Thread: Need help ASAP with smitfraud and rootkit removal
View Single Post
Old 01-24-2008, 07:15 AM   #2 (permalink)
pfcgeek
New Member
 
Join Date: Jan 2008
Posts: 12
Default my combofix log
I installed and ran combofix like I've seen mentioned in some similar situations.




ComboFix 08-01-23.2 - AuVergne Maynard 2008-01-23 21:57:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.457 [GMT -8:00]
Running from: D:\ComboFix(3).exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-23 22:07 . 2008-01-23 22:07 <DIR> d-------- C:\Temp\tn3
2008-01-23 18:02 . 2008-01-23 18:02 451 --a------ C:\fixME.reg
2008-01-23 17:45 . 2008-01-23 17:45 100 --a------ C:\WINDOWS\system32\ikhcore.cfg
2008-01-23 17:06 . 2008-01-23 17:06 <DIR> d-------- C:\Program Files\winvi
2008-01-23 17:06 . 2008-01-23 17:06 6,229,291 --a------ C:\WINDOWS\system32\SBSP.dat
2008-01-23 14:22 . 2008-01-23 14:23 <DIR> d-------- C:\Program Files\SpywareRemover
2008-01-23 13:54 . 2008-01-23 21:43 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-23 13:22 . 2008-01-23 22:04 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-23 12:27 . 2008-01-23 12:27 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-22 22:41 . 2008-01-22 22:41 <DIR> d-------- C:\Program Files\Free Internet TV
2008-01-22 14:55 . 2008-01-23 17:58 <DIR> d-------- C:\Program Files\PopupDummy!
2008-01-22 13:38 . 2008-01-23 17:06 642 --a------ C:\WINDOWS\system32\SBFC.dat
2008-01-22 13:33 . 2008-01-22 13:33 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2008-01-22 13:31 . 2008-01-22 13:31 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-01-22 03:27 . 2008-01-22 05:48 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-01-22 01:38 . 2008-01-22 01:38 <DIR> d-------- C:\Program Files\PrevxCSI
2008-01-21 23:21 . 2008-01-22 05:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-21 23:21 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-21 23:21 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-21 23:21 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-21 23:21 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-21 11:57 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-21 01:23 . 2008-01-22 20:09 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 01:13 . 2008-01-21 01:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-20 00:20 . 2008-01-23 13:07 721 --a------ C:\WINDOWS\wininit.ini
2008-01-19 22:21 . 2008-01-19 22:21 <DIR> d-------- C:\Program Files\CleanMyPC Popup Blocker
2008-01-19 21:49 . 2008-01-19 21:51 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-01-19 21:04 . 2008-01-19 21:04 86,144 --a------ C:\WINDOWS\system32\drivers\tcpip66.sys
2008-01-18 09:02 . 2008-01-22 20:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-18 09:02 . 2008-01-18 09:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-01 22:54 . 2008-01-01 22:57 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-01-01 22:50 . 2008-01-01 22:50 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-28 10:18 . 2007-12-28 10:18 8,429 --a------ C:\FIVEHEARTBEATS_1.MDS
2007-12-28 09:46 . 2007-12-28 10:18 8,193,845,248 --a------ C:\FIVEHEARTBEATS_1.ISO
2007-12-25 18:13 . 2007-12-25 18:13 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2007-12-25 18:12 . 2007-12-25 18:12 <DIR> d-------- C:\Program Files\iolo
2007-12-25 18:12 . 2008-01-11 10:31 437,096 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-12-25 18:12 . 2007-11-20 22:34 35,840 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-12-25 18:12 . 2007-12-14 17:13 23,040 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-12-25 17:08 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-12-25 17:08 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-12-25 17:08 . 2003-03-31 04:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2007-12-25 17:08 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-12-25 17:08 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-12-25 17:08 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-12-25 17:08 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-12-25 17:06 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2007-12-25 17:05 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-12-25 17:04 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2007-12-25 17:03 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-12-25 17:02 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2007-12-25 17:01 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2007-12-25 17:00 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2007-12-25 16:59 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2007-12-25 16:58 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2007-12-25 16:57 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2007-12-25 16:56 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2007-12-25 16:55 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2007-12-25 16:54 . 2003-03-31 04:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls
2007-12-25 16:53 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2007-12-25 16:52 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-01-21 20:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 09:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 05:49 --------- d-----w C:\Program Files\Yahoo!
2008-01-20 05:49 --------- d-----w C:\Program Files\Common Files\Scanner
2008-01-19 22:02 --------- d-----w C:\Program Files\Siber Systems
2008-01-13 08:18 --------- d-----w C:\Program Files\QuickTime
2007-12-26 13:05 --------- d-----w C:\Program Files\WinISO
2007-12-26 13:05 --------- d-----w C:\Program Files\Hide IP Platinum
2007-12-26 13:05 --------- d-----w C:\Program Files\eMule
2007-12-26 13:05 --------- d-----w C:\Program Files\Apple Software Update
2007-12-26 13:05 --------- d-----w C:\Program Files\AIM
2007-12-22 03:27 --------- d-----w C:\Program Files\Microsoft Broadband Networking
2007-12-21 20:34 --------- d-----w C:\Program Files\CCleaner
2007-12-19 08:24 --------- d-----w C:\Program Files\XviD
2007-03-05 08:10 21,731,328 ----a-w C:\Program Files\Chore Genie 2.0.msi
2007-03-05 08:09 4,187 ----a-w C:\Program Files\0x0409.ini
2006-03-12 03:57 582,216 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2006-03-12 00:15 9,237,456 ----a-w C:\Program Files\MsnSearchToolbarSetup_en-us.exe
2006-03-12 00:03 5,175,696 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
2005-12-06 02:28 916,806 ----a-w C:\Program Files\Dec2005_MDX1_x86.cab
2005-12-06 02:28 86,925 ----a-w C:\Program Files\Oct2005_xinput_x64.cab
2005-12-06 02:28 46,247 ----a-w C:\Program Files\Oct2005_xinput_x86.cab
2005-12-06 02:28 41,888 ----a-w C:\Program Files\dxdllreg_x86.cab
2005-12-06 02:28 3,673,932 ----a-w C:\Program Files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 02:28 1,358,864 ----a-w C:\Program Files\Dec2005_d3dx9_28_x64.cab
2005-12-06 02:27 1,080,344 ----a-w C:\Program Files\Dec2005_d3dx9_28_x86.cab
2005-12-06 02:00 976,020 ----a-w C:\Program Files\BDAXP.cab
2005-12-06 02:00 81,092 ----a-w C:\Program Files\dxupdate.cab
2005-12-06 02:00 74,448 ----a-w C:\Program Files\DSETUP.dll
2005-12-06 02:00 703,080 ----a-w C:\Program Files\BDA.cab
2005-12-06 02:00 484,560 ----a-w C:\Program Files\DXSETUP.exe
2005-12-06 02:00 2,247,888 ----a-w C:\Program Files\dsetup32.dll
2005-12-06 02:00 15,493,481 ----a-w C:\Program Files\DirectX.cab
2005-12-06 02:00 13,265,040 ----a-w C:\Program Files\dxnt.cab
2005-12-06 02:00 1,351,430 ----a-w C:\Program Files\Aug2005_d3dx9_27_x64.cab
2005-12-06 02:00 1,348,242 ----a-w C:\Program Files\Apr2005_d3dx9_25_x64.cab
2005-12-06 02:00 1,336,890 ----a-w C:\Program Files\Jun2005_d3dx9_26_x64.cab
2005-12-06 02:00 1,248,387 ----a-w C:\Program Files\Feb2005_d3dx9_24_x64.cab
2005-12-06 02:00 1,156,363 ----a-w C:\Program Files\BDANT.cab
2005-12-06 02:00 1,079,850 ----a-w C:\Program Files\Apr2005_d3dx9_25_x86.cab
2005-12-06 02:00 1,078,532 ----a-w C:\Program Files\Aug2005_d3dx9_27_x86.cab
2005-12-06 02:00 1,065,813 ----a-w C:\Program Files\Jun2005_d3dx9_26_x86.cab
2005-12-06 02:00 1,014,113 ----a-w C:\Program Files\Feb2005_d3dx9_24_x86.cab
2004-06-21 06:12 1,433,902 ----a-w C:\Program Files\UltraVNC-100-RC18-Setup.exe
2003-03-31 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-05-17 11:28 549,376 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2B0F6B3-77FF-4BD6-8B44-50242E7592FE}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-23 15:58 68856]
"SpywareRemover"="C:\Program Files\SpywareRemover\SpywareRemover.exe" [2008-01-23 13:17 15766768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-19 21:03 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 22:44 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-19 21:03 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2005-04-25 13:45 36040]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Broadband Networking.lnk - C:\WINDOWS\Installer\{2C84BB95-1DB9-4AC4-8750-F979BBCDD859}\_18be6784.exe [2006-03-11 15:06:20 25214]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jibtzrwq]
d3dimb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^HPAiODevice(hp officejet 7100 series) - 1.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\HPAiODevice(hp officejet 7100 series) - 1.lnk
backup=C:\WINDOWS\pss\HPAiODevice(hp officejet 7100 series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^AuVergne Maynard^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AuVergne Maynard^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\AuVergne Maynard\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 18:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 07:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
