POS Files and Red X on C: drive

Computing.Net > Forums > Security and Virus > POS Files and Red X on C: drive

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

POS Files and Red X on C: drive

Name: lulujc606
Date: March 2, 2008 at 05:15:20 Pacific
OS: Microsoft Windows
CPU/Ram: Pentium 4
Product: Dell Inspiron 5100

Comment:

I'm not computer savvy AT ALL and I really need help getting rid of this virus! I have thousands of pos.tmp files and my c drive has a red x for its icon and i keep getting warning messages that my computer is suffering serious damage. can anyone help me?? any advice is much appreciated!

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: March 2, 2008 at 19:48:53 Pacific

Reply:

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 2

Name: lulujc606
Date: March 3, 2008 at 01:37:38 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:30 AM, on 3/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\wltrysvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe
C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\common files\aol\1135925539\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1135925539\ee\aolsoftware.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lu-Lu\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchforit.com/searchbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sides...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sides...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: {210c33df-715b-4cfa-4be4-ed85ab63d534} - {435d36ba-58de-4eb4-afc4-b517fd33c012} - C:\WINDOWS\System32\dbihppjb.dll (file missing)
O2 - BHO: (no name) - {7E88F5FE-79CC-4232-AD2D-3DD3CF95098C} - C:\WINDOWS\System32\rqoli.dll (file missing)
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [jhfdql] c:\windows\system32\newxyxe.exe r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e4e14263] rundll32.exe "C:\WINDOWS\System32\bemwoykf.dll",b
O4 - HKLM\..\Run: [BMe7d271ff] Rundll32.exe "C:\WINDOWS\System32\fbcfstvh.dll",s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [miqz] C:\PROGRA~1\COMMON~1\miqz\miqzm.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/e...
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computerchecku...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14a4b8d...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - Winlogon Notify: vtuusss - vtuusss.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10853 bytes

Response Number 3

Name: lulujc606
Date: March 3, 2008 at 01:50:40 Pacific

Reply:

i dont know how im supposed to post the combofix log? when i run combofix it reboots my computer so where do i find the log?

Response Number 4

Name: ArcticWolf
Date: March 3, 2008 at 02:02:11 Pacific

Reply:

Usually the combofix.txt file is in the main C:\ directory.

Response Number 5

Name: lulujc606
Date: March 3, 2008 at 02:15:40 Pacific

Reply:

