Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Solution Center

Free IT eBook

Howtos

Site Search

Message Find

RSS Feeds

Install Guides

Data Recovery

About

Home
Reply to Message Icon Go to Main Page Icon

pos.tmp files, red X, kernel errors

Original Message
Name: Lloyd Warlow
Date: February 12, 2008 at 11:44:10 Pacific
Subject: pos.tmp files, red X, kernel errors
OS: XP
CPU/Ram: intel pentium 1.19 GHz, 4
Model/Manufacturer: Fujitsi Siemens/ amilo pr
Comment:
Hi guys,

I seem to be bogged down with this silly virus that many people have poseted above recently. Having loads of pos....tmp files and error poppring up all over the place.

After reading through the posts I have run VundoFix and restarted the computer and have now used Hijackthis to get the code. I was wondering what i do next as I am not savvy enough about computers to really know what I am doing. Any help will be very much appreciated.

Here the Notepad file from Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:08, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Kontiki\KService.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.jvhgroup.plc.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {5d1b1baf-4ad1-497a-92e4-b0a0199d60ec} - {ce06d991-0a0b-4e29-a794-1da4fab1b1d5} - C:\WINDOWS\system32\umcfrjim.dll
O2 - BHO: (no name) - {D36F642C-BAEC-4279-8124-4E8B05DD27EC} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\rqrrqol.dll
O2 - BHO: (no name) - {F0ECB4B2-C23B-4DAE-A692-147F8954B22E} - C:\Program Files\MSN Gaming Zone\tovyx89104.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [3c7ef9e4] rundll32.exe "C:\WINDOWS\system32\vnioxaol.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://intranet.jvhgroup.plc.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://insite.warwick.ac.uk/nps/portal/gadgets/com.novell.nps.gadgets.shortcut.ShortcutGadget/LocalExec.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.warwick.ac.uk/newwebcam/...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUplo...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = JVHGROUP.PLC.UK
O17 - HKLM\Software\..\Telephony: DomainName = JVHGROUP.PLC.UK
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = JVHGROUP.PLC.UK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = JVHGROUP.PLC.UK
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrrqol - C:\WINDOWS\SYSTEM32\rqrrqol.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AgentProxySvc - Unknown owner - C:\WINDOWS\System32\JTAProxy.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe

--
End of file - 10746 bytes


Many thanks once again. x


Report Offensive Message For Removal


Response Number 1
Name: Lloyd Warlow
Date: February 12, 2008 at 14:30:03 Pacific
Subject: pos.tmp files, red X, kernel errors
Reply: (edit)
i have now run the combofix aswell as this seems to be the next step. here is the log. If anyone can help me I would much appreciate it.

combofix log

ComboFix 08-02-13.1 - teddy 2008-02-12 21:47:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT 0:00]
Running from: C:\Documents and Settings\user1\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\rqrrqol.dll
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\byxwvus.dll
C:\WINDOWS\system32\dpyeogkf.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eidgpqvr.ini
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
c:\WINDOWS\system32\ikecmmi.dat
C:\WINDOWS\system32\ikecmmi.exe
c:\WINDOWS\system32\ikecmmi_nav.dat
c:\WINDOWS\system32\ikecmmi_navps.dat
C:\WINDOWS\system32\ljntihwjrq_navtmp.dat
C:\WINDOWS\system32\loaxoinv.ini
C:\WINDOWS\system32\luajvxyk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\nwfoahaz.dll . . . . failed to delete
C:\WINDOWS\system32\nwfoahaz.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\raaodjmu.dll
C:\WINDOWS\system32\rmpjmamh.dll
C:\WINDOWS\system32\rqrrqol.dll
C:\WINDOWS\system32\u1
C:\WINDOWS\system32\u1\hiba3133.exe
C:\WINDOWS\system32\umcfrjim.dll
C:\WINDOWS\system32\umjdoaar.ini
C:\WINDOWS\system32\vturrro.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\x8
C:\WINDOWS\system32\x8\liopud89104.exe
C:\WINDOWS\system32\ymrejsqj.dll
C:\WINDOWS\system32\yybeg.ini2
C:\WINDOWS\system32\z2
C:\WINDOWS\system32\nwfoahaz.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 22:11 . 2008-02-13 22:15 19,054 ---hs---- C:\WINDOWS\system32\nwfoahaz.dllbox
2008-02-13 22:11 . 2008-02-13 22:12 9,033 --a------ C:\pos4.tmp
2008-02-13 22:11 . 2008-02-13 22:12 7,033 --a------ C:\pos3.tmp
2008-02-13 22:11 . 2008-02-13 22:12 7,033 --a------ C:\pos2.tmp
2008-02-13 22:11 . 2008-02-13 22:12 5,033 --a------ C:\pos5.tmp
2008-02-12 19:33 . 2008-02-13 22:01 163,904 --a------ C:\WINDOWS\system32\nwfoahaz.dll
2008-02-12 18:28 . 2008-02-12 18:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 16:22 . 2008-02-12 19:21 <DIR> d-------- C:\VundoFix Backups
2008-02-12 00:43 . 2008-02-12 00:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-12 00:40 . 2008-02-12 00:48 <DIR> d-------- C:\Program Files\RABCO
2008-02-12 00:40 . 2008-02-12 00:40 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-29 15:52 . 2008-01-29 15:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-29 15:52 . 2008-01-29 15:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 04:59 . 2008-01-20 04:59 <DIR> d-------- C:\Program Files\Channel4
2008-01-20 04:57 . 2008-01-20 04:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2008-01-19 05:31 . 2008-01-19 05:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 22:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-02-12 17:44 --------- d-----w C:\Documents and Settings\user1\Application Data\uTorrent
2008-01-20 04:59 --------- d-----w C:\Program Files\Kontiki
2008-01-19 05:38 --------- d-----w C:\Program Files\QuickTime
2008-01-19 05:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-19 05:31 --------- d-----w C:\Program Files\Apple Software Update
2008-01-04 21:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 00:27 3,532 ----a-w C:\drmHeader.bin
2007-12-28 11:41 --------- d-----w C:\Program Files\DivX
2007-12-28 11:41 --------- d-----w C:\Documents and Settings\user1\Application Data\DivX
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
2008-01-30 14:02 414992 --a------ C:\Program Files\RABCO\RABCO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66566972-2F87-4E3B-8154-2DF0C41C739B}]
C:\WINDOWS\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79ecf0a2-7457-4aa9-b498-be13935956d6}]
C:\WINDOWS\system32\luajvxyk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]
2006-01-25 19:23 128512 --a------ C:\WINDOWS\VirtualDNS.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-13 22:01 163904 --a------ C:\WINDOWS\system32\nwfoahaz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D36F642C-BAEC-4279-8124-4E8B05DD27EC}]
C:\WINDOWS\system32\gebcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0ECB4B2-C23B-4DAE-A692-147F8954B22E}]
2008-02-08 01:07 217088 --a------ C:\Program Files\MSN Gaming Zone\tovyx89104.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2004-07-02 10:26 122956]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AuditMode"="C:\sysprep\factory.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 22:37 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 22:19 118784]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-28 08:48 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2002-12-20 21:07 87751 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-28 23:08 184320]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-02-13 09:25 493024]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 17:19 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 17:57 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 17:51 217088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-21 13:27 180269]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"ikecmmi"="c:\windows\system32\ikecmmi.exe" [ ]
"3c7ef9e4"="C:\WINDOWS\system32\raaodjmu.dll" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 07:56 388608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]

C:\Documents and Settings\user1\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-01 12:15:46 113664]
RABCO - Auto Update.lnk - C:\Program Files\RABCO\RABCOse.exe [2008-02-12 00:40:24 183216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwfoahaz]
nwfoahaz.dll 2008-02-13 22:01 163904 C:\WINDOWS\system32\nwfoahaz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqol]
rqrrqol.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R1 d_kmd;d_kmd;C:\WINDOWS\system32\drivers\d_kmd.sys [2005-12-09 15:08]
R2 HPFECP06;HPFECP06;C:\WINDOWS\system32\drivers\HPFECP06.SYS [2005-10-24 15:19]
R3 WN6201;Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\WN6201.sys [2005-06-17 05:40]
S2 InoNmSrv;eTrust Antivirus Admin Server;"C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe" [2003-02-13 09:23]
S3 AgentProxySvc;AgentProxySvc;C:\WINDOWS\System32\JTAProxy.exe []
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 16:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d153dc40-6e08-11dc-b51a-0012bf555349}]
\Shell\1\Command - E:\.\RECYCLER\RECYCLER\autorun.exe
\Shell\2\Command - E:\.\RECYCLER\RECYCLER\autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 16:24:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 03:30:01 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 22:14:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R???w0??w????*??w???w?x??O??wD???m???v???????????????h???h??????????wO??wD???m???v???????????????k!?s???w???w????????V??w???????w??n????????w????V??w???w???????s????g??w???w???????w???w???????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nwfoahaz.dll
.
r Running Proce
.
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-02-13 22:20:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 22:20:47



Report Offensive Follow Up For Removal




Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: pos.tmp files, red X, kernel errors

Comments:
         

 
  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 


Data Recovery Software



My PC has been hijacked!

Lexmark 2600 Printer Issues

btk1w1 infected start here post

Unwanted message remians on screen

Slow boot time

The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net, LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE

All content ©1996-2007 Computing.Net, LLC