Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Divo Codex HJT log

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Divo Codex HJT log

Reply to Message Icon

Name: AlwaysWillingToLearn
Date: February 22, 2008 at 01:28:35 Pacific
OS: Vista
CPU/Ram: 2
Product: none
Comment:

Hi can someone please request my HJT log, my brother installed a Divo Codex on his computer after seeing it advertised on a site, since then he has been having trouble with popups and a slow pc. i have run spybot, lavasoft adaware, SUPERAntispyware and ATF cleaner. I have a hi jack this log that i would like to post if someone could please request it.

Thanks,



Sponsored Link
Ads by Google

Response Number 1
Name: jabuck
Date: February 22, 2008 at 10:17:03 Pacific
Reply:

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:


Download the "HijackThis" Installer from this link:
Hijack This


1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.


0

Response Number 2
Name: AlwaysWillingToLearn
Date: February 23, 2008 at 10:21:52 Pacific
Reply:

Hi jaBuck, thank you for your help and advice, i followed your instructions and here are the two logs that were produced.

HJT

*******
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:36, on 21/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\victor\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.co.uk/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.Google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NavRegReminder] "C:\Windows\temp\NavBrowser.exe" /r /i "C:\Windows\temp\NavLoad.ini"
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
O4 - HKCU\..\Run: [logo flap] "C:\ProgramData\first hole hole.0rfv7l"
O4 - HKCU\..\Run: [Itch ford four knob] "C:\ProgramData\TWO CAST THUNK.mtryhb"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9999 bytes
*******

ComboFix

*******
ComboFix 08-02-22.3 - victor 2008-02-23 17:50:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1163 [GMT 0:00]
Running from: C:\Users\victor\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Starware386
C:\ProgramData\Starware386\buttons\1154_button_1b_def.bmp
C:\ProgramData\Starware386\buttons\1154_button_1b_over.bmp
C:\ProgramData\Starware386\buttons\1154_button_8b_def.bmp
C:\ProgramData\Starware386\buttons\1154_button_8b_over.bmp
C:\ProgramData\Starware386\buttons\Button_50.bmp_new
C:\ProgramData\Starware386\buttons\Button_60.bmp_new
C:\ProgramData\Starware386\buttons\Button_70.bmp_new
C:\ProgramData\Starware386\buttons\FindIt.bmp
C:\ProgramData\Starware386\buttons\FindItHot.bmp
C:\ProgramData\Starware386\buttons\findithotxp.png
C:\ProgramData\Starware386\buttons\finditxp.png
C:\ProgramData\Starware386\buttons\logo.bmp
C:\ProgramData\Starware386\buttons\logoxp.bmp
C:\ProgramData\Starware386\buttons\Reference.bmp
C:\ProgramData\Starware386\buttons\ReferenceHot.bmp
C:\ProgramData\Starware386\buttons\referencehotxp.png
C:\ProgramData\Starware386\buttons\referencexp.png
C:\ProgramData\Starware386\buttons\Weather.bmp
C:\ProgramData\Starware386\buttons\WeatherHot.bmp
C:\ProgramData\Starware386\buttons\weatherhotxp.png
C:\ProgramData\Starware386\buttons\weatherxp.png
C:\ProgramData\Starware386\contexts\error.xml
C:\ProgramData\Starware386\contexts\related.xml
C:\ProgramData\Starware386\contexts\travel.xml
C:\ProgramData\Starware386\images\cloudy.bmp
C:\ProgramData\Starware386\images\walertXP.bmp
C:\Users\victor\AppData\Roaming\macromedia\Flash Player\#SharedObjects\LSWXEABA\iforex.com
C:\Users\victor\AppData\Roaming\macromedia\Flash Player\#SharedObjects\LSWXEABA\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Users\victor\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Users\victor\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Windows\hosts