jabuck, thanks for your help im pretty sure this is the combofix log, sorry im completely computer illiterate!
ComboFix 08-03-03.6 - Lu-Lu 2008-03-03 5:06:13.5 - NTFSx86
Running from: C:\Documents and Settings\Lu-Lu\Desktop\ComboFix(2).exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\tpBe12
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\amarffhf.ini
C:\WINDOWS\system32\aydpqiqv.dll
C:\WINDOWS\system32\bjndgsgb.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\mswinstall.exe
C:\WINDOWS\system32\Cache\setup.exe
C:\WINDOWS\system32\Cache\Setup_with_terms_and_uninstaller.exe
C:\WINDOWS\system32\Cache\SSK3_B5 Advagency.exe
C:\WINDOWS\system32\Cache\weirdontheweb_ventura2.exe
C:\WINDOWS\system32\crsdiymm.ini
C:\WINDOWS\system32\ctbyncwy.ini
C:\WINDOWS\system32\daoxfaol.ini
C:\WINDOWS\system32\dsvmugpi.dll
C:\WINDOWS\system32\dyklkhju.ini
C:\WINDOWS\system32\epvdntpp.dll
C:\WINDOWS\system32\fkseaijs.ini
C:\WINDOWS\system32\gemxpjhu.ini
C:\WINDOWS\system32\gfovqkkw.ini
C:\WINDOWS\system32\gfunfajn.ini
C:\WINDOWS\system32\gkfqoset.ini
C:\WINDOWS\system32\hdyragxt.dll
C:\WINDOWS\system32\hswnslmk.ini
C:\WINDOWS\system32\iloqr.ini
C:\WINDOWS\system32\iloqr.ini2
C:\WINDOWS\system32\inbyfpff.ini
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\jpnstyfn.ini
C:\WINDOWS\system32\kjgdkoba.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpttlwgs.ini
C:\WINDOWS\system32\mqqcfyoe.ini
C:\WINDOWS\system32\nosognqm.ini
C:\WINDOWS\system32\ojrkjxfp.ini
C:\WINDOWS\system32\ormhwavb.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pjxdbcof.ini
C:\WINDOWS\system32\pwwojsqi.ini
C:\WINDOWS\system32\qskwctxr.ini
C:\WINDOWS\system32\qxvvoewf.ini
C:\WINDOWS\system32\rdctguvy.ini
C:\WINDOWS\system32\rtusmebs.ini
C:\WINDOWS\system32\tfiihoqx.ini
C:\WINDOWS\system32\uynmtdoj.ini
C:\WINDOWS\system32\wcupqggs.ini
C:\WINDOWS\system32\whobcxok.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wqtebpib.ini
C:\WINDOWS\system32\xenhnihw.ini
C:\WINDOWS\system32\xltlurmc.ini
C:\WINDOWS\system32\ycbfvusm.ini
C:\WINDOWS\system32\ympjxiff.ini
C:\WINDOWS\system32\yorjibnb.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-03 05:06 . 2008-03-03 05:08 <DIR> d-------- C:\ComboFix(2)
2008-03-03 05:06 . 2003-07-16 15:25 375,808 --a------ C:\WINDOWS\system32\CF13302.exe
2008-03-03 04:46 . 2008-03-03 04:47 <DIR> d-------- C:\ComboFix
2008-03-03 04:39 . 2008-03-03 05:03 <DIR> d-------- C:\QooBox
2008-03-03 04:39 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-03-03 04:39 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-03-03 04:39 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-03-03 04:39 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-03 04:39 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-03 04:39 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-03-03 04:39 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-03 04:39 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-03-03 04:39 . 2000-08-31 08:00 28,160 --a------ C:\WINDOWS\Nircmd.exe
2008-03-03 01:58 . 2008-03-03 04:27 <DIR> d-------- C:\VundoFix Backups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-03 09:48 --------- d-----w C:\Program Files\Mozilla Firefox
2008-03-03 09:45 805,306,368 --sha-w C:\pagefile.sys
2008-03-01 09:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 08:47 --------- d-----w C:\Program Files\Musicmatch
2008-02-26 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 08:44 --------- d-----w C:\Program Files\ArcSoft
2008-02-26 08:42 --------- d-----w C:\Program Files\Adobe
2007-12-15 09:51 39,936 ----a-w C:\WINDOWS\mrofinu72.exe.tmp
2005-07-31 09:20 148,356 ----a-w C:\Documents and Settings\Lu-Lu\99_ncontext_4_0_3_7.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF}]
2005-07-27 20:11 67072 --a------ C:\WINDOWS\System32\WinStat13.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{435d36ba-58de-4eb4-afc4-b517fd33c012}]
C:\WINDOWS\System32\dbihppjb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E88F5FE-79CC-4232-AD2D-3DD3CF95098C}]
C:\WINDOWS\System32\rqoli.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
C:\Program Files\QdrDrive\QdrDrive8.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 17:08 67160]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Sonic RecordNow!"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 13:00 200767]
"miqz"="C:\PROGRA~1\COMMON~1\miqz\miqzm.exe" [ ]
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 13:18 326232]
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-08 00:00 294912]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 20:21 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 20:15 610304]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 08:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 20:21 28672]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 20:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 23:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 13:00 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2003-08-21 20:10 180224]
"tgcmd"="c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" [2004-01-06 03:34 1855488]
"jhfdql"="c:\windows\system32\newxyxe.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 05:52 36975]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-29 02:25 180269]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"e4e14263"="C:\WINDOWS\System32\bemwoykf.dll" [ ]
"BMe7d271ff"="C:\WINDOWS\System32\fbcfstvh.dll" [ ]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 07:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-01-27 22:44:24 156784]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2004-12-30 17:05:09 626688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 03:01:04 83360]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-04-04 00:43:54 745472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuusss]
vtuusss.dll
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys [2005-10-24 13:18]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 05:08:43
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

CL-GD5465-HC-C samsung digimax 130 driver microsoft c download edit hosts file mac tcp ip connectivity utilities that are used on linux and windows xp operati i586 sed file script to change file names reset IFS del command switches	zip.exe laplink 5 download RED State Exception start x on solaris file date time format on vms disable file and folder drop and drag in server 2008 bash unexpected end of file syntax error: unexpected end of file rsop red x uninstall wan miniport
See More

