Thread: HijackThis Thread
View Single Post
Old 10-20-2007, 08:51 PM   #3 (permalink)
reggieblack
Registered User
 
Join Date: Oct 2007
Posts: 10
OS: XP


Re: HijackThis Thread
Thank you so much for the help. Here are the log information you requested:

Combofix Log:

"User" - 2007-10-20 18:56:00 - ComboFix 07-07-17.8 - Service Pack 2 FAT32
Command switches used :: /killall


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\User\APPLIC~1.\scurit~1
C:\DOCUME~1\User\APPLIC~1.\sstem~1
C:\DOCUME~1\User\MYDOCU~1.\icroso~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\sks~1\n?lookup.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sstem~1
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\Program Files\ystem3~1
C:\Program Files\ystem3~1\fast.exe
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\m?config.exe
C:\WINDOWS\ppatch~1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wnsapiisv32.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\VXNlcg\asappsrv.dll
C:\WINDOWS\VXNlcg\command.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))


2007-10-20 19:04 <DIR> d--hs---- C:\FOUND.014
2007-10-20 18:53 60,928 --a------ C:\WINDOWS\SYSTEM32\bvdnsbm.dll
2007-10-20 18:53 <DIR> d-------- C:\Program Files\ISM2
2007-10-17 11:43 35,840 -ra------ C:\WINDOWS\tsitra72.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 02:03:14 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-22 20:54:58 1,099,570 ----a-w C:\WINDOWS\system32\dn224c1e06.dat
2007-07-22 20:12:26 97,312 ----a-w C:\bmgenkji3.exe
2007-07-22 20:12:22 100,920 ----a-w C:\bmgenkji2.exe
2007-07-22 20:11:42 99,848 ----a-w C:\bmgenkji1.exe
2007-07-22 20:10:38 544,768 ----a-w C:\WINDOWS\ytfse.exe
2001-07-15 04:16:22 266 --sh--w C:\Program Files\desktop.ini
2001-07-15 04:16:22 11,079 ---h--w C:\Program Files\folder.htt
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
C:\WINDOWS\system32\d3acdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
2007-10-15 13:42 192512 --a------ C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
2007-07-11 13:02 192512 --a------ C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3056695-CE91-404e-BD3B-62A4A3E6ADFD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFED3F50-D194-FE61-BB28-FF8A32F52EB9}]
2007-10-18 07:22 60928 --a------ C:\WINDOWS\system32\bvdnsbm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D11FCCFD-479A-417a-9633-CBDD600E2C6C}]
2007-07-12 03:19 18944 --a------ C:\WINDOWS\system32\geyrr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [2001-08-23 12:00 C:\WINDOWS\SYSTEM32\systray.exe]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 11:10]
"AtiPTA"="atiptaxx.exe" [2001-09-15 01:15 C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [2002-12-03 17:24]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 01:59]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 09:41]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2003-02-22 15:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-08 18:58]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-20 23:07]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 05:05]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 06:36]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-10-31 11:05]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-10-31 11:18]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-12 20:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2003-02-22 15:42]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 06:04]
"Irdr"="C:\PROGRA~1\YSTEM3~1\fast.exe" []
"Fvfmsyvt"="C:\Documents and Settings\User\My Documents\?icrosoft\w?auclt.exe" []
"Duogpd"="C:\Program Files\Common Files\??sks\n?lookup.exe" []
"omuu"="C:\PROGRA~1\COMMON~1\omuu\omuum.exe" [2006-07-19 14:56]
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [2007-10-15 05:38]
"Bxvhv"="C:\WINDOWS\?dobe\m?config.exe" []
"ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" [2007-10-16 08:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\Osa9.exe [1999-02-17 20:05:56]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-02-22 15:42:19]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{53B5F2B1-94DD-43E5-8187-EB4E31F00701}"="C:\WINDOWS\system32\d3acdb.dll" []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adaptec DirectCD"=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
"CreateCD"=C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
"WinampAgent"="C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
"KAZAA"=C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"TEST"=D:\AUTO.EXE
"CountrySelection"=pctptt.exe
"PTSNOOP"=ptsnoop.exe

*Newly Created Service* - PGFILTER

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}
RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

Contents of the 'Scheduled Tasks' folder
2007-09-02 06:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 19:05:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\User\ntuser.dat
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-10-20 19:08:22 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-20 19:08
C:\ComboFix2.txt ... 2007-07-22 14:00

--- E O F ---



SDFix Log:


SDFix: Version 1.110

Run by User on Sat 10/20/2007 at 07:17 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
msupdate

ImagePath:
c:\windows\system32\msvcrtd.exe

msupdate - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\retadpu72.exe.tmp - Deleted
C:\A.tmp - Deleted
C:\WINDOWS\b104.exe - Deleted
C:\WINDOWS\b103.exe - Deleted
C:\WINDOWS\b128.exe - Deleted
C:\WINDOWS\system32\geyrr.dll - Deleted
C:\WINDOWS\system32\help.txt - Deleted
C:\WINDOWS\system32\msvcrtd.exe - Deleted
C:\WINDOWS\system32\ps.dat - Deleted
C:\WINDOWS\system32\q24m.dll - Deleted
C:\WINDOWS\system32\w1m.dll - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 22 Jul 2007 593,920 ..SH. --- "C:\WINDOWS\WEB\tfppm3.dll"
Sun 4 Jun 2006 4,348 ..SH. --- "C:\WINDOWS\All Users\DRM\DRMv1.bak"
Tue 17 Sep 2002 28,160 ...H. --- "C:\Documents and Settings\User\My Documents\~WRL0850.tmp"
Mon 2 Oct 2006 50,280 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Wed 18 Sep 2002 28,160 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0003.tmp"

Finished!



Deckard Log:


Deckard's System Scanner v20071014.68
Run by User on 2007-10-20 19:34:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2007-10-21 02:34:11 UTC - RP1378 - Deckard's System Scanner Restore Point
54: 2007-09-04 14:26:14 UTC - RP1377 - System Checkpoint
53: 2007-09-03 14:08:55 UTC - RP1376 - System Checkpoint
52: 2007-09-02 13:53:22 UTC - RP1375 - System Checkpoint
51: 2007-09-01 12:29:52 UTC - RP1374 - System Checkpoint


-- First Restore Point --
1: 2007-06-07 21:08:50 UTC - RP1324 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.74 GiB (less than 15%) free.


-- HijackThis (run as User.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:18 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\winntify.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\omuu\omuum.exe
C:\Program Files\ISM\ISMModule7.exe
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\omuu\omuua.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://sharempeg.com/find/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-explorer.net/search_page.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.runsearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.runsearch.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.runsearch.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\o075tmrp.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {BFED3F50-D194-FE61-BB28-FF8A32F52EB9} - C:\WINDOWS\system32\bvdnsbm.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Irdr] "C:\PROGRA~1\YSTEM3~1\fast.exe" -vt yazb
O4 - HKCU\..\Run: [Fvfmsyvt] "C:\Documents and Settings\User\My Documents\?icrosoft\w?auclt.exe"
O4 - HKCU\..\Run: [Duogpd] "C:\Program Files\Common Files\??sks\n?lookup.exe"
O4 - HKCU\..\Run: [omuu] C:\PROGRA~1\COMMON~1\omuu\omuum.exe
O4 - HKCU\..\Run: [ISMModule7] "C:\Program Files\ISM\ISMModule7.exe"
O4 - HKCU\..\Run: [Bxvhv] C:\WINDOWS\?dobe\m?config.exe
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/w...oft/wtinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E0FFA7D-7D9B-4C2B-8C43-110E4E644DEC}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFE1CED-9749-4838-91AD-47CCA52C5D74}: NameServer = 194.54.90.238
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E0FFA7D-7D9B-4C2B-8C43-110E4E644DEC}: NameServer = 194.54.90.238
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9055 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,-153
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\SYSTEM32\SHELL32.DLL,23
.ini - inifile - DefaultIcon - shell32.dll,-151
.js - JSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,17
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - shell32.dll,-152
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\System32\migicons.exe,16