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-23 17:22 . 2008-02-23 17:22 <DIR> d-------- C:\VundoFix Backups
2008-02-22 20:51 . 2008-02-22 21:37 5,806 --a------ C:\Windows\System32\SDRemoveDB.db
2008-02-22 20:50 . 2008-02-23 11:59 <DIR> d-------- C:\Program Files\SpywareDetector
2008-02-22 20:50 . 2007-03-19 12:39 270,336 --a------ C:\Windows\System32\CheckDll.dll
2008-02-22 20:50 . 2008-01-25 18:58 67,024 --a------ C:\Windows\System32\CloseAll.exe
2008-02-22 20:50 . 2008-01-30 11:03 6,144 --a------ C:\Windows\System32\SDEarlyDelete.exe
2008-02-22 20:50 . 2005-02-06 09:02 104 --a------ C:\Windows\System32\ProxySettings.ini
2008-02-22 20:50 . 2008-02-23 17:19 63 --a------ C:\Windows\system\SysSD.dll
2008-02-22 20:48 . 2008-02-22 20:48 9,642,080 --a------ C:\Users\victor\spywaredetector.exe
2008-02-21 22:56 . 2008-02-21 22:56 5,914,648 --a------ C:\Users\victor\SUPERAntiSpyware.exe
2008-02-21 21:10 . 2008-02-21 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 19:23 . 2008-02-21 19:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-21 19:23 . 2008-02-21 19:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-21 19:23 . 2008-02-21 19:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\Users\victor\AppData\Roaming\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 23:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 19:20 . 2008-02-21 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 19:17 . 2008-02-21 19:37 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-21 19:17 . 2008-02-21 19:37 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-21 19:17 . 2008-02-21 19:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Users\victor\AppData\Roaming\Yahoo!
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-18 23:19 . 2008-02-21 21:00 <DIR> d-------- C:\Users\All Users\Vga Coal Bore
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\Users\All Users\third lies itch ford
2008-02-18 23:19 . 2008-02-21 21:00 <DIR> d-------- C:\ProgramData\Vga Coal Bore
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\ProgramData\third lies itch ford
2008-02-16 00:05 . 2008-02-16 00:05 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 19:26 . 2008-02-14 19:26 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 19:26 . 2008-02-14 19:26 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 19:23 . 2008-02-14 19:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 19:23 . 2008-02-14 19:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 19:23 . 2008-02-14 19:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 19:22 . 2008-02-14 19:22 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 19:22 . 2008-02-14 19:22 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 19:22 . 2008-02-14 19:22 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 19:22 . 2008-02-14 19:22 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 19:22 . 2008-02-14 19:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 19:22 . 2008-02-14 19:22 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 19:22 . 2008-02-14 19:22 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 19:20 . 2008-02-14 19:20 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-14 19:20 . 2008-02-14 19:20 824,832 --a------ C:\Windows\System32\wininet.dll
2008-01-29 20:21 . 2008-02-22 21:37 <DIR> d-------- C:\Program Files\PDF Password Cracker v3.0
2008-01-27 12:07 . 2008-01-27 20:20 <DIR> d-------- C:\Users\All Users\Dell
2008-01-27 12:07 . 2008-01-27 20:20 <DIR> d-------- C:\ProgramData\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 17:34 --------- d-----w C:\Program Files\Dl_cats
2008-02-23 17:11 --------- d-----w C:\Users\victor\AppData\Roaming\uTorrent
2008-02-23 11:59 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-21 19:42 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-02-21 19:42 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2008-02-21 19:42 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-18 23:28 --------- d-----w C:\ProgramData\Avg7
2008-02-18 23:25 --------- d-----w C:\Program Files\DivX
2008-02-14 19:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 19:22 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 19:22 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 19:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 19:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 19:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 19:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-03 17:44 --------- d-----w C:\ProgramData\Roxio
2008-01-21 23:37 --------- d-----w C:\Program Files\VanDyke Software
2008-01-12 23:20 --------- d-----w C:\Users\victor\AppData\Roaming\Corel
2008-01-09 20:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 20:06 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 19:57 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 19:57 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 19:57 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-07 19:58 5,723,053 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-12-26 21:02 --------- d-----w C:\Program Files\LimeWire
2007-12-12 13:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 13:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 13:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-09-21 20:31 2,988,032 ----a-w C:\Windows\Internet Logs\xDB756D.tmp
2007-09-01 11:40 174 --sha-w C:\Program Files\desktop.ini
2007-08-23 21:41 1,830,960 ----a-w C:\Users\victor\GoogleDesktopSetup.exe
2007-07-21 18:44 134 ----a-w C:\Users\victor\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:57 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"Windows Media Center"="C:\Windows\ehome\ehuihlp.dll" [2008-02-16 00:05 1498112]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-04 18:21 171448]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-21 18:06 77824]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 05:16 303104 C:\Windows\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 11:39 151552]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 16:12 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 21:13 17920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 10:52 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-04 04:24 960240]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 09:45 222208]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 16:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 22:04 304008]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 05:31 106496]
"SD_Tips"="iexplore http://www.spywaredetector.net/tips... []
"SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2008-01-28 12:48 706000]
"SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2008-02-01 18:31 423376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2002-03-25 18:51 57104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 20:18 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-04-21 18:09:46 45056]
E_SPSU01.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.exe [2007-04-28 09:45:12 52736]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-20 19:59 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-01-28 11:30 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^victor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-11-12 01:19 446976 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-11-03 22:09 312200 C:\Program Files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-23 21:41 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\PROGRA~1\MSNMES~1\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-04 18:21 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2006-12-12 17:08 3577512 C:\Program Files\TomTom HOME\TomTomHOME.exe

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 19:05]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 21:48]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 00:39]
R3 AVMNgBasM779;AVerMedia M779 Base Driver;C:\Windows\system32\DRIVERS\AVerBas.sys [2006-12-01 00:14]
R3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;C:\Windows\system32\DRIVERS\AVerCap.sys [2006-12-01 00:14]
R3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;C:\Windows\system32\DRIVERS\AVerTun.sys [2006-12-01 00:14]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-10-25 04:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82ce2ca3-1854-11dc-b53a-0019d148458b}]
\shell\AutoRun\command - L:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 22:00:21 C:\Windows\Tasks\User_Feed_Synchronization-{57258334-AE86-4E9C-9582-A341129380A2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 17:51:34
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 17:52:10
ComboFix-quarantined-files.txt 2008-02-23 17:52:09
.
2008-02-22 19:49:59 --- E O F ---

*******


Thanks,


0

Response Number 3
Name: jabuck
Date: February 23, 2008 at 11:38:20 Pacific
Reply:

See if this tool will run on Vista.

Download Deljob.exe from the following link and save it on your desktop.

http://home.hetnet.nl/~stefsmeenk/deljob.exe


Doubleclick Deljob.exe.
A log, (logit.txt) should open afterwards. This log will be present on your desktop. Post the that log in your next post please.


0

Response Number 4
Name: AlwaysWillingToLearn
Date: February 23, 2008 at 13:33:51 Pacific
Reply:

Hey JaBuck, it seemed to ok on Vista, here is the log


No LOP job-files found

Files in Windows Tasks folder

User_Feed_Synchronization-{57258334-AE86-4E9C-9582-A341129380A2}.job

Export App Data folders

Volume in drive C is OS
Volume Serial Number is 9484-2B14

Directory of C:\ProgramData

20/06/2007 19:43 <DIR> Adobe
18/02/2008 23:28 <DIR> Avg7
20/08/2007 20:02 <DIR> CHECKP~1 CheckPoint
22/12/2007 12:33 <DIR> Coolroom
21/04/2007 18:11 <DIR> Corel
27/01/2008 20:20 <DIR> Dell
09/10/2007 22:04 <DIR> DELLFA~1 DellFaxCtr
18/02/2008 23:19 315,408 FIRSTH~1.0RF first hole hole.0rfv7l
18/02/2008 23:19 225,296 FIRSTH~1.V2V first hole hole.v2vey1
21/04/2007 18:18 <DIR> Google
20/08/2007 19:59 <DIR> Grisoft
21/04/2007 18:16 <DIR> Gtek
21/04/2007 18:13 <DIR> INSTAL~1 InstallShield
21/02/2008 19:49 <DIR> Lavasoft
12/06/2007 19:30 <DIR> McAfee
29/10/2007 10:33 <DIR> MICROS~2 Microsoft Help
23/02/2008 18:02 <DIR> Raxco
03/02/2008 17:44 <DIR> Roxio
17/05/2007 21:16 <DIR> SlySoft
21/04/2007 18:16 <DIR> Sonic
21/02/2008 19:37 <DIR> SPYBOT~1 Spybot - Search & Destroy
21/02/2008 19:21 <DIR> SUPERA~1.COM SUPERAntiSpyware.com
18/02/2008 23:19 <DIR> THIRDL~1 third lies itch ford
18/02/2008 23:19 106,512 TWOCAS~1.MTR TWO CAST THUNK.mtryhb
30/09/2007 17:07 <DIR> VanDyke
21/02/2008 21:00 <DIR> VGACOA~1 Vga Coal Bore
18/02/2008 23:25 <DIR> YAHOO!~1 Yahoo! Companion
3 File(s) 647,216 bytes
24 Dir(s) 62,747,697,152 bytes free

All User Accounts

Public
victor

Thanks,


0

Response Number 5
Name: AlwaysWillingToLearn
Date: February 23, 2008 at 13:45:32 Pacific
Reply:

uh oh after running these programs i restarted the computer and now im getting a message saying, your system could not start attempting repair, any ideas why?

its taking a while so im not sure if the repair will be successful.


0

Related Posts

See More



Response Number 6
Name: jabuck
Date: February 23, 2008 at 14:43:25 Pacific
Reply:

Probably not. Post a ne Hijack This log ans a new Combofix log. We will try to manually remove lop.


0

Response Number 7
Name: AlwaysWillingToLearn
Date: February 23, 2008 at 14:46:30 Pacific
Reply:

just an update, whatever the problem was it seems to have repaired itself and windows loaded up. So everything is fine now. ive posted the log above,

i did a google search on "third lies itch ford" is this some sort of trojan?

Thanks,


0

Response Number 8
Name: jabuck
Date: February 23, 2008 at 14:59:41 Pacific
Reply:

Yes it is "lop" a real baddie. We need the requested logs to see if it was removed.


0

Response Number 9
Name: AlwaysWillingToLearn
Date: February 24, 2008 at 06:21:13 Pacific
Reply:

Hey JaBuck thanks a lot for all this help, seems that lop still exists on his pc, third lies itch ford is still present on the new combfix log, any ideas how to remove this please?

thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:12, on 24/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\victor\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.Google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnl...
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9372 bytes