Response Number 6

Name: jabuck
Date: March 3, 2008 at 03:31:17 Pacific

Reply:

Please download Fixwareout from this link
http://swandog46.geekstogo.com/Fixwareout.exe
or
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click next, then Install, then make sure "Run fixit" is checked and click finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Post a copy at the log located at C:\fixwareout\report.txt

After restart, if you have any connection problems, do this:
Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
Before you restart the computer.
Go to Start > Run and type in cmd
Click OK.
This will open a commad prompt.
Type or copy and paste the following line in the command window:

ipconfig /flushdns

Hit Enter
Exit the command window
Download XP fix from this link and run it http://www.visualtour.com/downloads/ it should replace the missing C:\WINDOWS\system32\AUTOEXEC.NT file.
Then run the fixwareout.

Response Number 7

Name: lulujc606
Date: March 3, 2008 at 22:51:35 Pacific

Reply:

Username "Lu-Lu" - 2008-03-04 1:38:50 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"tgcmd"="\"c:\\Program Files\\Adelphia HSAgent\\bin\\tgcmd.exe\" /server /startmonitor /deaf "
"jhfdql"="c:\\windows\\system32\\newxyxe.exe r"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1135925539\\ee\\AOLSoftware.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"e4e14263"="rundll32.exe \"C:\\WINDOWS\\System32\\bemwoykf.dll\",b"
"BMe7d271ff"="Rundll32.exe \"C:\\WINDOWS\\System32\\fbcfstvh.dll\",s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Sonic RecordNow!"=""
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"miqz"="C:\\PROGRA~1\\COMMON~1\\miqz\\miqzm.exe"
"AOLCC"="\"C:\\Program Files\\AOL Computer Check-Up\\ACCAgnt.exe\" /startup"
"QdrModule10"="\"C:\\Program Files\\QdrModule\\QdrModule10.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Response Number 8

Name: lulujc606
Date: March 3, 2008 at 23:14:36 Pacific

Reply:

question.....are the icons for 'combofix' and 'fixwareout' supposed to be red x's?

Response Number 9

Name: jabuck
Date: March 4, 2008 at 19:53:19 Pacific

Reply:

Combofix is a red X, not sure about Fixwareout.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\mrofinu72.exe.tmp
C:\Documents and Settings\Lu-Lu\99_ncontext_4_0_3_7.exe
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\WINDOWS\System32\WinStat13.dll
C:\WINDOWS\System32\dbihppjb.dll
C:\WINDOWS\System32\rqoli.dll
c:\windows\system32\newxyxe.exe
C:\WINDOWS\System32\bemwoykf.dll
C:\WINDOWS\System32\fbcfstvh.dll
C:\Program Files\QdrModule\QdrModule10.exe
Folder::
C:\Program Files\QdrDrive
C:\Program Files\QdrModule

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QdrModule10"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jhfdql"=-
"e4e14263"=-
"BMe7d271ff"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log and post a new Hijack This log..

Response Number 10

Name: lulujc606
Date: March 5, 2008 at 02:39:16 Pacific

Reply:

