Tech Support Forum - View Single Post

reggieblack · 10-24-2007, 06:34 PM

Here are the files with wrap text off:

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:00 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\o075tmrp.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {BFED3F50-D194-FE61-BB28-FF8A32F52EB9} - C:\WINDOWS\system32\bvdnsbm.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Irdr] "C:\PROGRA~1\YSTEM3~1\fast.exe" -vt yazb
O4 - HKCU\..\Run: [Fvfmsyvt] "C:\Documents and Settings\User\My Documents\?icrosoft\w?auclt.exe"
O4 - HKCU\..\Run: [Duogpd] "C:\Program Files\Common Files\??sks\n?lookup.exe"
O4 - HKCU\..\Run: [Bxvhv] C:\WINDOWS\?dobe\m?config.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E0FFA7D-7D9B-4C2B-8C43-110E4E644DEC}: NameServer = 194.54.90.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFE1CED-9749-4838-91AD-47CCA52C5D74}: NameServer = 194.54.90.238
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E0FFA7D-7D9B-4C2B-8C43-110E4E644DEC}: NameServer = 194.54.90.238
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe (file missing)

--
End of file - 7815 bytes

Combo Fix:

"User" - 2007-10-21 13:54:25 - ComboFix 07-07-17.8 - Service Pack 2 FAT32
Command switches used :: C:\Documents and Settings\User\Desktop\SFScript.txt

((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))

2007-10-20 19:33 <DIR> d-------- C:\Deckard
2007-10-20 19:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-20 19:04 <DIR> d--hs---- C:\FOUND.014
2007-10-20 18:53 60,928 --a------ C:\WINDOWS\SYSTEM32\bvdnsbm.dll
2007-10-17 11:43 35,840 -ra------ C:\WINDOWS\tsitra72.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-24 02:03:14 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-22 20:54:58 1,099,570 ----a-w C:\WINDOWS\system32\dn224c1e06.dat
2007-07-22 20:12:26 97,312 ----a-w C:\bmgenkji3.exe
2007-07-22 20:12:22 100,920 ----a-w C:\bmgenkji2.exe
2007-07-22 20:11:42 99,848 ----a-w C:\bmgenkji1.exe
2007-07-22 20:10:38 544,768 ----a-w C:\WINDOWS\ytfse.exe
2001-07-15 04:16:22 266 --sh--w C:\Program Files\desktop.ini
2001-07-15 04:16:22 11,079 ---h--w C:\Program Files\folder.htt
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFED3F50-D194-FE61-BB28-FF8A32F52EB9}]
2007-10-18 07:22 60928 --a------ C:\WINDOWS\system32\bvdnsbm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 11:10]
"AtiPTA"="atiptaxx.exe" [2001-09-15 01:15 C:\WINDOWS\SYSTEM32\atiptaxx.exe]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 01:59]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 09:41]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2003-02-22 15:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-08 18:58]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-20 23:07]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 05:05]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 06:36]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-10-31 11:05]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-10-31 11:18]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-12 20:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2003-02-22 15:42]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 06:04]
"Irdr"="C:\PROGRA~1\YSTEM3~1\fast.exe" []
"Fvfmsyvt"="C:\Documents and Settings\User\My Documents\?icrosoft\w?auclt.exe" []
"Duogpd"="C:\Program Files\Common Files\??sks\n?lookup.exe" []
"omuu"="C:\PROGRA~1\COMMON~1\omuu\omuum.exe" [2006-07-19 14:56]
"Bxvhv"="C:\WINDOWS\?dobe\m?config.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\Osa9.exe [1999-02-17 20:05:56]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-02-22 15:42:19]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adaptec DirectCD"=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
"CreateCD"=C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
"WinampAgent"="C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
"KAZAA"=C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"TEST"=D:\AUTO.EXE
"CountrySelection"=pctptt.exe
"PTSNOOP"=ptsnoop.exe

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CA0A4247-44BE-11d1-A005-00805F8ABE06}
RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

Contents of the 'Scheduled Tasks' folder
2007-09-02 06:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 13:55:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\USER\ntuser.dat
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-10-21 13:56:44
C:\ComboFix-quarantined-files.txt ... 2007-10-21 13:56
C:\ComboFix3.txt ... 2007-07-22 14:00
C:\ComboFix2.txt ... 2007-10-20 19:08

