THE VIRUS THAT WONT DIE!

[moodyinga]

I read the logs on this topic and have done quite a few of the steps that have been recommended to others with this virus. I STILL HAVE IT! Below is my hijackthis log, and my combofix log, too.

Please help me!

moodyinga

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:08:06 PM, on 11/29/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\Dell Photo AIO Printer 926\memcard.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\Logi_MwX.Exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.mcafee.com

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe

O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10321 bytes

ComboFix log:

ComboFix 08-11-29.03 - Wendy Moody 2008-11-29 16:30:53.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.433 [GMT -5:00]

Running from: c:\documents and settings\Wendy Moody\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Wendy Moody\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Wendy Moody\Favorites\Games.url

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\system32\ijubahoj.ini

c:\windows\system32\johabuji.dll

c:\windows\system32\open.ico

c:\windows\system32\uvimozur.ini

c:\windows\system32\zebilemo.dll

c:\windows\system32\zipetepi.dll

c:\documents and settings\Wendy Moody\Cookies\?????????????????????????? . . . . failed to delete

.

((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))

.

2008-11-28 23:07 . 2008-11-28 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\GameHouse

2008-11-28 22:35 . 2008-11-28 22:35 <DIR> d-------- C:\users

2008-11-28 22:34 . 2008-11-28 23:05 <DIR> d-------- c:\program files\RealArcade

2008-11-27 22:19 . 2008-11-27 22:19 <DIR> d-------- c:\documents and settings\Wendy Moody\Application Data\GameInvest

2008-11-27 22:17 . 2008-11-27 23:30 <DIR> d-------- c:\program files\Hospital Hustle

2008-11-27 09:29 . 2008-11-27 10:15 <DIR> d-------- c:\program files\My Tribe

2008-11-26 09:49 . 2008-11-26 09:48 410,976 --a------ c:\windows\SYSTEM32\deploytk.dll

2008-11-25 17:28 . 2008-11-25 17:29 <DIR> d-------- c:\program files\iTunes

2008-11-25 17:28 . 2008-11-25 17:28 <DIR> d-------- c:\program files\iPod

2008-11-25 17:28 . 2008-11-25 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-25 17:26 . 2008-11-25 17:26 <DIR> d-------- c:\program files\QuickTime

2008-11-22 15:41 . 2008-11-22 15:42 <DIR> d-------- c:\program files\Hot Dish 2 - Cross Country Cook Off

2008-11-18 17:59 . 2008-11-18 18:18 <DIR> d-------- c:\program files\Book of Legends

2008-11-17 12:12 . 2008-11-28 16:28 <DIR> d-------- c:\program files\Wonderland Secret Worlds

2008-11-17 12:10 . 2008-11-17 12:14 <DIR> d-------- c:\program files\Lifetime R.S.V.P

2008-11-15 13:06 . 2008-11-15 13:06 <DIR> d-------- c:\documents and settings\Wendy Moody\Application Data\Artogon

2008-11-15 12:47 . 2008-11-15 12:47 <DIR> d-------- c:\documents and settings\Wendy Moody\Application Data\FirstColony

2008-11-15 12:25 . 2008-11-16 12:43 <DIR> d-------- c:\program files\Mystery Stories - Berlin Nights

2008-11-15 12:23 . 2008-11-15 12:23 <DIR> d-------- c:\program files\Forgotten Lands - First Colony

2008-11-15 12:22 . 2008-11-15 12:22 <DIR> d-------- c:\program files\Hidden Mysteries - Buckingham Palace

2008-11-15 12:20 . 2008-11-15 12:20 <DIR> d-------- c:\program files\Treasure Seekers - Visions of Gold

2008-11-15 11:48 . 2008-11-15 11:48 <DIR> d-------- c:\program files\Top Chef

2008-11-12 15:33 . 2008-11-12 15:33 <DIR> d-------- c:\program files\MSXML 4.0

2008-11-12 04:12 . 2008-10-24 06:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys

2008-11-12 04:11 . 2008-09-04 12:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll

2008-11-11 15:59 . 2008-11-11 16:00 <DIR> d-------- c:\program files\Diner Dash - Flo Through Time

2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\SYSTEM32\QuickTimeVR.qtx

2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\SYSTEM32\QuickTime.qts

2008-11-01 13:26 . 2008-11-01 13:27 <DIR> d-------- c:\program files\FishCo

2008-10-31 19:13 . 2008-10-31 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Redrum

2008-10-31 19:08 . 2008-10-31 19:25 <DIR> d-------- c:\program files\Operation Mania

2008-10-31 18:59 . 2008-10-31 18:59 <DIR> d-------- c:\program files\Redrum

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-29 21:36 --------- d-----w c:\program files\Dl_cats

2008-11-29 13:10 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\McAfee

2008-11-29 13:10 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2008-11-29 00:40 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-28 23:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-28 23:16 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles

2008-11-28 09:57 --------- d-----w c:\program files\Magic Encyclopedia

2008-11-28 03:52 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache

2008-11-26 14:48 --------- d-----w c:\program files\Java

2008-11-25 22:28 --------- d-----w c:\program files\Common Files\Apple

2008-11-22 21:01 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Valusoft

2008-11-22 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\Valusoft

2008-11-18 23:18 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Gogii Games

