Stardock Games
    2008-02-20 15:33 . 2008-02-20 15:33 <DIR> d-------- C:\Program Files\Stardock
    2008-02-17 17:30 . 2008-02-17 17:30 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Moyea
    2008-02-17 17:29 . 2008-02-17 17:29 <DIR> d-------- C:\Program Files\Moyea
    2008-02-10 09:53 . 2008-02-24 10:51 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Azureus
    2008-02-10 09:53 . 2008-02-10 09:53 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus
    2008-02-09 19:49 . 2008-02-09 19:49 <DIR> d-------- C:\Program Files\Azureus
    2008-01-28 19:47 . 2008-02-22 05:35 <DIR> d-------- C:\Program Files\winvi

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-28 20:24 --------- d-----w C:\Program Files\iTunes
    2008-02-28 20:16 --------- d-----w C:\Documents and Settings\Jason\Application Data\MSN6
    2008-02-28 18:42 --------- d-----w C:\Documents and Settings\Jason\Application Data\OpenOffice.org2
    2008-02-28 18:21 --------- d-----w C:\Program Files\McAfee
    2008-02-28 18:21 --------- d-----w C:\Program Files\Common Files\McAfee
    2008-02-28 18:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
    2008-02-27 23:38 --------- d-----w C:\Documents and Settings\Jason\Application Data\Apple Computer
    2008-02-23 14:53 --------- d-----w C:\Program Files\Microsoft Games
    2008-02-23 14:52 --------- d-----w C:\Program Files\Electronic Arts
    2008-02-16 08:17 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-13 00:02 --------- d-----w C:\Program Files\THQ
    2008-02-11 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-11 15:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-02-11 00:29 --------- d-----w C:\Program Files\NoteBurner
    2008-02-11 00:24 --------- d-----w C:\Program Files\01-mp3search
    2008-01-22 23:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-22 23:26 --------- d-----w C:\Program Files\Napster
    2008-01-22 23:26 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
    2008-01-22 20:24 --------- d-----w C:\Program Files\Tunebite
    2008-01-22 19:19 --------- d-----w C:\Documents and Settings\Jason\Application Data\tunebite
    2008-01-22 14:04 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
    2008-01-17 01:25 --------- d-----w C:\Program Files\Common Files\Download Manager
    2008-01-10 22:18 --------- d-----w C:\Program Files\Google
    2008-01-09 08:01 --------- d-----w C:\Program Files\QuickTime
    2008-01-07 03:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Age of Empires 3
    2008-01-06 04:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak
    2008-01-06 04:04 --------- d-----w C:\Program Files\Design Science
    2008-01-06 04:02 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-01-06 04:02 --------- d-----w C:\Program Files\NCH Software
    2008-01-06 00:48 --------- d-----w C:\Program Files\McAfee.com
    2008-01-06 00:37 25,214 ----a-w C:\Program Files\B.ico
    2008-01-06 00:37 25,214 ----a-w C:\Program Files\A.ico
    2008-01-06 00:37 --------- d-----w C:\Program Files\Common Files\Motive
    2008-01-06 00:36 --------- d-----w C:\Program Files\verizon
    2008-01-06 00:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Verizon
    2008-01-06 00:23 --------- d-----w C:\Documents and Settings\Jason\Application Data\MSNInstaller
    2008-01-06 00:06 --------- d-----w C:\Program Files\Common Files\SupportSoft
    2008-01-05 21:43 --------- d-----w C:\Documents and Settings\Jason\Application Data\Verizon
    2008-01-05 02:53 --------- d-----w C:\Program Files\BrowsingAdvisor
    2008-01-02 21:04 --------- d-----w C:\Documents and Settings\Jason\Application Data\Sony
    2008-01-02 21:04 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
    2008-01-02 21:02 --------- d-----w C:\Program Files\Sony
    2007-12-29 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
    2007-12-29 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
    2007-12-29 01:51 --------- d-----w C:\Documents and Settings\Jason\Application Data\NCH Swift Sound
    2007-12-01 01:25 22,328 ----a-w C:\Documents and Settings\Jason\Application Data\PnkBstrK.sys
    2007-10-22 08:49 867,848 ----a-w C:\Program Files\NOV2007_d3dx10_36_x64.cab
    2007-10-22 08:49 807,132 ----a-w C:\Program Files\NOV2007_d3dx10_36_x86.cab
    2007-10-22 08:49 49,392 ----a-w C:\Program Files\NOV2007_X3DAudio_x64.cab
    2007-10-22 08:49 44,850 ----a-w C:\Program Files\dxdllreg_x86.cab
    2007-10-22 08:49 21,744 ----a-w C:\Program Files\NOV2007_X3DAudio_x86.cab
    2007-10-22 08:49 200,010 ----a-w C:\Program Files\NOV2007_XACT_x64.cab
    2007-10-22 08:49 151,512 ----a-w C:\Program Files\NOV2007_XACT_x86.cab
    2007-10-22 08:49 1,805,306 ----a-w C:\Program Files\NOV2007_d3dx9_36_x64.cab
    2007-10-22 08:49 1,712,608 ----a-w C:\Program Files\NOV2007_d3dx9_36_x86.cab
    2001-02-09 00:11 28,672 ----a-w C:\Program Files\burutter.dll
    .
    Code:
    <pre>
----a-w            39,792 2008-02-17 13:31:54  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            68,856 2008-01-06 03:50:20  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           267,048 2008-02-28 18:42:02  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2008-01-07 20:26:07  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w           582,992 2008-02-28 18:42:04  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w         1,694,208 2008-01-12 17:16:00  C:\Program Files\Messenger\msmsgs .exe
----a-w         4,345,856 2008-01-22 12:03:14  C:\Program Files\NoteBurner\VTBurnerGUI .exe
----a-w           589,824 2008-01-07 20:26:06  C:\Program Files\NVIDIA Corporation\nTune\nTune .exe
----a-w           286,720 2008-01-11 09:36:02  C:\Program Files\QuickTime\QTTask          .exe
----a-w           286,720 2008-01-11 09:36:02  C:\Program Files\QuickTime\QTTask         .exe
----a-w           286,720 2008-01-11 09:36:02  C:\Program Files\QuickTime\QTTask        .exe
----a-w           286,720 2008-01-11 09:36:02  C:\Program Files\QuickTime\QTTask       .exe
----a-w           286,720 2008-01-11 09:36:02  C:\Program Files\QuickTime\QTTask      .exe
----a-w           286,720 2008-01-11 09:36:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-07 20:26:09  C:\Program Files\QuickTime\qttask    .exe
----a-w           286,720 2008-01-11 09:36:03  C:\Program Files\QuickTime\qttask  .exe
----a-w           286,720 2008-01-11 09:36:03  C:\Program Files\QuickTime\qttask .exe
----a-w         2,483,496 2008-01-07 20:26:20  C:\Program Files\Registry Mechanic\RegMech .exe
----a-w         1,460,560 2008-01-21 18:44:24  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w         2,846,720 2008-01-22 12:03:15  C:\Program Files\Tunebite\tunebite .exe
----a-w           936,960 2008-01-06 00:28:28  C:\Program Files\verizon\McciTrayApp .exe
----a-w           936,960 2008-01-06 00:32:03  C:\Program Files\verizon\MCCITR~1 .EXE
----a-w            50,744 2008-01-07 20:26:09  C:\Program Files\Verizon Online\Help Support\VERIZO~1 .EXE
----a-w           198,188 2008-02-09 19:10:25  C:\Program Files\winvi\wupda .exe
----a-w            64,512 2008-01-22 12:02:55  C:\WINDOWS\ehome\ehtray .exe
----a-w            15,360 2008-02-28 18:42:05  C:\WINDOWS\system32\ctfmon .exe
</pre>