--- E O F ---

Thanks again,

Reggie

10-24-2007, 06:34 PM	#7 (permalink)
reggieblack Registered User Join Date: Oct 2007 Posts: 10 OS: XP	Re: HijackThis Thread Here are the files with wrap text off: Hijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:05:00 PM, on 10/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\atiptaxx.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 2300 Series\lxcgmon.exe C:\Program Files\Lexmark 2300 Series\ezprint.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\Logitech\iTouch\kbdtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\lxcgcoms.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\o075tmrp.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: (no name) - {BFED3F50-D194-FE61-BB28-FF8A32F52EB9} - C:\WINDOWS\system32\bvdnsbm.dll O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Irdr] "C:\PROGRA~1\YSTEM3~1\fast.exe" -vt yazb O4 - HKCU\..\Run: [Fvfmsyvt] "C:\Documents and Settings\User\My Documents\?icrosoft\w?auclt.exe" O4 - HKCU\..\Run: [Duogpd] "C:\Program Files\Common Files\??sks\n?lookup.exe" O4 - HKCU\..\Run: [Bxvhv] C:\WINDOWS\?dobe\m?config.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3E0FFA7D-7D9B-4C2B-8C43-110E4E644DEC}: NameServer = 194.54.90.238 O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFE1CED-9749-4838-91AD-47CCA52C5D74}: NameServer = 194.54.90.238 O17 - HKLM\System\CS1\Services\Tcpip\..\{3E0FFA7D-7D9B-4C2B-8C43-110E4E644DEC}: NameServer = 194.54.90.238 O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - (no file) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Windows Notification Service (Winnotify) - Unknown owner - C:\WINDOWS\System32\winntify.exe (file missing) -- End of file - 7815 bytes Combo Fix: "User" - 2007-10-21 13:54:25 - ComboFix 07-07-17.8 - Service Pack 2 FAT32 Command switches used :: C:\Documents and Settings\User\Desktop\SFScript.txt ((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 ))))))))))))))))))))))))))))))) 2007-10-20 19:33 <DIR> d-------- C:\Deckard 2007-10-20 19:16 <DIR> d-------- C:\WINDOWS\ERUNT 2007-10-20 19:04 <DIR> d--hs---- C:\FOUND.014 2007-10-20 18:53 60,928 --a------ C:\WINDOWS\SYSTEM32\bvdnsbm.dll 2007-10-17 11:43 35,840 -ra------ C:\WINDOWS\tsitra72.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-24 02:03:14 -------- d-----w C:\Program Files\Common Files\?ppPatch 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-31 02:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-31 02:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-31 02:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-31 02:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-31 02:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-31 02:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-31 02:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-31 02:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-22 20:54:58 1,099,570 ----a-w C:\WINDOWS\system32\dn224c1e06.dat 2007-07-22 20:12:26 97,312 ----a-w C:\bmgenkji3.exe 2007-07-22 20:12:22 100,920 ----a-w C:\bmgenkji2.exe 2007-07-22 20:11:42 99,848 ----a-w C:\bmgenkji1.exe 2007-07-22 20:10:38 544,768 ----a-w C:\WINDOWS\ytfse.exe 2001-07-15 04:16:22 266 --sh--w C:\Program Files\desktop.ini 2001-07-15 04:16:22 11,079 ---h--w C:\Program Files\folder.htt 2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\VXNlcg\prh5w0.vbs ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}] C:\Program Files\ISM\BndDrive.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] 2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFED3F50-D194-FE61-BB28-FF8A32F52EB9}] 2007-10-18 07:22 60928 --a------ C:\WINDOWS\system32\bvdnsbm.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ink Monitor"="C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe" [2001-10-16 11:10] "AtiPTA"="atiptaxx.exe" [2001-09-15 01:15 C:\WINDOWS\SYSTEM32\atiptaxx.exe] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 01:59] "EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2001-09-19 09:41] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" [2003-02-22 15:42] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-01-08 18:58] "lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-20 23:07] "EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 05:05] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 06:36] "DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-10-31 11:05] "DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-10-31 11:18] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-12 20:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2003-02-22 15:42] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-14 06:04] "Irdr"="C:\PROGRA~1\YSTEM3~1\fast.exe" [] "Fvfmsyvt"="C:\Documents and Settings\User\My Documents\?icrosoft\w?auclt.exe" [] "Duogpd"="C:\Program Files\Common Files\??sks\n?lookup.exe" [] "omuu"="C:\PROGRA~1\COMMON~1\omuu\omuum.exe" [2006-07-19 14:56] "Bxvhv"="C:\WINDOWS\?dobe\m?config.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\Osa9.exe [1999-02-17 20:05:56] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-02-22 15:42:19] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA] C:\Program Files\KaZaA\Kazaa.exe /SYSTRAY [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adaptec DirectCD"=C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE "CreateCD"=C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r "WinampAgent"="C:\PROGRAM FILES\WINAMP\WINAMPa.exe" "KAZAA"=C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "AtiPTA"=Atiptaxx.exe "TEST"=D:\AUTO.EXE "CountrySelection"=pctptt.exe "PTSNOOP"=ptsnoop.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CA0A4247-44BE-11d1-A005-00805F8ABE06} RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf Contents of the 'Scheduled Tasks' folder 2007-09-02 06:00:02 C:\WINDOWS\tasks\Tune-up Application Start.job ************************************************************************ catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-21 13:55:54 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software disk error: C:\Documents and Settings\USER\ntuser.dat scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-10-21 13:56:44 C:\ComboFix-quarantined-files.txt ... 2007-10-21 13:56 C:\ComboFix3.txt ... 2007-07-22 14:00 C:\ComboFix2.txt ... 2007-10-20 19:08 --- E O F --- Thanks again, Reggie