ComboFix 08-03-03.6 - Lu-Lu 2008-03-05 5:23:04.6 - NTFSx86
Running from: C:\Documents and Settings\Lu-Lu\Desktop\ComboFix(2).exe
Command switches used :: C:\Documents and Settings\Lu-Lu\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Documents and Settings\Lu-Lu\99_ncontext_4_0_3_7.exe
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\Program Files\QdrModule\QdrModule10.exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\System32\bemwoykf.dll
C:\WINDOWS\System32\dbihppjb.dll
C:\WINDOWS\System32\fbcfstvh.dll
c:\windows\system32\newxyxe.exe
C:\WINDOWS\System32\rqoli.dll
C:\WINDOWS\System32\WinStat13.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Lu-Lu\99_ncontext_4_0_3_7.exe
C:\WINDOWS\System32\WinStat13.dll
.
---- Previous Run -------
.
C:\Temp\tpBe12
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\amarffhf.ini
C:\WINDOWS\system32\aydpqiqv.dll
C:\WINDOWS\system32\bjndgsgb.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\mswinstall.exe
C:\WINDOWS\system32\Cache\setup.exe
C:\WINDOWS\system32\Cache\Setup_with_terms_and_uninstaller.exe
C:\WINDOWS\system32\Cache\SSK3_B5 Advagency.exe
C:\WINDOWS\system32\Cache\weirdontheweb_ventura2.exe
C:\WINDOWS\system32\crsdiymm.ini
C:\WINDOWS\system32\ctbyncwy.ini
C:\WINDOWS\system32\daoxfaol.ini
C:\WINDOWS\system32\dsvmugpi.dll
C:\WINDOWS\system32\dyklkhju.ini
C:\WINDOWS\system32\epvdntpp.dll
C:\WINDOWS\system32\fkseaijs.ini
C:\WINDOWS\system32\gemxpjhu.ini
C:\WINDOWS\system32\gfovqkkw.ini
C:\WINDOWS\system32\gfunfajn.ini
C:\WINDOWS\system32\gkfqoset.ini
C:\WINDOWS\system32\hdyragxt.dll
C:\WINDOWS\system32\hswnslmk.ini
C:\WINDOWS\system32\iloqr.ini
C:\WINDOWS\system32\iloqr.ini2
C:\WINDOWS\system32\inbyfpff.ini
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\jpnstyfn.ini
C:\WINDOWS\system32\kjgdkoba.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpttlwgs.ini
C:\WINDOWS\system32\mqqcfyoe.ini
C:\WINDOWS\system32\nosognqm.ini
C:\WINDOWS\system32\ojrkjxfp.ini
C:\WINDOWS\system32\ormhwavb.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pjxdbcof.ini
C:\WINDOWS\system32\pwwojsqi.ini
C:\WINDOWS\system32\qskwctxr.ini
C:\WINDOWS\system32\qxvvoewf.ini
C:\WINDOWS\system32\rdctguvy.ini
C:\WINDOWS\system32\rtusmebs.ini
C:\WINDOWS\system32\tfiihoqx.ini
C:\WINDOWS\system32\uynmtdoj.ini
C:\WINDOWS\system32\wcupqggs.ini
C:\WINDOWS\system32\whobcxok.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wqtebpib.ini
C:\WINDOWS\system32\xenhnihw.ini
C:\WINDOWS\system32\xltlurmc.ini
C:\WINDOWS\system32\ycbfvusm.ini
C:\WINDOWS\system32\ympjxiff.ini
C:\WINDOWS\system32\yorjibnb.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.
2008-03-05 05:22 . 2008-03-05 05:27 <DIR> d-------- C:\ComboFix(2)
2008-03-05 05:22 . 2003-07-16 15:25 375,808 --a------ C:\WINDOWS\system32\CF23703.exe
2008-03-04 01:38 . 2008-03-04 01:41 <DIR> d-------- C:\fixwareout
2008-03-03 04:46 . 2008-03-03 04:47 <DIR> d-------- C:\ComboFix
2008-03-03 04:39 . 2008-03-05 05:23 <DIR> d-------- C:\QooBox
2008-03-03 04:39 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-03-03 04:39 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-03-03 04:39 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-03-03 04:39 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-03 04:39 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-03 04:39 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-03-03 04:39 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-03 04:39 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-03-03 04:39 . 2000-08-31 08:00 28,160 --a------ C:\WINDOWS\Nircmd.exe
2008-03-03 01:58 . 2008-03-03 04:27 <DIR> d-------- C:\VundoFix Backups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 09:35 --------- d-----w C:\Program Files\Mozilla Firefox
2008-03-05 09:21 805,306,368 --sha-w C:\pagefile.sys
2008-03-01 09:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 08:47 --------- d-----w C:\Program Files\Musicmatch
2008-02-26 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 08:44 --------- d-----w C:\Program Files\ArcSoft
2008-02-26 08:42 --------- d-----w C:\Program Files\Adobe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{435d36ba-58de-4eb4-afc4-b517fd33c012}]
C:\WINDOWS\System32\dbihppjb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E88F5FE-79CC-4232-AD2D-3DD3CF95098C}]
C:\WINDOWS\System32\rqoli.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}]
C:\Program Files\QdrDrive\QdrDrive8.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 17:08 67160]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Sonic RecordNow!"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 13:00 200767]
"miqz"="C:\PROGRA~1\COMMON~1\miqz\miqzm.exe" [ ]
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 13:18 326232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-08 00:00 294912]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 20:21 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 20:15 610304]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 08:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 20:21 28672]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 20:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 23:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 13:00 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2003-08-21 20:10 180224]
"tgcmd"="c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" [2004-01-06 03:34 1855488]
"HostManager"="C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 05:52 36975]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-29 02:25 180269]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 07:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-01-27 22:44:24 156784]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2004-12-30 17:05:09 626688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 03:01:04 83360]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-04-04 00:43:54 745472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuusss]
vtuusss.dll
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys [2005-10-24 13:18]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 05:27:07
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

Response Number 11

Name: lulujc606
Date: March 5, 2008 at 02:41:26 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:40, on 2008-03-05
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe
C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
c:\program files\common files\aol\1135925539\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1135925539\ee\aolsoftware.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lu-Lu\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: {210c33df-715b-4cfa-4be4-ed85ab63d534} - {435d36ba-58de-4eb4-afc4-b517fd33c012} - C:\WINDOWS\System32\dbihppjb.dll (file missing)
O2 - BHO: (no name) - {7E88F5FE-79CC-4232-AD2D-3DD3CF95098C} - C:\WINDOWS\System32\rqoli.dll (file missing)
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [miqz] C:\PROGRA~1\COMMON~1\miqz\miqzm.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/e...
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computerchecku...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14a4b8d...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O20 - Winlogon Notify: vtuusss - vtuusss.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10046 bytes

Response Number 12

Name: jabuck
Date: March 6, 2008 at 17:41:57 Pacific

Reply:

Looks much better.
Go to start> run type in combofix /u (there must be a space after combofix) then press enter.
Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: {210c33df-715b-4cfa-4be4-ed85ab63d534} - {435d36ba-58de-4eb4-afc4-b517fd33c012} - C:\WINDOWS\System32\dbihppjb.dll (file missing)

O2 - BHO: (no name) - {7E88F5FE-79CC-4232-AD2D-3DD3CF95098C} - C:\WINDOWS\System32\rqoli.dll (file missing)

O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing)
O15 - Trusted Zone: http://www.neededware.com

O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab<... - Winlogon Notify: vtuusss - vtuusss.dll (file missing)
Exit Hijack This.
Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Click on the JDK 6 Update 5 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jdk-6u5-windows-i586-p.exe
to install the newest version.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download CCleaner from the following link:
http://filehippo.com/download_ccleaner/
After you download it to your desktop and begin installing it only allow the "install icon on desktop" to install . Then run it, use only as suggested, it's powerful use only the prechecked items.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Response Number 13

Name: lulujc606
Date: March 7, 2008 at 08:59:10 Pacific

Reply:

---------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, March 07, 2008 11:57:39 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/03/2008
Kaspersky Anti-Virus database records: 610241
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 35125
Number of viruses found: 8
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 02:18:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Support.com\profiles\Lu-Lu\triggers.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lu-Lu\Application Data\GTek\GTUpdate\AUpdate\AOLCC\ACCAgnt.log Object is locked skipped
C:\Documents and Settings\Lu-Lu\Application Data\GTek\GTUpdate\AUpdate\AOLCC\AUAolOn.log Object is locked skipped
C:\Documents and Settings\Lu-Lu\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lu-Lu\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Lu-Lu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lu-Lu\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lu-Lu\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lu-Lu\Local Settings\Temp\~DF8FE4.tmp Object is locked skipped
C:\Documents and Settings\Lu-Lu\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lu-Lu\ntuser.dat Object is locked skipped
C:\Documents and Settings\Lu-Lu\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan-Downloader.Win32.Small.apm skipped
C:\System Volume Information\_restore{09A2572B-DEB1-46A1-8624-AE68D6958D84}\RP633\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx Infected: Trojan-Dropper.Win32.Agent.or skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx Infected: Trojan-Dropper.Win32.Agent.or skipped
C:\WINDOWS\Downloaded Program Files\search3.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.d skipped
C:\WINDOWS\mwusrlatr.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{22CF538E-8199-40EC-A2F7-BB86BD052653}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bcbsaeg06.dll Infected: Trojan-Downloader.Win32.Lastad.r skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\edxj.exe Infected: Trojan-Downloader.Win32.Lastad.h skipped
C:\WINDOWS\system32\epx30105.exe Infected: Trojan-Downloader.Win32.Lastad.p skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hrjt.exe Infected: Trojan-Downloader.Win32.Lastad.p skipped
C:\WINDOWS\system32\hrjtaeg05.dll Infected: Trojan-Downloader.Win32.Lastad.h skipped
C:\WINDOWS\system32\skwbh.exe Infected: Trojan-Downloader.Win32.Lastad.n skipped
C:\WINDOWS\system32\skwbhndw30102lib.dll Infected: Trojan-Downloader.Win32.Lastad.h skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wcwnyqqndw30103lib.dll Infected: Trojan-Downloader.Win32.Lastad.h skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Response Number 14

Name: jabuck
Date: March 8, 2008 at 16:24:34 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx
C:\WINDOWS\Downloaded Program Files\search3.dll
C:\WINDOWS\mwusrlatr.exe
C:\WINDOWS\system32\bcbsaeg06.dll
C:\WINDOWS\system32\edxj.exe Infected: C:\WINDOWS\system32\epx30105.exe Infected: C:\WINDOWS\system32\h323log.txt Object is C:\WINDOWS\system32\hrjt.exe Infected: C:\WINDOWS\system32\hrjtaeg05.dll Infected: C:\WINDOWS\system32\skwbh.exe Infected: C:\WINDOWS\system32\skwbhndw30102lib.dll
C:\WINDOWS\system32\wcwnyqqndw30103lib.dll
Folder::
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.2

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log, Hijack This log and a new Kaspersky log.
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Response Number 15

Name: lulujc606
Date: March 8, 2008 at 18:55:05 Pacific

Reply:

ComboFix 08-03-08.1 - Lu-Lu 2008-03-08 21:45:57.7 - NTFSx86
Running from: C:\Documents and Settings\Lu-Lu\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lu-Lu\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE ::
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx
C:\WINDOWS\Downloaded Program Files\search3.dll
C:\WINDOWS\mwusrlatr.exe
C:\WINDOWS\system32\bcbsaeg06.dll
C:\WINDOWS\system32\edxj.exe Infected: C:\WINDOWS\system32\epx30105.exe Infected: C:\WINDOWS\system32\h323log.txt Object is C:\WINDOWS\system32\hrjt.exe Infected: C:\WINDOWS\system32\hrjtaeg05.dll Infected: C:\WINDOWS\system32\skwbh.exe Infected: C:\WINDOWS\system32\skwbhndw30102lib.dll
C:\WINDOWS\system32\wcwnyqqndw30103lib.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\IEAWSDC.DLL
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ieawsdc.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx
C:\WINDOWS\Downloaded Program Files\search3.dll
C:\WINDOWS\mwusrlatr.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcbsaeg06.dll
C:\WINDOWS\system32\wcwnyqqndw30103lib.dll
.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.
2008-03-07 08:41 . 2008-03-07 08:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-07 08:41 . 2008-03-07 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-07 08:28 . 2008-03-07 08:28 <DIR> d-------- C:\Program Files\CCleaner
2008-03-07 08:12 . 2008-03-07 08:12 <DIR> d-------- C:\Program Files\Sun
2008-03-07 08:11 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-07 08:04 . 2008-03-07 08:11 <DIR> d-------- C:\Program Files\Java
2008-03-07 08:04 . 2008-03-07 08:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-04 01:38 . 2008-03-04 01:41 <DIR> d-------- C:\fixwareout
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 09:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 08:47 --------- d-----w C:\Program Files\Musicmatch
2008-02-26 08:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 08:44 --------- d-----w C:\Program Files\ArcSoft
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 17:08 67160]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Sonic RecordNow!"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 13:00 200767]
"miqz"="C:\PROGRA~1\COMMON~1\miqz\miqzm.exe" [ ]
"AOLCC"="C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 13:18 326232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-11-08 00:00 294912]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-05-02 20:21 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-05-02 20:15 610304]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 08:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 20:21 28672]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 20:02 122880]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 23:50 163840]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2003-08-27 13:00 245760]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2003-08-21 20:10 180224]
"tgcmd"="c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" [2004-01-06 03:34 1855488]
"HostManager"="C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe" [2006-09-25 19:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50 71216]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-29 02:25 180269]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 12:48 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 07:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-01-27 22:44:24 156784]
Digimax Viewer 2.1.lnk - C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2004-12-30 17:05:09 626688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 03:01:04 83360]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2006-04-04 00:43:54 745472]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2005-04-01 10:43]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\wg111v2.sys [2005-10-24 13:18]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 07:57]
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 09:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-09 02:36:12 C:\WINDOWS\Tasks\McAfee.com Update Check (LULU-Lu-Lu).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 21:48:37
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-08 21:49:33
ComboFix-quarantined-files.txt 2008-03-09 02:49:26