--a------ 2005-08-30 17:05 344064 C:\WINDOWS\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiTrayTools]
--a------ 2005-08-17 13:06 457216 C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 18:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2007-11-05 23:31 791792 C:\Program Files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eamonn]
C:\Program Files\Eamonn\bin\Eamonn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen Pro]
--a------ 2007-05-29 00:27 516096 C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 19:01 50792 C:\Program Files\Common Files\AOL\1142121342\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2007-12-10 14:53 1103752 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-14 09:00 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-01-23 14:44 101136 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--a------ 2006-06-23 10:33 438359 C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 08:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiRes]
--------- 2005-06-07 14:16 54272 C:\Program Files\MultiRes\MultiRes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayPal Virtual Debit Card]
C:\PROGRA~1\PayPal\PAYPAL~1\OToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
--a------ 2006-11-16 11:42 183367 C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopupDummy!]
--a------ 2007-04-01 12:23 2555904 C:\Program Files\PopupDummy!\PopupDummy! 3.293.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxCSI]
--a------ 2008-01-22 01:18 92160 C:\Program Files\PrevxCSI\prevxcsi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
--a------ 2007-12-21 15:30 698864 C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2001-07-03 09:11 57344 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-10-13 17:20 20058152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
--a------ 2008-01-11 10:30 832360 C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-06-21 14:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-23 15:58 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2008-01-22 03:29 1046688 C:\Program Files\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
C:\Program Files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
C:\Program Files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
--a------ 2006-02-01 17:33 1880064 C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-21 09:38 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 13:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TivoBeacon2"=2 (0x2)
"gusvc"=3 (0x3)

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-01-22 13:33]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v2.6.71\ATI Tray Tools\atitray.sys [2005-07-31 06:08]
R1 tcpip66;tcpip66;C:\WINDOWS\system32\drivers\tcpip6 6.sys [2008-01-19 21:04]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 procguard;procguard;C:\WINDOWS\system32\drivers\pr ocguard.sys [2006-08-09 14:57]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapif s.sys []
S2 DCSPGSRV;DiamondCS ProcessGuard Service v3.410;"C:\Program Files\ProcessGuard\dcsuserprot.exe" []
S2 kfxkvgza;Microsoft System Management BIOS Controller;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kfxkvgza

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b3796576-c92c-11dc-a7cd-00508d548f38}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 07:54:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-23 18:31:40 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-01-22 23:29:00 C:\WINDOWS\Tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1142119369.job"
- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe:-I
"2008-01-24 06:08:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-24 06:10:08 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job"
- C:\Program Files\SpywareRemover\SpywareRemover.ex
- C:\Program Files\SpywareRemover
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 22:08:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
pfcgeek is offline   Reply With Quote