2008-11-18 23:18 --------- d-----w c:\documents and settings\All Users\Application Data\Gogii Games

2008-11-15 17:46 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\cerasus.media

2008-11-15 17:31 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Gamelab

2008-11-11 21:01 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\PlayFirst

2008-11-11 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst

2008-11-11 20:57 --------- d-----w c:\program files\bfgclient

2008-11-03 02:21 --------- d-----w c:\program files\Megaplex Madness - Now Playing

2008-11-01 18:27 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo

2008-11-01 00:24 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Pogo Games

2008-10-26 15:59 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\SecretIslandEng

2008-10-26 15:56 --------- d-----w c:\program files\The Treasures of Mystery Island

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 19:47 --------- d-----w c:\program files\Parking Dash

2008-10-18 18:27 --------- d-----w c:\program files\Veronica Rivers - Portals to the Unknown

2008-10-18 18:27 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\Dragon Altar Games

2008-10-12 18:51 --------- d-----w c:\program files\Anna`s Ice Cream

2008-10-11 16:32 --------- d-----w c:\program files\Musaic Box

2008-10-11 13:02 --------- d-----w c:\program files\PrintMaster Gold 18

2008-10-11 13:02 --------- d-----w c:\documents and settings\All Users\Application Data\Broderbund Software

2008-10-11 12:11 --------- d-----w c:\program files\Web Publish

2008-10-11 02:44 --------- d-----w c:\program files\Common Files\Broderbund

2008-10-04 20:09 --------- d-----w c:\program files\Cassandra's Journey - The Legacy of Nostradamus

2008-10-04 20:09 --------- d-----w c:\documents and settings\Wendy Moody\Application Data\JoyBits

2008-09-30 13:32 49,152 ----a-w C:\javaupdater.exe

2008-09-30 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-09-29 23:14 49,152 ----a-w C:\balkan.exe

2008-09-29 23:05 49,152 ----a-w C:\jvme.exe

2008-09-29 23:05 49,152 ----a-w c:\documents and settings\Wendy Moody\csrssx.exe

2008-09-28 00:17 --------- d-----w c:\program files\Lost Secrets - Bermuda Triangle

2008-09-16 21:36 61,224 -c--a-w c:\documents and settings\Wendy Moody\GoToAssistDownloadHelper.exe

2008-08-26 21:00 24 ----a-w c:\documents and settings\Wendy Moody\jagex_runescape_preferences.dat

2008-02-27 21:57 0 -c--a-w c:\program files\temp01

2007-11-18 17:26 56 --sh--r c:\windows\SYSTEM32\0305A89BB2.sys

2007-11-18 17:26 3,350 -csha-w c:\windows\SYSTEM32\KGyGaAvL.sys

2008-08-18 22:09 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat

2008-02-10 21:49 9,897,248 -csha-w c:\windows\SYSTEM32\DRIVERS\fidbox.dat

2008-02-10 21:49 1,162,016 -csha-w c:\windows\SYSTEM32\DRIVERS\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingD6656"="del" [X]

"SpybotDeletingB8776"="command" [X]

"SpybotDeletingD2386"="del" [X]

"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]

"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]

"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 135168]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SpybotDeletingA5651"="command" [X]

"SpybotDeletingC5486"="del" [X]

"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2008-07-30 4891984]

c:\documents and settings\Wendy Moody\Start Menu\Programs\Startup\

client.jar [2008-09-29 40117]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Event Reminder.lnk - c:\program files\PrintMaster Gold 18\Remind.exe [2007-09-09 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\WINDOWS\\SYSTEM32\\MMC.EXE"=

"c:\\WINDOWS\\SYSTEM32\\dlcxcoms.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5228:TCP"= 5228:TCP:*:Disabled:SolidNetworkManager

"5228:UDP"= 5228:UDP:*:Disabled:SolidNetworkManager

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []

R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-29 24652]

.

Contents of the 'Scheduled Tasks' folder

2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-24 c:\windows\Tasks\diskcleaner.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-24 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-29 c:\windows\Tasks\quickcleaner.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-27 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe []

2007-05-17 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe []

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{8AF5DD05-AA7B-4721-AADF-C1E5946EC0FE}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

.

- - - - ORPHANS REMOVED - - - -

BHO-{c5e2e84d-3a09-4995-ba74-20297bd9ed13} - c:\windows\system32\zebilemo.dll

HKCU-Run-ccleaner - c:\program files\CCleaner\ccleaner.exe

HKCU-Run-Aim6 - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-29 16:35:58

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SYSTEM32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\SYSTEM32\dlcxcoms.exe

c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\McAfee\MBK\MBackMonitor.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe

c:\program files\Java\jre6\bin\java.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\windows\SYSTEM32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-11-29 16:42:16 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-29 21:42:05

Pre-Run: 95,485,906,944 bytes free

Post-Run: 95,611,691,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2008-11-12 20:37:25

Thanks for your time, in advance!

[1972vet]

Thanks for your patience. The forums have been flooded with requests and the volunteers have been working as time permits. If you are still in need of assistance, please post back a fresh HijackThis log. Thanks!

[1972vet]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.