ComboFix 08-02-22.3 - victor 2008-02-24 14:14:09.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1162 [GMT 0:00]
Running from: M:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-23 18:15 . 2008-02-23 21:30 800 --a------ C:\Windows\System32\PDBootState
2008-02-23 18:05 . 2008-02-23 18:05 <DIR> d-------- C:\Program Files\CCleaner
2008-02-23 18:03 . 2008-02-23 18:03 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-02-23 18:03 . 2008-01-09 22:00 68,624 -ra------ C:\Windows\System32\drivers\DefragFS.sys
2008-02-23 18:02 . 2008-02-23 18:02 <DIR> d-------- C:\Users\All Users\Raxco
2008-02-23 18:02 . 2008-02-23 18:02 <DIR> d-------- C:\ProgramData\Raxco
2008-02-23 18:02 . 2008-02-23 18:02 <DIR> d-------- C:\Program Files\Raxco
2008-02-23 17:22 . 2008-02-23 17:22 <DIR> d-------- C:\VundoFix Backups
2008-02-22 20:51 . 2008-02-22 21:37 5,806 --a------ C:\Windows\System32\SDRemoveDB.db
2008-02-22 20:50 . 2008-02-24 10:03 <DIR> d-------- C:\Program Files\SpywareDetector
2008-02-22 20:50 . 2007-03-19 12:39 270,336 --a------ C:\Windows\System32\CheckDll.dll
2008-02-22 20:50 . 2008-01-25 18:58 67,024 --a------ C:\Windows\System32\CloseAll.exe
2008-02-22 20:50 . 2008-01-30 11:03 6,144 --a------ C:\Windows\System32\SDEarlyDelete.exe
2008-02-22 20:50 . 2005-02-06 09:02 104 --a------ C:\Windows\System32\ProxySettings.ini
2008-02-22 20:50 . 2008-02-23 17:19 63 --a------ C:\Windows\system\SysSD.dll
2008-02-22 20:48 . 2008-02-22 20:48 9,642,080 --a------ C:\Users\victor\spywaredetector.exe
2008-02-21 22:56 . 2008-02-21 22:56 5,914,648 --a------ C:\Users\victor\SUPERAntiSpyware.exe
2008-02-21 21:10 . 2008-02-21 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 19:23 . 2008-02-21 19:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-21 19:23 . 2008-02-21 19:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-21 19:23 . 2008-02-21 19:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\Users\victor\AppData\Roaming\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 23:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 19:20 . 2008-02-21 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 19:17 . 2008-02-21 19:37 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-21 19:17 . 2008-02-21 19:37 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-21 19:17 . 2008-02-21 19:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Users\victor\AppData\Roaming\Yahoo!
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-18 23:19 . 2008-02-21 21:00 <DIR> d-------- C:\Users\All Users\Vga Coal Bore
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\Users\All Users\third lies itch ford
2008-02-18 23:19 . 2008-02-21 21:00 <DIR> d-------- C:\ProgramData\Vga Coal Bore
2008-02-18 23:19 . 2008-02-18 23:19 <DIR> d-------- C:\ProgramData\third lies itch ford
2008-02-16 00:05 . 2008-02-16 00:05 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 19:26 . 2008-02-14 19:26 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 19:26 . 2008-02-14 19:26 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 19:23 . 2008-02-14 19:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 19:23 . 2008-02-14 19:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 19:23 . 2008-02-14 19:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 19:22 . 2008-02-14 19:22 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 19:22 . 2008-02-14 19:22 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 19:22 . 2008-02-14 19:22 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 19:22 . 2008-02-14 19:22 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 19:22 . 2008-02-14 19:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 19:22 . 2008-02-14 19:22 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 19:22 . 2008-02-14 19:22 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 19:20 . 2008-02-14 19:20 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-14 19:20 . 2008-02-14 19:20 824,832 --a------ C:\Windows\System32\wininet.dll
2008-01-29 20:21 . 2008-02-22 21:37 <DIR> d-------- C:\Program Files\PDF Password Cracker v3.0
2008-01-27 12:07 . 2008-01-27 20:20 <DIR> d-------- C:\Users\All Users\Dell
2008-01-27 12:07 . 2008-01-27 20:20 <DIR> d-------- C:\ProgramData\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 14:10 --------- d-----w C:\Users\victor\AppData\Roaming\uTorrent
2008-02-24 10:03 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-23 21:48 --------- d-----w C:\Program Files\Dl_cats
2008-02-21 19:42 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-02-21 19:42 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2008-02-21 19:42 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-18 23:28 --------- d-----w C:\ProgramData\Avg7
2008-02-18 23:25 --------- d-----w C:\Program Files\DivX
2008-02-14 19:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 19:22 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 19:22 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 19:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 19:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 19:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 19:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-03 17:44 --------- d-----w C:\ProgramData\Roxio
2008-01-21 23:37 --------- d-----w C:\Program Files\VanDyke Software
2008-01-16 10:52 228,104 ----a-w C:\Windows\System32\PDBoot.exe
2008-01-12 23:20 --------- d-----w C:\Users\victor\AppData\Roaming\Corel
2008-01-09 20:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 20:06 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 19:57 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 19:57 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 19:57 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-07 19:58 5,723,053 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-12-26 21:02 --------- d-----w C:\Program Files\LimeWire
2007-12-12 13:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 13:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 13:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-09-21 20:31 2,988,032 ----a-w C:\Windows\Internet Logs\xDB756D.tmp
2007-09-01 11:40 174 --sha-w C:\Program Files\desktop.ini
2007-08-23 21:41 1,830,960 ----a-w C:\Users\victor\GoogleDesktopSetup.exe
2007-07-21 18:44 134 ----a-w C:\Users\victor\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-04 18:21 171448]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-21 18:06 77824]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 05:16 303104 C:\Windows\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 11:39 151552]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 16:12 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 21:13 17920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 10:52 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-04 04:24 960240]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 09:45 222208]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 16:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 22:04 304008]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 05:31 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2002-03-25 18:51 57104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 20:18 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-04-21 18:09:46 45056]
E_SPSU01.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.exe [2007-04-28 09:45:12 52736]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-20 19:59 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-01-28 11:30 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^victor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-11-12 01:19 446976 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-11-03 22:09 312200 C:\Program Files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-23 21:41 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate]
--a------ 2008-02-01 18:31 423376 C:\Program Files\SpywareDetector\LiveUpdateSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SD_Tips]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-09 19:57 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-04 18:21 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTraySD]
--a------ 2008-01-28 12:48 706000 C:\Program Files\SpywareDetector\SDSystemTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2006-12-12 17:08 3577512 C:\Program Files\TomTom HOME\TomTomHOME.exe

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 19:05]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 21:48]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-01-16 10:52]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 00:39]
R3 AVMNgBasM779;AVerMedia M779 Base Driver;C:\Windows\system32\DRIVERS\AVerBas.sys [2006-12-01 00:14]
R3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;C:\Windows\system32\DRIVERS\AVerCap.sys [2006-12-01 00:14]
R3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;C:\Windows\system32\DRIVERS\AVerTun.sys [2006-12-01 00:14]
R3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-01-16 10:52]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-10-25 04:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82ce2ca3-1854-11dc-b53a-0019d148458b}]
\shell\AutoRun\command - L:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 10:55:28 C:\Windows\Tasks\User_Feed_Synchronization-{57258334-AE86-4E9C-9582-A341129380A2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 14:15:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Windows\system32\DLAAPI_W.DLL
.
Completion time: 2008-02-24 14:16:06
ComboFix-quarantined-files.txt 2008-02-24 14:16:03
ComboFix2.txt 2008-02-23 17:52:11
.
2008-02-22 19:49:59 --- E O F ---


0

Response Number 10
Name: jabuck
Date: February 24, 2008 at 08:07:14 Pacific
Reply:

Make sure Spybot's Teatimer is turned off

Open Notepad and copy/paste everything between the X"s into it and make sure "Folder::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\Users\All Users\Vga Coal Bore
C:\Users\All Users\third lies itch ford
C:\ProgramData\Vga Coal Bore
C:\ProgramData\third lies itch ford

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.


0

Response Number 11
Name: AlwaysWillingToLearn
Date: February 24, 2008 at 10:14:25 Pacific
Reply:

Hey that seemed to have done the trick, you have removed this from his pc from the looks of it, i made sure that teatimer was off before i attempted this. Heres the new combofix log,

JaBuck thanks alot for your help here you've been extremely helpful, thankfully his computer seems to be much more responsive now.

