2 replies to this topic

[moodyinga]

I read the logs on this topic and have done quite a few of the steps that have been recommended to others with this virus. I STILL HAVE IT! Below is my hijackthis log, and my combofix log, too.

Please help me!

moodyinga


hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:06 PM, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.home.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5651] command /c del "C:\WINDOWS\system32\ruzomivu.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5486] cmd /c del "C:\WINDOWS\system32\ruzomivu.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\HLJA59L6\AIM_UA~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\P8Q2L41V\TCODE_~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\YGVX4OOV\OPTN_6~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\0CD7QEF5\OPTN_6~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\YGVX4OOV\IMSETT~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\J9UZIEO1\AIMTOD~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\HJWLQWNK\TCODE_~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\VCSSC2NY\IFRAME~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\VCSSC2NY\A62164~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\HJWLQWNK\AIM_UA~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\9RFU6LPA\TCODE_~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\9RFU6LPA\AIM_UA~1.SH! C:\DOCUME~1\WENDYM~1\LOCALS~1\TEMPOR~1\Content.IE5\22732TDE\TCODE_~1.SH!
O4 - HKCU\..\RunOnce: [SpybotDeletingD6656] cmd /c del "C:\WINDOWS\system32\ruzomivu.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8776] command /c del "c:\windows\system32\disolada.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2386] cmd /c del "c:\windows\system32\disolada.dll_old"
O4 - Startup: client.jar
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Gold 18\Remind.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10321 bytes

ComboFix log:

ComboFix 08-11-29.03 - Wendy Moody 2008-11-29 16:30:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.433 [GMT -5:00]
Running from: c:\documents and settings\Wendy Moody\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wendy Moody\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Wendy Moody\Favorites\Games.url
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\ijubahoj.ini
c:\windows\system32\johabuji.dll
c:\windows\system32\open.ico
c:\windows\system32\uvimozur.ini
c:\windows\system32\zebilemo.dll
c:\windows\system32\zipetepi.dll
c:\documents and settings\Wendy Moody\Cookies\?????????????????????????? . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.

2008-11-28 23:07 . 2008-11-28 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameHouse
2008-11-28 22:35 . 2008-11-28 22:35 <DIR> d-------- C:\users
2008-11-28 22:34 . 2008-11-28 23:05 <DIR> d-------- c:\program files\RealArcade
2008-11-27 22:19 . 2008-11-27 22:19 <DIR> d-------- c:\documents and settings\Wendy Moody\Application Data\GameInvest
2008-11-27 22:17 . 2008-11-27 23:30 <DIR> d-------- c:\program files\Hospital Hustle
2008-11-27 09:29 . 2008-11-27 10:15 <DIR> d-------- c:\program files\My Tribe
2008-11-26 09:49 . 2008-11-26 09:48 410,976 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-11-25 17:28 . 2008-11-25 17:29 <DIR> d-------- c:\program files\iTunes
2008-11-25 17:28 . 2008-11-25 17:28 <DIR> d-------- c:\program files\iPod
2008-11-25 17:28 . 2008-11-25 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 17:26 . 2008-11-25 17:26 <DIR> d-------- c:\program files\QuickTime
2008-11-22 15:41 . 2008-11-22 15:42 <DIR> d-------- c:\program files\Hot Dish 2 - Cross Country Cook Off
2008-11-18 17:59 . 2008-11-18 18:18 <DIR> d-------- c:\program files\Book of Legends
2008-11-17 12:12 . 2008-11-28 16:28 <DIR> d-------- c:\program files\Wonderland Secret Worlds
2008-11-17 12:10 . 2008-11-17 12:14 <DIR> d-------- c:\program files\Lifetime R.S.V.P
2008-11-15 13:06 . 2008-11-15 13:06 <DIR> d-------- c:\documents and settings\Wendy Moody\Application Data\Artogon
2008-11-15 12:47 . 2008-11-15 12:47 <DIR> d-------- c:\documents and settings\Wendy Moody\Application Data\FirstColony
2008-11-15 12:25 . 2008-11-16 12:43 <DIR> d-------- c:\program files\Mystery Stories - Berlin Nights
2008-11-15 12:23 . 2008-11-15 12:23 <DIR> d-------- c:\program files\Forgotten Lands - First Colony
2008-11-15 12:22 . 2008-11-15 12:22 <DIR> d-------- c:\program files\Hidden Mysteries - Buckingham Palace
2008-11-15 12:20 . 2008-11-15 12:20 <DIR> d-------- c:\program files\Treasure Seekers - Visions of Gold
2008-11-15 11:48 . 2008-11-15 11:48 <DIR> d-------- c:\program files\Top Chef
2008-11-12 15:33 . 2008-11-12 15:33 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 04:12 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 04:11 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-11-11 15:59 . 2008-11-11 16:00 <DIR> d-------- c:\program files\Diner Dash - Flo Through Time
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\SYSTEM32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\SYSTEM32\QuickTime.qts
2008-11-01 13:26 . 2008-11-01 13:27 <DIR> d-------- c:\program files\FishCo
2008-10-31 19:13 . 2008-10-31 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Redrum
2008-10-31 19:08 . 2008-10-31 19:25 <DIR> d-------- c:\program files\Operation Mania
2008-10-31 18:59 . 2008-10-31 18:59 <DIR> d-------- c:\program files\Redrum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 21:36 --------- d-----w c:\program files\Dl_cats
2008-11-29 13:10 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\McAfee
2008-11-29 13:10 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-29 00:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 23:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-28 23:16 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2008-11-28 09:57 --------- d-----w c:\program files\Magic Encyclopedia
2008-11-28 03:52 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-26 14:48 --------- d-----w c:\program files\Java
2008-11-25 22:28 --------- d-----w c:\program files\Common Files\Apple
2008-11-22 21:01 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Valusoft
2008-11-22 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\Valusoft
2008-11-18 23:18 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Gogii Games
2008-11-18 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii Games
2008-11-15 17:46 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\cerasus.media
2008-11-15 17:31 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Gamelab
2008-11-11 21:01 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\PlayFirst
2008-11-11 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-11 20:57 --------- d-----w c:\program files\bfgclient
2008-11-03 02:21 --------- d-----w c:\program files\Megaplex Madness - Now Playing
2008-11-01 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-11-01 00:24 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Pogo Games
2008-10-26 15:59 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\SecretIslandEng
2008-10-26 15:56 --------- d-----w c:\program files\The Treasures of Mystery Island
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 19:47 --------- d-----w c:\program files\Parking Dash
2008-10-18 18:27 --------- d-----w c:\program files\Veronica Rivers - Portals to the Unknown
2008-10-18 18:27 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Dragon Altar Games
2008-10-12 18:51 --------- d-----w c:\program files\Anna`s Ice Cream
2008-10-11 16:32 --------- d-----w c:\program files\Musaic Box
2008-10-11 13:02 --------- d-----w c:\program files\PrintMaster Gold 18
2008-10-11 13:02 --------- d-----w c:\documents and settings\All Users\Application Data\Broderbund Software
2008-10-11 12:11 --------- d-----w c:\program files\Web Publish
2008-10-11 02:44 --------- d-----w c:\program files\Common Files\Broderbund
2008-10-04 20:09 --------- d-----w c:\program files\Cassandra's Journey - The Legacy of Nostradamus
2008-10-04 20:09 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\JoyBits
2008-09-30 13:32 49,152 ----a-w C:\javaupdater.exe
2008-09-30 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-29 23:14 49,152 ----a-w C:\balkan.exe
2008-09-29 23:05 49,152 ----a-w C:\jvme.exe
2008-09-29 23:05 49,152 ----a-w c:\documents and settings\Wendy Moody\csrssx.exe
2008-09-28 00:17 --------- d-----w c:\program files\Lost Secrets - Bermuda Triangle
2008-09-16 21:36 61,224 -c--a-w c:\documents and settings\Wendy Moody\GoToAssistDownloadHelper.exe
2008-08-26 21:00 24 ----a-w c:\documents and settings\Wendy Moody\jagex_runescape_preferences.dat
2008-02-27 21:57 0 -c--a-w c:\program files\temp01
2007-11-18 17:26 56 --sh--r c:\windows\SYSTEM32\0305A89BB2.sys
2007-11-18 17:26 3,350 -csha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-08-18 22:09 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat
2008-02-10 21:49 9,897,248 -csha-w c:\windows\SYSTEM32\DRIVERS\fidbox.dat
2008-02-10 21:49 1,162,016 -csha-w c:\windows\SYSTEM32\DRIVERS\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD6656"="del" [X]
"SpybotDeletingB8776"="command" [X]
"SpybotDeletingD2386"="del" [X]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA5651"="command" [X]
"SpybotDeletingC5486"="del" [X]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-30 4891984]

c:\documents and settings\Wendy Moody\Start Menu\Programs\Startup\
client.jar [2008-09-29 40117]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Event Reminder.lnk - c:\program files\PrintMaster Gold 18\Remind.exe [2007-09-09 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=
"c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5228:TCP"= 5228:TCP:*:Disabled:SolidNetworkManager
"5228:UDP"= 5228:UDP:*:Disabled:SolidNetworkManager

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-29 24652]
.
Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-24 c:\windows\Tasks\diskcleaner.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-24 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-29 c:\windows\Tasks\quickcleaner.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-27 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe []

2007-05-17 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe []

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{8AF5DD05-AA7B-4721-AADF-C1E5946EC0FE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c5e2e84d-3a09-4995-ba74-20297bd9ed13} - c:\windows\system32\zebilemo.dll
HKCU-Run-ccleaner - c:\program files\CCleaner\ccleaner.exe
HKCU-Run-Aim6 - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 16:35:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\dlcxcoms.exe
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Java\jre6\bin\java.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\SYSTEM32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-29 16:42:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-29 21:42:05

Pre-Run: 95,485,906,944 bytes free
Post-Run: 95,611,691,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2008-11-12 20:37:25


Thanks for your time, in advance!

[1972vet]

Thanks for your patience. The forums have been flooded with requests and the volunteers have been working as time permits. If you are still in need of assistance, please post back a fresh HijackThis log. Thanks!

[1972vet]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.