Response Number 16

Name: lulujc606
Date: March 8, 2008 at 18:57:24 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:17 PM, on 3/8/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Adelphia HSAgent\bin\tgcmd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
c:\program files\common files\aol\1135925539\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1135925539\ee\aolsoftware.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lu-Lu\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sides...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [tgcmd] "c:\Program Files\Adelphia HSAgent\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135925539\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [miqz] C:\PROGRA~1\COMMON~1\miqz\miqzm.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/e...
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computerchecku...
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14a4b8d...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9601 bytes

Response Number 17

Name: jabuck
Date: March 8, 2008 at 19:09:00 Pacific

Reply:

Looks much better.
Go to the following link:
http://virusscan.jotti.org/
Then use the browse button to locate this file:
C:\Progarm Files\Common Files\miqz\miqzm.exe
Once located click submit then post the results.
If you don't see it do the following and look again:
Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.

Response Number 18

Name: lulujc606
Date: March 8, 2008 at 19:33:01 Pacific

Reply:

i did what you said and miqzm.exe is still not there

Response Number 19

Name: jabuck
Date: March 8, 2008 at 20:30:48 Pacific

Reply:

Ok, do you still have a red X for the icon on the C: drive?

Response Number 20

Name: lulujc606
Date: March 8, 2008 at 20:50:45 Pacific

Reply:

yes, the red X is still the icon for my C: drive.

Response Number 21

Name: jabuck
Date: March 8, 2008 at 21:39:05 Pacific

Reply:

This should fix the red X.
Go to start> run> type in notepad > ok. Copy paste the following into notepad making [autorun] the very top line:
[autorun]
ICON=C:\WINDOWS\SYSTEM\SHELL32.DLL,8
Click "save as"> then using the drop down arrow on the far right of the "save in" window select Local Disk C: to be displayed in the "save in" window.
Next type "C:\autorun.inf" (you must use the quotes) in the file name window> click save.
Restart the computer.

Response Number 22

Name: lulujc606
Date: March 9, 2008 at 05:12:14 Pacific

Reply:

Awesome! The red X is gone. Is there anything else i should do? You've been such a great help, I can't thank you enough.

Response Number 23

Name: jabuck
Date: March 9, 2008 at 07:43:42 Pacific

Reply:

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Glad we could help.

Response Number 24

Name: lulujc606
Date: March 9, 2008 at 20:09:44 Pacific

Reply:

A thousand times i thank you for helping me. My computer is a hundred percent better and you did so much to speed along this process! thank you thank you thank you!!

Response Number 25

Name: jabuck
Date: March 11, 2008 at 03:28:58 Pacific

Reply:

Glad we could help.

Sponsored Link

Ads by Google

Kerio or Comodo Firewall

Pos.tmp files, red X,blin...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: POS Files and Red X on C: drive

POS.tmp file and red X on C-dive

Summary

www.computing.net/answers/security/postmp-file-and-red-x-on-cdive/22424.html

POS.TMP files and Red X on c: dri

Summary

www.computing.net/answers/security/postmp-files-and-red-x-on-c-dri/22465.html

pos.tmp and red x on harddrive

Summary

www.computing.net/answers/security/postmp-and-red-x-on-harddrive/22336.html

From the Geek Dictionary
486 DX - An 80486 Intel processor that has an integrated math coprocessor.

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes Today.
Discuss in The Lounge
Poll History

Recent Posts
Possible virus I don't know what

combining tow internet connections.

Setting a DOS variable from a text file

Motherboards and dc jacks

Picture will not change on welome screen

All Awaiting Reply

Tom's News
Man Controls Prosthetic Arm With His Mind

App Plays Mario Sounds to Match Your Movement

New Super Mario Bros. Wii Looks Great in 1080p

Parents Pull Girl's Tooth, Scares Cat With RC Car

Xbox Live Marketplace Getting Pets

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE