Here's my hijackthis;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:07, on 2008/01/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Saerenna\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Winupdate Engine] C:\WINDOWS\system32\wupeng.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp .exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [mschkdsk.exe] C:\WINDOWS\system32\mschkdsk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.c...GNowStarter.cab
O16 - DPF: {D8F2DC62-F4A1-4A10-AE19-61DF6EC9BF50} (xc_loader_activex.cntMain) - http://157.201.248.4...der_activex.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Saerenna\My Documents\My Pictures\Hyoutei2a.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Saerenna\My Documents\My Pictures\Hyoutei5.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Saerenna\My Documents\My Pictures\yagyuu.png
O24 - Desktop Component 4: The Rogue Beat - http://roguebeat.cro.....20no Wake.mp3
O24 - Desktop Component 5: (no name) - C:\Documents and Settings\Saerenna\Desktop\Shounen_Onmyouji_-_Egao_no_Wake.mp3
O24 - Desktop Component 6: (no name) -
O24 - Desktop Component 7: (no name) - C:\Documents and Settings\Saerenna\My Documents\Hyotei_Gakuen.htm
--
End of file - 6821 bytes
And here's also my combofix log:
ComboFix 08-01-15.4 - Saerenna 2008-01-15 5:16:59.2 - NTFSx86
Running from: C:\Documents and Settings\Saerenna\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.
2008-01-15 04:09 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-15 04:09 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-15 04:09 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-15 04:09 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-15 04:09 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-15 04:08 . 2004-01-09 01:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-15 00:02 . 2008-01-15 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-14 23:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 21:19 . 2008-01-14 21:19 <DIR> d-------- C:\Program Files\CCleaner
2008-01-14 20:50 . 2008-01-15 05:07 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-01-14 13:32 . 2008-01-14 15:04 <DIR> d-------- C:\VundoFix Backups
2008-01-14 02:54 . 2008-01-15 02:32 <DIR> d-------- C:\Documents and Settings\Saerenna\Application Data\AVG7
2008-01-14 02:53 . 2008-01-14 02:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-14 02:53 . 2008-01-15 05:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-13 22:39 . 2007-07-16 15:53 48 --a------ C:\Documents and Settings\Saerenna\readme.bat
2007-12-28 21:53 . 2007-12-29 10:11 <DIR> d-------- C:\Program Files\GridService
2007-12-28 21:53 . 2007-12-28 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grid
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 12:04 --------- d-----w C:\Program Files\MegauploadToolbar
2008-01-15 12:04 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-01-15 10:20 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-15 10:19 --------- d-----w C:\Program Files\Acoustica Mixcraft 3
2008-01-15 04:30 --------- d-----w C:\Program Files\Lexmark 1400 Series
2008-01-15 03:19 --------- d-----w C:\Program Files\DellSupport
2008-01-15 03:10 --------- d-----w C:\Program Files\QuickTime
2008-01-14 06:50 --------- d-----w C:\Documents and Settings\Saerenna\Application Data\MegauploadToolbar
2008-01-14 04:16 --------- d-----w C:\Program Files\VideoLAN
2008-01-14 01:23 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-28 23:52 --------- d-----w C:\Documents and Settings\Saerenna\Application Data\BitTorrent
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-11-30 03:22 8,612 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-26 07:56 --------- d-----w C:\Documents and Settings\Saerenna\Application Data\AdobeUM
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2006-05-20 08:08 0 ---ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
2007-07-19 17:29 88 --sh--r C:\WINDOWS\system32\E7D1A1E3A5.sys
.
<pre> ----a-w 81,920 2008-01-15 03:49:53 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe ----a-w 249,856 2008-01-14 11:45:57 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe ----a-w 53,248 2008-01-15 03:49:49 C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe ----a-w 1,032,192 2008-01-15 03:49:52 C:\Program Files\Dell\QuickSet\quickset .exe ----a-w 157,696 2008-01-14 22:58:31 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe ----a-w 579,072 2008-01-15 03:50:36 C:\Program Files\Grisoft\AVG7\avgcc .exe ----a-w 69,632 2008-01-15 03:50:25 C:\Program Files\HP\HP Share-to-Web\hpgs2wnd .exe ----a-w 20,480 2008-01-15 03:50:17 C:\Program Files\Lexmark 1400 Series\lxdjamon .exe ----a-w 1,121,792 2008-01-15 03:50:01 C:\Program Files\McAfee\SpamKiller\MSKDetct .exe ----a-w 761,947 2008-01-15 03:49:43 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe ----a-w 4,670,968 2008-01-15 03:51:13 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe ----a-w 208,952 2008-01-14 11:46:25 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE ----a-w 59,392 2008-01-14 11:46:30 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe ----a-w 455,168 2008-01-14 11:46:34 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE </pre>
((((((((((((((((((((((((((((( snapshot@2008-01-14_23.49.51.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-15 13:05:40 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_55c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mschkdsk.exe"="C:\WINDOWS\system32\mschkdsk.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [ ]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 20:19 393216 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm .exe" [2008-01-14 03:45 249856]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 02:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 02:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 02:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 02:00 455168]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"ClubBox"="" []
"lxdjmon.exe"="C:\Program Files\Lexmark 1400 Series\lxdjmon.exe" [ ]
"LXDJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 15:21 102400]
"Winupdate Engine"="C:\WINDOWS\system32\wupeng.exe" [ ]
"avp"="C:\WINDOWS\avp .exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-19 23:57:39]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Documents and Settings\Saerenna\My Documents\My Pictures\Hyoutei2a.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\Saerenna\My Documents\My Pictures\Hyoutei5.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Saerenna\My Documents\My Pictures\yagyuu.png
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
Source= C:\Documents and Settings\Saerenna\Desktop\Shounen_Onmyouji_-_Egao_no_Wake.mp3
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
Source= C:\Documents and Settings\Saerenna\My Documents\Hyotei_Gakuen.htm
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 13:34]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 02:00]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-07 17:48:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 05:27:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDJCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-15 5:31:35
ComboFix2.txt 2008-01-15 07:50:27
.
2008-01-09 11:04:44 --- E O F ---