Thanks,

ComboFix 08-02-22.3 - victor 2008-02-24 18:04:18.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1074 [GMT 0:00]
Running from: C:\Users\victor\Desktop\ComboFix.exe
Command switches used :: C:\Users\victor\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\third lies itch ford
C:\ProgramData\third lies itch ford\Blue Inter.exe
C:\ProgramData\Vga Coal Bore
C:\ProgramData\Vga Coal Bore\qteujtkq.exe
C:\Users\All Users\third lies itch ford\Blue Inter.exe
C:\Users\All Users\Vga Coal Bore\qteujtkq.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-23 18:15 . 2008-02-23 21:30 800 --a------ C:\Windows\System32\PDBootState
2008-02-23 18:05 . 2008-02-23 18:05 <DIR> d-------- C:\Program Files\CCleaner
2008-02-23 18:03 . 2008-02-23 18:03 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-02-23 18:03 . 2008-01-09 22:00 68,624 -ra------ C:\Windows\System32\drivers\DefragFS.sys
2008-02-23 18:02 . 2008-02-23 18:02 <DIR> d-------- C:\Users\All Users\Raxco
2008-02-23 18:02 . 2008-02-23 18:02 <DIR> d-------- C:\ProgramData\Raxco
2008-02-23 18:02 . 2008-02-23 18:02 <DIR> d-------- C:\Program Files\Raxco
2008-02-23 17:22 . 2008-02-23 17:22 <DIR> d-------- C:\VundoFix Backups
2008-02-22 20:51 . 2008-02-22 21:37 5,806 --a------ C:\Windows\System32\SDRemoveDB.db
2008-02-22 20:50 . 2008-02-24 10:03 <DIR> d-------- C:\Program Files\SpywareDetector
2008-02-22 20:50 . 2007-03-19 12:39 270,336 --a------ C:\Windows\System32\CheckDll.dll
2008-02-22 20:50 . 2008-01-25 18:58 67,024 --a------ C:\Windows\System32\CloseAll.exe
2008-02-22 20:50 . 2008-01-30 11:03 6,144 --a------ C:\Windows\System32\SDEarlyDelete.exe
2008-02-22 20:50 . 2005-02-06 09:02 104 --a------ C:\Windows\System32\ProxySettings.ini
2008-02-22 20:50 . 2008-02-23 17:19 63 --a------ C:\Windows\system\SysSD.dll
2008-02-22 20:48 . 2008-02-22 20:48 9,642,080 --a------ C:\Users\victor\spywaredetector.exe
2008-02-21 22:56 . 2008-02-21 22:56 5,914,648 --a------ C:\Users\victor\SUPERAntiSpyware.exe
2008-02-21 21:10 . 2008-02-21 21:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 19:23 . 2008-02-21 19:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-21 19:23 . 2008-02-21 19:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-21 19:23 . 2008-02-21 19:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\Users\victor\AppData\Roaming\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 19:21 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-21 19:21 . 2008-02-21 23:01 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 19:20 . 2008-02-21 19:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 19:17 . 2008-02-21 19:37 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-21 19:17 . 2008-02-21 19:37 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-21 19:17 . 2008-02-21 19:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Users\victor\AppData\Roaming\Yahoo!
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-18 23:25 . 2008-02-18 23:25 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-16 00:05 . 2008-02-16 00:05 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-14 19:26 . 2008-02-14 19:26 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-14 19:26 . 2008-02-14 19:26 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 19:23 . 2008-02-14 19:23 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 19:23 . 2008-02-14 19:23 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-14 19:23 . 2008-02-14 19:23 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-14 19:22 . 2008-02-14 19:22 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 19:22 . 2008-02-14 19:22 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 19:22 . 2008-02-14 19:22 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-14 19:22 . 2008-02-14 19:22 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-14 19:22 . 2008-02-14 19:22 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-14 19:22 . 2008-02-14 19:22 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-14 19:22 . 2008-02-14 19:22 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-14 19:20 . 2008-02-14 19:20 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-14 19:20 . 2008-02-14 19:20 824,832 --a------ C:\Windows\System32\wininet.dll
2008-01-29 20:21 . 2008-02-22 21:37 <DIR> d-------- C:\Program Files\PDF Password Cracker v3.0
2008-01-27 12:07 . 2008-01-27 20:20 <DIR> d-------- C:\Users\All Users\Dell
2008-01-27 12:07 . 2008-01-27 20:20 <DIR> d-------- C:\ProgramData\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 15:59 --------- d-----w C:\Users\victor\AppData\Roaming\uTorrent
2008-02-24 10:03 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-23 21:48 --------- d-----w C:\Program Files\Dl_cats
2008-02-21 19:42 9,344 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-02-21 19:42 8,320 ----a-w C:\Windows\system32\drivers\AWRTRD.sys
2008-02-21 19:42 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-02-18 23:28 --------- d-----w C:\ProgramData\Avg7
2008-02-18 23:25 --------- d-----w C:\Program Files\DivX
2008-02-14 19:22 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 19:22 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 19:22 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 19:22 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 19:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 19:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 19:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-03 17:44 --------- d-----w C:\ProgramData\Roxio
2008-01-21 23:37 --------- d-----w C:\Program Files\VanDyke Software
2008-01-16 10:52 228,104 ----a-w C:\Windows\System32\PDBoot.exe
2008-01-12 23:20 --------- d-----w C:\Users\victor\AppData\Roaming\Corel
2008-01-09 20:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 20:06 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 19:57 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 19:57 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 19:57 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-07 19:58 5,723,053 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-12-26 21:02 --------- d-----w C:\Program Files\LimeWire
2007-12-12 13:01 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 13:00 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 13:00 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-11 22:34 129,784 ------w C:\Windows\System32\PxAFS.DLL
2007-09-21 20:31 2,988,032 ----a-w C:\Windows\Internet Logs\xDB756D.tmp
2007-09-01 11:40 174 --sha-w C:\Program Files\desktop.ini
2007-08-23 21:41 1,830,960 ----a-w C:\Users\victor\GoogleDesktopSetup.exe
2007-07-21 18:44 134 ----a-w C:\Users\victor\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 12:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-04 18:21 171448]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-21 18:06 77824]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 05:16 303104 C:\Windows\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 11:39 151552]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 16:12 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 21:13 17920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35 221184]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 10:52 579072]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-04 04:24 960240]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 09:45 222208]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 16:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 22:04 304008]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 05:31 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2002-03-25 18:51 57104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 20:18 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-04-21 18:09:46 45056]
E_SPSU01.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.exe [2007-04-28 09:45:12 52736]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-08-20 19:59 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-01-28 11:30 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\Windows\pss\Acrobat Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^victor^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Users\victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-11-12 01:19 446976 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2006-11-03 22:09 312200 C:\Program Files\Dell PC Fax\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-23 21:41 1831936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate]
--a------ 2008-02-01 18:31 423376 C:\Program Files\SpywareDetector\LiveUpdateSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SD_Tips]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-09 19:57 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-12-04 18:21 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTraySD]
--a------ 2008-01-28 12:48 706000 C:\Program Files\SpywareDetector\SDSystemTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2006-12-12 17:08 3577512 C:\Program Files\TomTom HOME\TomTomHOME.exe

R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 19:05]
R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe [2006-10-11 21:48]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-01-16 10:52]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 00:39]
R3 AVMNgBasM779;AVerMedia M779 Base Driver;C:\Windows\system32\DRIVERS\AVerBas.sys [2006-12-01 00:14]
R3 AVMNgCapM779;AVerMedia M779 Audio/Video Capture Driver;C:\Windows\system32\DRIVERS\AVerCap.sys [2006-12-01 00:14]
R3 AVMNgTunM779;AVerMedia M779 TVTuner Driver;C:\Windows\system32\DRIVERS\AVerTun.sys [2006-12-01 00:14]
R3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-01-16 10:52]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-10-25 04:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82ce2ca3-1854-11dc-b53a-0019d148458b}]
\shell\AutoRun\command - L:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 10:55:28 C:\Windows\Tasks\User_Feed_Synchronization-{57258334-AE86-4E9C-9582-A341129380A2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 18:05:30
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 18:06:03
ComboFix-quarantined-files.txt 2008-02-24 18:06:02
ComboFix2.txt 2008-02-24 14:16:06
ComboFix3.txt 2008-02-23 17:52:11
.
2008-02-22 19:49:59 --- E O F ---


0

Response Number 12
Name: jabuck
Date: February 24, 2008 at 15:45:15 Pacific
Reply:

Glad we could help.


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Divo Codex HJT log
HJT Log Help www.computing.net/answers/security/hjt-log-help/21026.html

Antispyware Apps/HJT Logs www.computing.net/answers/security/antispyware-appshjt-logs/9008.html

Need help with this (HJT log). www.computing.net/answers/security/need-help-with-this-hjt-log/12929.html