Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

InprocServer 32 vundo?


  • Please log in to reply
6 replies to this topic

#1 blud

blud

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 27 January 2009 - 06:53 PM

The first of my problems is a .dll error after rebooting, but this is also the smallest of my problems. My computer is very slow, freezing up, and sometimes going to a blue screen which states something about a dump. I also have a box popping up asking if I want Internet Explorer to be my default browser (I use Firefox) and sometimes I will have multiple new browser windows opening up (sometimes 10 at a time) and then displaying a file not found message. I anxiously await your help. Thank you in advance!!!!! Here is the DDS log:


DDS (Ver_09-01-19.01) - NTFSx86
Run by Keegan at 18:34:21.54 on Tue 01/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.91 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\WINDOWS\system32\5D5P1X40.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\AutorunRemover\AutorunRemover.exe
C:\Program Files\BitLord2\BitLord.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Documents and Settings\Keegan\Desktop\dds.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com
uSearch Page = file://c:/windows/homepage.html
mDefault_Page_URL = file://c:/windows/homepage.html
mDefault_Search_URL = file://c:/windows/homepage.html
mSearch Page = file://c:/windows/homepage.html
mStart Page = file://c:/windows/homepage.html
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\iftuyszv.exe,
BHO: {0A6BD801-33AA-47DD-BE18-800924DA74F4} - No File
BHO: {1541d349-d8a4-422a-b9e2-909483b197cb} - No File
BHO: {26A4E1FF-B264-4238-9290-5A0D27943430} - No File
BHO: {471F4205-BEF9-43DC-8AD7-8B82CEDC83A1} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5616418B-C926-41E7-BB8B-CC35218CEFA1} - No File
BHO: {60BD6A0B-0008-47AB-8F22-15E5FFFCA0A1} - No File
BHO: {6AA3C9A0-6BB7-4D56-AA8C-B7D4067B4C5A} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\TUVVMDDW.DLL
BHO: {811C8115-CD20-401A-8D60-E3445D9BEEAD} - No File
BHO: {85F6B03D-3E7A-4ACC-AA83-2DEF22F9E4D1} - No File
BHO: {8F974B81-3B41-456B-B467-C41C9EB3D8F5} - No File
BHO: {9936D1AA-B1A5-414B-90F3-771A5A27E8AF} - No File
BHO: {AAABF1A3-985F-43FC-9AA3-5B9A7DD1F352} - No File
BHO: {B8049597-DEBD-4F72-8118-98B22631B52B} - No File
BHO: {C2B8F0E2-FBA2-419A-874A-A48DD960286E} - No File
BHO: {CB56E674-59ED-47DF-BD7B-7F9298BCA233} - No File
BHO: {D19697A7-E2BC-4D7A-870B-FEF6FA3A9CFD} - No File
BHO: {D30B6195-821D-4689-822F-78B41516BD63} - No File
BHO: {8e7d9e75-e8e6-0e88-64c4-913340d8178f}: {f8718d04-3319-4c46-88e0-6e8e57e9d7e8} - c:\windows\system32\aqsgfj.dll
BHO: {fc1d0d9d-e7c2-4ebe-82b7-6af0bee96e94} - c:\windows\system32\qoMghhfg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [e0d817a0] rundll32.exe "c:\windows\system32\ofqqjxyg.dll",b
mRunOnce: [SpyHunter3 BatchedRemoval] c:\program files\enigma software group\spyhunter\br.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: tuvVMdDw - tuvVMdDw.dll
AppInit_DLLs: vpgenc.dll eantpe.dll mdrzpd.dll bvxysq.dll qooejz.dll djgqoa.dll svogpi.dll efsxpf.dll yaonuh.dll ajqsjr.dll fazviz.dll llmegd.dll aqsgfj.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\TUVVMDDW.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMghhfg

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\keegan\applic~1\mozilla\firefox\profiles\5ztk9iwd.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - plugin: c:\documents and settings\keegan\application data\mozilla\firefox\profiles\5ztk9iwd.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: XUL Cache: {323006B9-F20E-4F9C-96B7-593A3E71DD36} - c:\windows\system32\config\systemprofile\local settings\application data\{323006b9-f20e-4f9c-96b7-593a3e71dd36}\

============= SERVICES / DRIVERS ===============

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2009-1-13 43936]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2009-1-13 11264]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 pschedd;pschedd;c:\windows\system32\drivers\pschedd.sys --> c:\windows\system32\drivers\pschedd.sys [?]
S3 Philipscam1;Philips 645 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2008-10-12 75776]
S4 PlugPlayRPC;Plug and Play (RPC); [x]

=============== Created Last 30 ================

2009-01-27 18:13 <DIR> --d----- c:\program files\Cobian Backup 8
2009-01-27 17:46 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-27 15:43 126,464 a------- c:\windows\system32\aqsgfj.dll
2009-01-27 15:43 126,464 a------- c:\windows\system32\bilqyxai.dll
2009-01-27 15:41 120 ---sh--- c:\windows\system32\qoagjbmx.ini
2009-01-27 15:41 86,528 a------- c:\windows\system32\xmbjgaoq.dll
2009-01-26 22:12 124,416 a------- c:\windows\system32\wdmbqv.dll
2009-01-26 22:12 124,416 a------- c:\windows\system32\vldnbdhs.dll
2009-01-26 22:09 120 ---sh--- c:\windows\system32\kkxthvkg.ini
2009-01-26 22:09 89,088 a------- c:\windows\system32\gkvhtxkk.dll
2009-01-25 22:08 129,536 a------- c:\windows\system32\llmegd.dll
2009-01-25 22:08 129,536 a------- c:\windows\system32\axhjpnon.dll
2009-01-25 22:07 120 ---sh--- c:\windows\system32\agjcvjcb.ini
2009-01-25 22:07 84,480 a------- c:\windows\system32\bcjvcjga.dll
2009-01-25 20:38 129,536 a------- c:\windows\system32\kvcqve.dll
2009-01-25 20:38 129,536 a------- c:\windows\system32\ukilxynx.dll
2009-01-25 20:35 120 ---sh--- c:\windows\system32\gigprfko.ini
2009-01-25 20:35 84,480 a------- c:\windows\system32\okfrpgig.dll
2009-01-25 11:57 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-01-25 11:55 <DIR> --d----- c:\windows\system32\vmm32
2009-01-24 20:35 127,488 a------- c:\windows\system32\fazviz.dll
2009-01-24 20:35 127,488 a------- c:\windows\system32\vykrwisq.dll
2009-01-24 20:34 120 ---sh--- c:\windows\system32\ibbnhqvb.ini
2009-01-24 20:33 84,480 a------- c:\windows\system32\bvqhnbbi.dll
2009-01-24 20:33 48,128 a------- c:\windows\system32\iifcBqPJ.dll
2009-01-24 14:29 0 a------- c:\windows\system32\mcrh.tmp
2009-01-23 23:34 123,392 a------- c:\windows\system32\ajqsjr.dll
2009-01-23 23:34 123,392 a------- c:\windows\system32\yxeqkifp.dll
2009-01-23 23:32 120 ---sh--- c:\windows\system32\fgtlfylp.ini
2009-01-23 23:32 83,456 a------- c:\windows\system32\plyfltgf.dll
2009-01-22 17:40 <DIR> --d----- c:\docume~1\keegan\applic~1\Ashampoo
2009-01-22 17:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-01-22 17:33 <DIR> --d----- c:\program files\Ashampoo
2009-01-22 17:08 120 ---sh--- c:\windows\system32\jjkwfxfb.ini
2009-01-22 17:08 84,480 a------- c:\windows\system32\bfxfwkjj.dll
2009-01-22 17:08 125,440 a------- c:\windows\system32\yaonuh.dll
2009-01-22 17:08 125,440 a------- c:\windows\system32\ynbwafdk.dll
2009-01-22 16:40 120 ---sh--- c:\windows\system32\ihkehyij.ini
2009-01-22 16:40 84,480 a------- c:\windows\system32\jiyhekhi.dll
2009-01-22 16:37 125,440 a------- c:\windows\system32\efsxpf.dll
2009-01-22 16:37 125,440 a------- c:\windows\system32\exfexlin.dll
2009-01-21 16:36 126,464 a------- c:\windows\system32\svogpi.dll
2009-01-21 16:36 126,464 a------- c:\windows\system32\bjlfclpp.dll
2009-01-21 16:34 120 ---sh--- c:\windows\system32\rhxprvfu.ini
2009-01-21 16:34 82,944 a------- c:\windows\system32\ufvrpxhr.dll
2009-01-20 12:35 120 ---sh--- c:\windows\system32\rvcmvldi.ini
2009-01-20 12:35 84,992 a------- c:\windows\system32\idlvmcvr.dll
2009-01-20 12:32 125,952 a------- c:\windows\system32\deqdnsxe.dll
2009-01-20 12:32 125,952 a------- c:\windows\system32\bqqlnn.dll
2009-01-20 05:50 125,952 a------- c:\windows\system32\imtqrv.dll
2009-01-20 05:50 125,952 a------- c:\windows\system32\cdcvfdyl.dll
2009-01-20 05:47 120 ---sh--- c:\windows\system32\wuiltdit.ini
2009-01-19 05:49 125,440 a------- c:\windows\system32\djgqoa.dll
2009-01-19 05:49 125,440 a------- c:\windows\system32\dinnbjqq.dll
2009-01-19 05:47 120 ---sh--- c:\windows\system32\cdwoiueu.ini
2009-01-19 05:47 86,016 a------- c:\windows\system32\ueuiowdc.dll
2009-01-17 19:52 49 a------- c:\windows\NeroDigital.ini
2009-01-17 19:40 28 a------- c:\windows\ZC DVD Creator Platinum.INI
2009-01-17 18:56 125,952 a------- c:\windows\system32\qooejz.dll
2009-01-17 18:55 125,952 a------- c:\windows\system32\asquhgqt.dll
2009-01-17 18:53 120 ---sh--- c:\windows\system32\gyxjqqfo.ini
2009-01-16 23:18 120 ---sh--- c:\windows\system32\ottyloco.ini
2009-01-16 23:15 127,488 a------- c:\windows\system32\mqeizi.dll
2009-01-16 23:15 127,488 a------- c:\windows\system32\aubrsggc.dll
2009-01-15 23:12 120 ---sh--- c:\windows\system32\yeytxusy.ini
2009-01-15 23:12 82,432 a------- c:\windows\system32\ysuxtyey.dll
2009-01-15 23:12 127,488 a------- c:\windows\system32\lyisbi.dll
2009-01-15 23:12 127,488 a------- c:\windows\system32\dtntqlrf.dll
2009-01-15 22:57 81 a------- c:\windows\SuperUtil.ini
2009-01-15 22:50 269,824 a------- c:\windows\system32\baksm.dll
2009-01-15 18:12 127,488 a------- c:\windows\system32\bvxysq.dll
2009-01-15 18:12 127,488 a------- c:\windows\system32\vjjdsbwf.dll
2009-01-15 18:09 120 ---sh--- c:\windows\system32\wphhlhfb.ini
2009-01-15 18:09 82,432 a------- c:\windows\system32\bfhlhhpw.dll
2009-01-14 18:08 81,408 a------- c:\windows\system32\idwpnvhy.dll
2009-01-14 18:08 120 ---sh--- c:\windows\system32\yhvnpwdi.ini
2009-01-13 18:16 123,904 a------- c:\windows\system32\esbltd.dll
2009-01-13 18:16 123,904 a------- c:\windows\system32\qmomtrji.dll
2009-01-13 18:13 120 ---sh--- c:\windows\system32\lrhuuwks.ini
2009-01-13 17:40 44,000 a------- c:\windows\system32\drivers\AFPUni.sys
2009-01-13 17:40 43,936 a------- c:\windows\system32\drivers\AFPAnsi.sys
2009-01-13 17:40 11,264 a------- c:\windows\system32\drivers\supermounter.sys
2009-01-13 17:40 1,485,312 a------- c:\windows\system32\vbsbak.dat
2009-01-13 17:40 1,473,536 a------- c:\windows\system32\context.dll
2009-01-13 17:40 269,824 a------- c:\windows\system32\baksm.dat
2009-01-13 17:40 261,120 a------- c:\windows\system32\supermenuhook.dll
2009-01-13 17:40 89,088 a------- c:\windows\system32\Shreder.dll
2009-01-13 17:40 73,728 a------- c:\windows\system32\smh.dat
2009-01-13 17:40 6,144 a------- c:\windows\system32\SuperRes.dll
2009-01-13 17:40 52 a------- c:\windows\system32\vb6sock.dll
2009-01-13 17:40 <DIR> --d----- c:\program files\SuperLogix
2009-01-13 17:28 38 a------- c:\docume~1\keegan\applic~1\svighost.dll
2009-01-13 17:26 <DIR> --d----- c:\program files\AutorunRemover
2009-01-13 16:45 <DIR> --d----- c:\program files\Photo Impact 6.0
2009-01-13 16:44 <DIR> --d----- c:\program files\RegSeeker
2009-01-13 16:42 <DIR> --d----- c:\program files\Nero 7.5.9.0 Ultra
2009-01-12 18:32 <DIR> --d----- c:\program files\Enigma Software Group
2009-01-12 18:13 124,928 a------- c:\windows\system32\mdrzpd.dll
2009-01-12 18:13 124,928 a------- c:\windows\system32\yagirgcm.dll
2009-01-12 18:11 120 ---sh--- c:\windows\system32\tuimscjc.ini
2009-01-12 18:11 80,896 a------- c:\windows\system32\cjcsmiut.dll
2009-01-11 21:56 120 ---sh--- c:\windows\system32\eknceoat.ini
2009-01-11 21:56 80,896 a------- c:\windows\system32\taoecnke.dll
2009-01-11 20:35 123,392 a------- c:\windows\system32\nqpsfgrf.dll
2009-01-11 20:35 123,392 a------- c:\windows\system32\eantpe.dll
2009-01-11 18:18 3,802,169,344 a------- C:\NEW.ISO
2009-01-10 21:55 120 ---sh--- c:\windows\system32\iptikxrc.ini
2009-01-10 20:34 124,928 a------- c:\windows\system32\vpgenc.dll
2009-01-10 20:34 124,928 a------- c:\windows\system32\mgpbgkke.dll
2009-01-10 20:08 381,264 a--sh--- c:\windows\system32\gfhhgMoq.ini2
2009-01-10 17:05 <DIR> --d----- c:\program files\Nero
2009-01-10 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-01-09 20:41 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-09 20:37 133,120 a------- c:\windows\system32\maenfj.dll
2009-01-09 20:37 133,120 a------- c:\windows\system32\lgmnoety.dll
2009-01-09 20:37 120 ---sh--- c:\windows\system32\xalqcaak.ini
2009-01-09 20:34 52,224 a------- c:\windows\system32\geBssrRL.dll
2009-01-09 20:31 381,264 a--sh--- c:\windows\system32\gfhhgMoq.ini
2009-01-09 20:31 289,280 a------- c:\windows\system32\qoMghhfg.dll
2009-01-09 20:26 52,224 a------- c:\windows\system32\tuvVMdDw.dll
2009-01-09 20:25 38,400 a------- c:\windows\system32\prunnet.exe
2009-01-06 15:20 <DIR> --d----- C:\videodvdmaker
2009-01-06 15:20 <DIR> --d----- c:\docume~1\keegan\applic~1\Video DVD Maker FREE
2009-01-01 16:18 73,728 a------- c:\windows\system32\5D5P1X40.exe
2009-01-01 16:18 0 a------- c:\windows\system32\5D5P1X40.exe.a_a

==================== Find3M ====================

2009-01-17 19:48 3,350 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 18:40:57.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:41 PM

Posted 28 January 2009 - 08:53 AM

Hello Blud and welcome to Bleeping Computer,

No active antivirus protection ? No wonder your system's hit so bad. :thumbup2:

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :)

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 blud

blud
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 28 January 2009 - 04:13 PM

Thanks Thunder...here are the logs:

Goored--

GooredFix v1.83 by jpshortstuff
Log created at 15:35 on 28/01/2009 running Option #2 (Keegan)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{323006B9-F20E-4F9C-96B7-593A3E71DD36}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{323006B9-F20E-4F9C-96B7-593A3E71DD36}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{323006B9-F20E-4F9C-96B7-593A3E71DD36}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"


Combo Fix--

GooredFix v1.83 by jpshortstuff
Log created at 15:35 on 28/01/2009 running Option #2 (Keegan)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{323006B9-F20E-4F9C-96B7-593A3E71DD36}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{323006B9-F20E-4F9C-96B7-593A3E71DD36}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{323006B9-F20E-4F9C-96B7-593A3E71DD36}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#4 blud

blud
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 28 January 2009 - 04:14 PM

Sorry, here's the combo fix one--


ComboFix 09-01-21.04 - Keegan 2009-01-28 16:00:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.287 [GMT -5:00]
Running from: c:\documents and settings\Keegan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\Age of Empires - der Aufstieg Roms expansion by DBC.torrent
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\Age of Empires - der Aufstieg Roms expansion by DBC.zip
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\alawar burger shop by jonezcracker.zip~
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\Call Of Duty v1.0 build 4500 Cracked exe by [TLG]Mysterio.zip~
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\DIGITAL MEDIA CONVERTER.torrent
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\DIGITAL MEDIA CONVERTER.zip
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\DVD Region+CSS Free Lite v5.0.2.2.torrent
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\DVD Region+CSS Free Lite v5.0.2.2.zip
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\Lord of The Rings FOTR Walkthrough by LZ0.torrent
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\Lord of The Rings FOTR Walkthrough by LZ0.zip
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\PDF2Word - PDF2RTF v1.3.torrent
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\PDF2Word - PDF2RTF v1.3.zip
c:\documents and settings\Keegan\Application Data\Microsoft\dtsc\s
c:\documents and settings\Keegan\Application Data\SSEMBL~1
c:\program files\Common Files\sembly~1
c:\program files\Common Files\sembly~1\??sembly\
c:\temp\tn3
c:\temp\vtmp2
c:\temp\vtmp2\ktnv33.log
c:\windows\homepage.html
c:\windows\index.html
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\muotr.so
c:\windows\promo1.html
c:\windows\promo2.html
c:\windows\promo3.html
c:\windows\promo4.html
c:\windows\promo5.html
c:\windows\promo6.html
c:\windows\promogif1.gif
c:\windows\promogif2.gif
c:\windows\promogif3.gif
c:\windows\system32\5D5P1X40.exe.a_a
c:\windows\system32\ajqsjr.dll
c:\windows\system32\aqsgfj.dll
c:\windows\system32\asquhgqt.dll
c:\windows\system32\aubrsggc.dll
c:\windows\system32\axhjpnon.dll
c:\windows\system32\bcjvcjga.dll
c:\windows\system32\bfhlhhpw.dll
c:\windows\system32\bfxfwkjj.dll
c:\windows\system32\bilqyxai.dll
c:\windows\system32\bjlfclpp.dll
c:\windows\system32\bqqlnn.dll
c:\windows\system32\bvqhnbbi.dll
c:\windows\system32\bvxysq.dll
c:\windows\system32\cdcvfdyl.dll
c:\windows\system32\cjcsmiut.dll
c:\windows\system32\deqdnsxe.dll
c:\windows\system32\dinnbjqq.dll
c:\windows\system32\djgqoa.dll
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekabgrqoqvp.sys
c:\windows\system32\dtntqlrf.dll
c:\windows\system32\eantpe.dll
c:\windows\system32\efsxpf.dll
c:\windows\system32\esbltd.dll
c:\windows\system32\exfexlin.dll
c:\windows\system32\fazviz.dll
c:\windows\system32\g16.exe
c:\windows\system32\geBssrRL.dll
c:\windows\system32\gfhhgMoq.ini
c:\windows\system32\gfhhgMoq.ini2
c:\windows\system32\gkvhtxkk.dll
c:\windows\system32\gside.exe
c:\windows\system32\hljwugsf.bin
c:\windows\system32\idlvmcvr.dll
c:\windows\system32\idwpnvhy.dll
c:\windows\system32\iifcBqPJ.dll
c:\windows\system32\imtqrv.dll
c:\windows\system32\jiyhekhi.dll
c:\windows\system32\jzyona.dll
c:\windows\system32\kvcqve.dll
c:\windows\system32\lgmnoety.dll
c:\windows\system32\llmegd.dll
c:\windows\system32\lyisbi.dll
c:\windows\system32\maenfj.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mdrzpd.dll
c:\windows\system32\mgpbgkke.dll
c:\windows\system32\mqeizi.dll
c:\windows\system32\nqpsfgrf.dll
c:\windows\system32\okfrpgig.dll
c:\windows\system32\pac.txt
c:\windows\system32\plyfltgf.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\qgvkyecv.dll
c:\windows\system32\qmomtrji.dll
c:\windows\system32\qoMghhfg.dll.vir
c:\windows\system32\qooejz.dll
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekaewsrfwoh.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekatkdurirj.dll
c:\windows\system32\svogpi.dll
c:\windows\system32\taoecnke.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tuvVMdDw.dll
c:\windows\system32\ueuiowdc.dll
c:\windows\system32\ufvrpxhr.dll
c:\windows\system32\ukilxynx.dll
c:\windows\system32\vb6sock.dll
c:\windows\system32\vjjdsbwf.dll
c:\windows\system32\vldnbdhs.dll
c:\windows\system32\vpgenc.dll
c:\windows\system32\vykrwisq.dll
c:\windows\system32\wdmbqv.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\xmbjgaoq.dll
c:\windows\system32\yagirgcm.dll
c:\windows\system32\yaonuh.dll
c:\windows\system32\ynbwafdk.dll
c:\windows\system32\ysuxtyey.dll
c:\windows\system32\yxeqkifp.dll
c:\windows\Tasks\sdfgbkvw.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\userinit.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_PLUGPLAYRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-28 )))))))))))))))))))))))))))))))
.

2009-01-28 15:44 . 2009-01-28 15:44 104,960 --a------ c:\windows\system32\lgtpyxyu.dll
2009-01-27 18:13 . 2009-01-27 18:13 <DIR> d-------- c:\program files\Cobian Backup 8
2009-01-27 17:46 . 2009-01-27 17:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-27 15:41 . 2009-01-27 15:41 120 --ahs---- c:\windows\system32\qoagjbmx.ini
2009-01-26 22:09 . 2009-01-26 22:09 120 --ahs---- c:\windows\system32\kkxthvkg.ini
2009-01-25 22:07 . 2009-01-25 22:07 120 --ahs---- c:\windows\system32\agjcvjcb.ini
2009-01-25 20:35 . 2009-01-25 20:35 120 --ahs---- c:\windows\system32\gigprfko.ini
2009-01-25 11:55 . 2009-01-25 11:55 <DIR> d-------- c:\windows\system32\vmm32
2009-01-24 20:34 . 2009-01-24 20:34 120 --ahs---- c:\windows\system32\ibbnhqvb.ini
2009-01-24 14:34 . 2009-01-24 14:46 <DIR> d-------- c:\program files\RegCure
2009-01-23 23:32 . 2009-01-23 23:32 120 --ahs---- c:\windows\system32\fgtlfylp.ini
2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d-------- c:\documents and settings\Keegan\Application Data\Ashampoo
2009-01-22 17:33 . 2009-01-22 17:33 <DIR> d-------- c:\program files\Ashampoo
2009-01-22 17:33 . 2009-01-22 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-01-22 17:08 . 2009-01-22 17:08 120 --ahs---- c:\windows\system32\jjkwfxfb.ini
2009-01-22 16:40 . 2009-01-22 16:40 120 --ahs---- c:\windows\system32\ihkehyij.ini
2009-01-21 16:34 . 2009-01-21 16:34 120 --ahs---- c:\windows\system32\rhxprvfu.ini
2009-01-20 12:35 . 2009-01-20 12:35 120 --ahs---- c:\windows\system32\rvcmvldi.ini
2009-01-20 05:47 . 2009-01-20 05:47 120 --ahs---- c:\windows\system32\wuiltdit.ini
2009-01-19 05:47 . 2009-01-19 05:47 120 --ahs---- c:\windows\system32\cdwoiueu.ini
2009-01-17 19:52 . 2009-01-28 15:38 49 --a------ c:\windows\NeroDigital.ini
2009-01-17 19:40 . 2009-01-22 16:56 28 --a------ c:\windows\ZC DVD Creator Platinum.INI
2009-01-17 18:53 . 2009-01-17 18:53 120 --ahs---- c:\windows\system32\gyxjqqfo.ini
2009-01-16 23:18 . 2009-01-16 23:18 120 --ahs---- c:\windows\system32\ottyloco.ini
2009-01-15 23:12 . 2009-01-15 23:12 120 --ahs---- c:\windows\system32\yeytxusy.ini
2009-01-15 22:57 . 2009-01-15 22:57 81 --a------ c:\windows\SuperUtil.ini
2009-01-15 22:50 . 2009-01-15 22:50 269,824 --a------ c:\windows\system32\baksm.dll
2009-01-15 18:09 . 2009-01-15 18:09 120 --ahs---- c:\windows\system32\wphhlhfb.ini
2009-01-14 18:08 . 2009-01-14 18:08 120 --ahs---- c:\windows\system32\yhvnpwdi.ini
2009-01-13 18:13 . 2009-01-13 18:13 120 --ahs---- c:\windows\system32\lrhuuwks.ini
2009-01-13 17:40 . 2009-01-13 17:40 <DIR> d-------- c:\program files\SuperLogix
2009-01-13 17:40 . 2009-01-12 08:19 1,485,312 --a------ c:\windows\system32\vbsbak.dat
2009-01-13 17:40 . 2008-08-07 23:13 1,473,536 --a------ c:\windows\system32\context.dll
2009-01-13 17:40 . 2009-01-15 22:50 269,824 --a------ c:\windows\system32\baksm.dat
2009-01-13 17:40 . 2008-12-17 22:09 261,120 --a------ c:\windows\system32\supermenuhook.dll
2009-01-13 17:40 . 2003-10-11 10:24 89,088 --a------ c:\windows\system32\Shreder.dll
2009-01-13 17:40 . 2003-09-06 22:32 73,728 --a------ c:\windows\system32\smh.dat
2009-01-13 17:40 . 2007-03-11 21:39 44,000 --a------ c:\windows\system32\drivers\AFPUni.sys
2009-01-13 17:40 . 2007-03-11 21:39 43,936 --a------ c:\windows\system32\drivers\AFPAnsi.sys
2009-01-13 17:40 . 2008-02-24 16:17 11,264 --a------ c:\windows\system32\drivers\supermounter.sys
2009-01-13 17:40 . 2003-10-16 22:56 6,144 --a------ c:\windows\system32\SuperRes.dll
2009-01-13 17:28 . 2009-01-13 17:28 38 --a------ c:\documents and settings\Keegan\Application Data\svighost.dll
2009-01-13 17:26 . 2009-01-27 17:26 <DIR> d-------- c:\program files\AutorunRemover
2009-01-13 16:45 . 2009-01-13 16:45 <DIR> d-------- c:\program files\Photo Impact 6.0
2009-01-13 16:44 . 2009-01-13 16:44 <DIR> d-------- c:\program files\RegSeeker
2009-01-13 16:42 . 2009-01-13 16:43 <DIR> d-------- c:\program files\Nero 7.5.9.0 Ultra
2009-01-12 18:32 . 2009-01-12 18:32 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-12 18:11 . 2009-01-12 18:11 120 --ahs---- c:\windows\system32\tuimscjc.ini
2009-01-11 21:56 . 2009-01-11 21:56 120 --ahs---- c:\windows\system32\eknceoat.ini
2009-01-11 18:18 . 2009-01-11 18:23 3,802,169,344 --a------ C:\NEW.ISO
2009-01-10 21:55 . 2009-01-10 21:55 120 --ahs---- c:\windows\system32\iptikxrc.ini
2009-01-10 17:05 . 2009-01-10 17:05 <DIR> d-------- c:\program files\Nero
2009-01-10 17:05 . 2009-01-10 17:07 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-10 17:05 . 2009-01-10 17:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-09 20:41 . 2009-01-09 20:41 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-09 20:37 . 2009-01-09 20:37 120 --ahs---- c:\windows\system32\xalqcaak.ini
2009-01-06 16:37 . 2009-01-06 18:05 <DIR> d-------- c:\documents and settings\Keegan\Application Data\ImgBurn
2009-01-06 16:10 . 2009-01-06 16:11 <DIR> d-------- c:\program files\ImgBurn
2009-01-06 15:20 . 2009-01-06 15:20 <DIR> d-------- C:\videodvdmaker
2009-01-06 15:20 . 2009-01-06 15:20 <DIR> d-------- c:\documents and settings\Keegan\Application Data\Video DVD Maker FREE
2009-01-02 16:11 . 2009-01-02 16:11 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-02 16:08 . 2009-01-02 16:08 <DIR> d-------- c:\program files\Apple Software Update
2009-01-02 16:08 . 2009-01-02 16:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-01 16:18 . 2009-01-01 16:18 73,728 --a------ c:\windows\system32\5D5P1X40.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-28 21:05 --------- d-----w c:\program files\dl_cats
2009-01-27 22:46 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-27 22:46 --------- d-----w c:\documents and settings\Keegan\Application Data\SUPERAntiSpyware.com
2009-01-24 19:32 --------- d-----w c:\documents and settings\Keegan\Application Data\uTorrent
2009-01-10 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-01-10 01:36 --------- d-----w c:\program files\uTorrent
2009-01-08 03:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 03:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-08 03:02 --------- d-----w c:\program files\Ahead
2009-01-06 23:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 23:25 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-02 21:14 --------- d-----w c:\program files\QuickTime Alternative
2009-01-02 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-03 2356088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3filter"= ac3filter.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2005-08-31 10:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2006-03-20 16:00 282624 c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Keegan\\Desktop\\utorrent.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2009-01-13 43936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2009-01-13 11264]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S1 pschedd;pschedd;c:\windows\system32\drivers\pschedd.sys --> c:\windows\system32\drivers\pschedd.sys [?]
S3 Philipscam1;Philips 645 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2008-10-12 75776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-27 c:\windows\Tasks\At1.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At10.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At11.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At12.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At13.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At14.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At15.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At16.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-27 c:\windows\Tasks\At17.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-27 c:\windows\Tasks\At18.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-27 c:\windows\Tasks\At19.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-27 c:\windows\Tasks\At2.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-28 c:\windows\Tasks\At20.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-28 c:\windows\Tasks\At21.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-28 c:\windows\Tasks\At22.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At23.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-27 c:\windows\Tasks\At24.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-27 c:\windows\Tasks\At3.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-27 c:\windows\Tasks\At4.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At5.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At6.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-25 c:\windows\Tasks\At7.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-28 c:\windows\Tasks\At8.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-28 c:\windows\Tasks\At9.job
- c:\windows\system32\5D5P1X40.exe [2009-01-01 16:18]

2009-01-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2009-01-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0A6BD801-33AA-47DD-BE18-800924DA74F4} - (no file)
BHO-{1541d349-d8a4-422a-b9e2-909483b197cb} - (no file)
BHO-{26A4E1FF-B264-4238-9290-5A0D27943430} - (no file)
BHO-{471F4205-BEF9-43DC-8AD7-8B82CEDC83A1} - (no file)
BHO-{5616418B-C926-41E7-BB8B-CC35218CEFA1} - (no file)
BHO-{60BD6A0B-0008-47AB-8F22-15E5FFFCA0A1} - (no file)
BHO-{6AA3C9A0-6BB7-4D56-AA8C-B7D4067B4C5A} - (no file)
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\SYSTEM32\TUVVMDDW.DLL
BHO-{811C8115-CD20-401A-8D60-E3445D9BEEAD} - (no file)
BHO-{85F6B03D-3E7A-4ACC-AA83-2DEF22F9E4D1} - (no file)
BHO-{88CEE94D-47A9-4BA8-99C6-A47FFCF1AA77} - c:\windows\system32\qoMghhfg.dll
BHO-{8F974B81-3B41-456B-B467-C41C9EB3D8F5} - (no file)
BHO-{9936D1AA-B1A5-414B-90F3-771A5A27E8AF} - (no file)
BHO-{AAABF1A3-985F-43FC-9AA3-5B9A7DD1F352} - (no file)
BHO-{B8049597-DEBD-4F72-8118-98B22631B52B} - (no file)
BHO-{C2B8F0E2-FBA2-419A-874A-A48DD960286E} - (no file)
BHO-{CB56E674-59ED-47DF-BD7B-7F9298BCA233} - (no file)
BHO-{D19697A7-E2BC-4D7A-870B-FEF6FA3A9CFD} - (no file)
BHO-{D30B6195-821D-4689-822F-78B41516BD63} - (no file)
BHO-{debaa50f-3b7a-43fa-97f5-57cc56bc7350} - c:\windows\system32\jzyona.dll
BHO-{FC1D0D9D-E7C2-4EBE-82B7-6AF0BEE96E94} - (no file)
HKLM-Run-e0d817a0 - c:\windows\system32\ofqqjxyg.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\SYSTEM32\TUVVMDDW.DLL
Notify-tuvVMdDw - (no file)
MSConfigStartUp-{ebf082b7-e5ae-d092-3998-138b38735ee2} - c:\windows\system32\{483b8795-6ae4-8ed1-5b9a-89a09dffc228}.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com
mStart Page = file://c:/windows/homepage.html
FF - ProfilePath - c:\documents and settings\Keegan\Application Data\Mozilla\Firefox\Profiles\5ztk9iwd.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - plugin: c:\documents and settings\Keegan\Application Data\Mozilla\Firefox\Profiles\5ztk9iwd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 16:05:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dlcxcoms.exe
.
**************************************************************************
.
Completion time: 2009-01-28 16:08:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-28 21:08:54

Pre-Run: 15,273,988,096 bytes free
Post-Run: 15,339,794,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

412 --- E O F --- 2008-12-18 08:00:32

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:41 PM

Posted 28 January 2009 - 05:11 PM

Hello Blud,

Those bad torrent downloads will one day cost you your system !

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup
Then, Download ResetTeaTimer.bat.
Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

Then, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:File::
c:\windows\system32\lgtpyxyu.dll
c:\windows\system32\qoagjbmx.ini
c:\windows\system32\kkxthvkg.ini
c:\windows\system32\agjcvjcb.ini
c:\windows\system32\gigprfko.ini
c:\windows\system32\ibbnhqvb.ini
c:\windows\system32\fgtlfylp.ini
c:\windows\system32\jjkwfxfb.ini
c:\windows\system32\ihkehyij.ini
c:\windows\system32\rhxprvfu.ini
c:\windows\system32\rvcmvldi.ini
c:\windows\system32\wuiltdit.ini
c:\windows\system32\cdwoiueu.ini
c:\windows\system32\gyxjqqfo.ini
c:\windows\system32\ottyloco.ini
c:\windows\system32\yeytxusy.ini
c:\windows\system32\wphhlhfb.ini
c:\windows\system32\yhvnpwdi.ini
c:\windows\system32\lrhuuwks.ini
c:\windows\system32\tuimscjc.ini
c:\windows\system32\eknceoat.ini
c:\windows\system32\iptikxrc.ini
c:\windows\system32\ffkuz.dll
c:\windows\system32\xalqcaak.ini
c:\windows\system32\5D5P1X40.exe
AtJob::

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot :
please install a decent antivirus program. A free one like Avira Antivir will do nicely,
but just make sure it's fully updated, then run a full system scan and delete any malware that's still found.

When finished, run ComboFix again and post the contents of the Combofix log in your next reply.

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#6 blud

blud
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 28 January 2009 - 08:08 PM

I will definitely be laying off the torrent downloads. Everything seems good as of now. Thank you so much. The .dll error is gone on reboot. Heres' the latest combofix log--



ComboFix 09-01-21.04 - Keegan 2009-01-28 19:54:22.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.270 [GMT -5:00]
Running from: c:\documents and settings\Keegan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-27 18:13 . 2009-01-27 18:13 <DIR> d-------- c:\program files\Cobian Backup 8
2009-01-27 17:46 . 2009-01-27 17:46 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-25 11:55 . 2009-01-25 11:55 <DIR> d-------- c:\windows\system32\vmm32
2009-01-24 14:34 . 2009-01-24 14:46 <DIR> d-------- c:\program files\RegCure
2009-01-22 17:40 . 2009-01-22 17:40 <DIR> d-------- c:\documents and settings\Keegan\Application Data\Ashampoo
2009-01-22 17:33 . 2009-01-22 17:33 <DIR> d-------- c:\program files\Ashampoo
2009-01-22 17:33 . 2009-01-22 17:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-01-17 19:52 . 2009-01-28 15:38 49 --a------ c:\windows\NeroDigital.ini
2009-01-17 19:40 . 2009-01-22 16:56 28 --a------ c:\windows\ZC DVD Creator Platinum.INI
2009-01-15 22:57 . 2009-01-15 22:57 81 --a------ c:\windows\SuperUtil.ini
2009-01-15 22:50 . 2009-01-15 22:50 269,824 --a------ c:\windows\system32\baksm.dll
2009-01-13 17:40 . 2009-01-13 17:40 <DIR> d-------- c:\program files\SuperLogix
2009-01-13 17:40 . 2009-01-12 08:19 1,485,312 --a------ c:\windows\system32\vbsbak.dat
2009-01-13 17:40 . 2008-08-07 23:13 1,473,536 --a------ c:\windows\system32\context.dll
2009-01-13 17:40 . 2009-01-15 22:50 269,824 --a------ c:\windows\system32\baksm.dat
2009-01-13 17:40 . 2008-12-17 22:09 261,120 --a------ c:\windows\system32\supermenuhook.dll
2009-01-13 17:40 . 2003-10-11 10:24 89,088 --a------ c:\windows\system32\Shreder.dll
2009-01-13 17:40 . 2003-09-06 22:32 73,728 --a------ c:\windows\system32\smh.dat
2009-01-13 17:40 . 2007-03-11 21:39 44,000 --a------ c:\windows\system32\drivers\AFPUni.sys
2009-01-13 17:40 . 2007-03-11 21:39 43,936 --a------ c:\windows\system32\drivers\AFPAnsi.sys
2009-01-13 17:40 . 2008-02-24 16:17 11,264 --a------ c:\windows\system32\drivers\supermounter.sys
2009-01-13 17:40 . 2003-10-16 22:56 6,144 --a------ c:\windows\system32\SuperRes.dll
2009-01-13 17:28 . 2009-01-13 17:28 38 --a------ c:\documents and settings\Keegan\Application Data\svighost.dll
2009-01-13 17:26 . 2009-01-27 17:26 <DIR> d-------- c:\program files\AutorunRemover
2009-01-13 16:45 . 2009-01-13 16:45 <DIR> d-------- c:\program files\Photo Impact 6.0
2009-01-13 16:44 . 2009-01-13 16:44 <DIR> d-------- c:\program files\RegSeeker
2009-01-13 16:42 . 2009-01-13 16:43 <DIR> d-------- c:\program files\Nero 7.5.9.0 Ultra
2009-01-12 18:32 . 2009-01-12 18:32 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-11 18:18 . 2009-01-11 18:23 3,802,169,344 --a------ C:\NEW.ISO
2009-01-10 17:05 . 2009-01-10 17:05 <DIR> d-------- c:\program files\Nero
2009-01-10 17:05 . 2009-01-10 17:07 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-10 17:05 . 2009-01-10 17:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-06 16:37 . 2009-01-06 18:05 <DIR> d-------- c:\documents and settings\Keegan\Application Data\ImgBurn
2009-01-06 16:10 . 2009-01-06 16:11 <DIR> d-------- c:\program files\ImgBurn
2009-01-06 15:20 . 2009-01-06 15:20 <DIR> d-------- C:\videodvdmaker
2009-01-06 15:20 . 2009-01-06 15:20 <DIR> d-------- c:\documents and settings\Keegan\Application Data\Video DVD Maker FREE
2009-01-02 16:11 . 2009-01-02 16:11 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-02 16:08 . 2009-01-02 16:08 <DIR> d-------- c:\program files\Apple Software Update
2009-01-02 16:08 . 2009-01-02 16:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 00:53 --------- d-----w c:\program files\dl_cats
2009-01-27 22:46 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-27 22:46 --------- d-----w c:\documents and settings\Keegan\Application Data\SUPERAntiSpyware.com
2009-01-24 19:32 --------- d-----w c:\documents and settings\Keegan\Application Data\uTorrent
2009-01-18 00:48 3,350 -csha-w c:\windows\system32\KGyGaAvL.sys
2009-01-10 22:08 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2009-01-10 01:36 --------- d-----w c:\program files\uTorrent
2009-01-08 03:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-08 03:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-08 03:02 --------- d-----w c:\program files\Ahead
2009-01-06 23:25 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 23:25 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-02 21:14 --------- d-----w c:\program files\QuickTime Alternative
2009-01-02 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
.

((((((((((((((((((((((((((((( snapshot@2009-01-28_16.07.51.59 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-03 2356088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-06-07 106496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2008-09-06 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2005-08-31 10:06 106496 c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 09:44 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 09:44 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2006-03-20 16:00 282624 c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Keegan\\Desktop\\utorrent.exe"=

R0 AFPAnsi;Alfa File Protector Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2009-01-13 43936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R1 SuperMounter;SuperMounter;c:\windows\system32\drivers\supermounter.sys [2009-01-13 11264]
R3 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S1 pschedd;pschedd;c:\windows\system32\drivers\pschedd.sys --> c:\windows\system32\drivers\pschedd.sys [?]
S3 Philipscam1;Philips 645 Digital Camera; Video;c:\windows\system32\drivers\philcam1.sys [2008-10-12 75776]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]

2009-01-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 09:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com
mStart Page = file://c:/windows/homepage.html
FF - ProfilePath - c:\documents and settings\Keegan\Application Data\Mozilla\Firefox\Profiles\5ztk9iwd.default\
FF - prefs.js: browser.startup.homepage - hxxp://msn.com/
FF - plugin: c:\documents and settings\Keegan\Application Data\Mozilla\Firefox\Profiles\5ztk9iwd.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 19:56:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-01-28 19:57:51
ComboFix-quarantined-files.txt 2009-01-29 00:57:49
ComboFix2.txt 2009-01-29 00:52:14
ComboFix3.txt 2009-01-28 21:08:58

Pre-Run: 15,309,914,112 bytes free
Post-Run: 15,297,560,576 bytes free

163 --- E O F --- 2008-12-18 08:00:32

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:41 PM

Posted 29 January 2009 - 06:08 AM

Hello Blud,

I still don't see an active antivirus program. :thumbup2:

Your log looks good for now however. :)

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

No more issues ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users