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PxHelper - c:\windows\system32\drivers\pxhelper.sys <Not Verified; VERITAS Software, Inc.; PxHelp20>
R3 Eplpdx02 - c:\windows\system32\drivers\eplpdx02.sys <Not Verified; MK Systems CO., LTD.; MK Systems LPT I/O Driver for Windows2000>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S3 atimtag - c:\windows\system32\drivers\atimtag.sys (file missing)
S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 Winnotify (Windows Notification Service) - c:\windows\system32\winntify.exe -srv <Not Verified; Microsoft Corporation; Microsoft® DRM>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-01 23:00:02 502 --a------ C:\WINDOWS\Tasks\Tune-up Application Start.job


-- Files created between 2007-09-20 and 2007-10-20 -----------------------------

2007-10-20 19:16:22 0 d-------- C:\WINDOWS\ERUNT
2007-10-20 19:04:46 0 d--hs---- C:\FOUND.014
2007-10-20 18:53:35 0 d-------- C:\Program Files\ISM2
2007-10-20 18:53:16 60928 --a------ C:\WINDOWS\system32\bvdnsbm.dll
2007-10-17 11:43:44 35840 -ra------ C:\WINDOWS\tsitra72.exe


-- Find3M Report ---------------------------------------------------------------

2007-08-23 19:03:14 0 d-------- C:\Program Files\Common Files\?ppPatch
2007-07-22 13:54:58 1099570 --a------ C:\WINDOWS\system32\dn224c1e06.dat
2007-07-22 13:10:38 544768 --a------ C:\WINDOWS\ytfse.exe
2007-07-22 13:09:48 0 --a------ C:\WINDOWS\runnen


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ABA9A9C-8791-4d61-8D5B-BCC9448EA573}]
10/15/2007 01:42 PM 192512 --a------ C:\Program Files\ISM\BndDrive7.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
07/11/2007 01:02 PM 192512 --a------ C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFED3F50-D194-FE61-BB28-FF8A32F52EB9}]
10/18/2007 07:22 AM 60928 --a------ C:\WINDOWS\system32\bvdnsbm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [10/16/2001 11:10 AM]
"AtiPTA"="atiptaxx.exe" [09/15/2001 01:15 AM C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"WT GameChannel"="C:\Program Files\WildTangent\Apps\GameChannel.exe" [12/03/2002 05:24 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [09/18/2001 01:59 AM]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [09/19/2001 09:41 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [02/22/2003 03:42 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/08/2006 06:58 PM]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [07/20/2005 11:07 PM]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [08/01/2005 05:05 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [07/12/2005 06:36 AM]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [10/31/2005 11:05 AM]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [10/31/2005 11:18 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 03:45 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2006 08:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [02/22/2003 03:42 PM]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/14/2007 06:04 AM]
"Irdr"="C:\PROGRA~1\YSTEM3~1\fast.exe" []
"Fvfmsyvt"="C:\Documents and Settings\User\My Documents\?icrosoft\w?auclt.exe" []
"Duogpd"="C:\Program Files\Common Files\??sks\n?lookup.exe" []
"omuu"="C:\PROGRA~1\COMMON~1\omuu\omuum.exe" [07/19/2006 02:56 PM]
"ISMModule7"="C:\Program Files\ISM\ISMModule7.exe" [10/15/2007 05:38 AM]
"Bxvhv"="C:\WINDOWS\?dobe\m?config.exe" []
"ISMPack7"="C:\Program Files\ISM2\ISMPack7.exe" [10/16/2007 08:10 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\Osa9.exe [2/17/1999 8:05:56 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2/22/2003 3:42:19 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adaptec DirectCD"=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
"CreateCD"=C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
"WinampAgent"="C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
"KAZAA"=C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"TEST"=D:\AUTO.EXE
"CountrySelection"=pctptt.exe
"PTSNOOP"=ptsnoop.exe




-- End of Deckard's System Scanner: finished at 2007-10-20 19:36:37 ------------




Thanks again for your help. If there is anything else you need, let me know.

Reggie
Attached Files
File Type: txt extra.txt (11.7 KB, 1 views)
reggieblack is offline