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{743C451F-7380-43DD-9B06-019BEE395F75}]
    2008-01-04 16:50 39936 --a------ C:\WINDOWS\system32\jkkijih.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-08 07:01 15360]
    "Steam"="C:\Program Files\Steam\Steam.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"="nwiz.exe" [2005-12-10 06:06 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" [ ]
    "SoundMan"="SOUNDMAN.EXE" [2006-03-03 13:31 577536 C:\WINDOWS\soundman.exe]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 06:06 7311360]
    "RegistryMechanic"="" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-02-28 13:45 582992]

    C:\Documents and Settings\Jason\Start Menu\Programs\Startup\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 17:01:20 61440]

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2006-03-03 00:30:34 914944]
    DigiCell.lnk - C:\Program Files\MSI\DigiCell\DigiCell.exe [2005-05-25 11:26:38 1344512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{743C451F-7380-43DD-9B06-019BEE395F75}"= C:\WINDOWS\system32\jkkijih.dll [2008-01-04 16:50 39936]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkijih]
    jkkijih.dll 2008-01-04 16:50 39936 C:\WINDOWS\system32\jkkijih.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
    "C:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"=
    "C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
    R3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2005-05-20 16:27]
    R3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2005-06-04 14:01]
    S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
    S2 0300731204222797mcinstcleanup;McAfee Application Installer Cleanup (0300731204222797);C:\DOCUME~1\Jason\LOCALS~1\Temp\030073~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []
    S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-09-27 15:12]
    S3 jswmidin;jswmidin;C:\DOCUME~1\Jason\LOCALS~1\Temp\jswmidin.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{413b49ce-be4c-11dc-8af5-00d041a0c18f}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db8dac0a-411c-11db-8a4c-0013d3ac25bb}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-27 03:25:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-15 06:10:46 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
    "2008-01-06 00:48:55 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\PROGRA~1\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-28 16:14:57
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\jkkijih.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-28 16:18:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-28 21:18:13
    .
    2008-02-13 08:03:25 --- E O F ---
  3. 2008-02-29, 14:08 #3
    bkwas
    bkwas is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default

    ran S&D again...Smithfraud didn't come up, but Virtumonde still does...
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules