Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).
      
 
 Closed TopicStart new topic
System & program error messages on spyware/virus
giggles23
post Dec 26 2007, 12:44 PM
Post #1


New Member
*
Posts: 6
OS: Windows XP
I tried doing some of the tips that I found in forums, so far I believe I removed Outerinfo but than it got worse.
Any solutions you give me please be clear on them, I think I'm making it worse & my computer is getting slower.

Here are my list of issues followed by my hijackthis.log

1ST ERROR MESSAGE:
During a scan of files at system startup,potential errors in the system registry were found.
p-07-0100 irql; 1f SYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED
-----------------------------------------------
2ND ERROR MESSAGE:
SYSFader: IEXPLORE.EXE - Potential Application Error
The instruction at "0X01d62739" referenced memory aT "0x02354e50". The memory could not be *read. Click on OK
to terminate.
-----------------------------------------------
3RD ERROR MESSAGE:
YOUR SYSTEM COULD BE UNSTABLE
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to
your computer.
****WXYZ.SYS-Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
------------------------------------------------
McAfee Error Messages:
1st window) unable to delete C:\WINDOWS\SYSTEM32\QOMLMLJ.DLL

2nd window) McAfee Activeshield has found a suspect file on your computer.
McAfee strongly recommends that you scan your computer now.
------------------------------------------------
AOL Safety Error Message:
SC0017
We found and were not able to clean or block
virus infected file (C:\WINDOWS\SYSTEM32
\QOMLMLJ.DLL). Your computer is at risk would you like us to delete this file?
------------------------------------------------
Other messages:

Tried to use Task Manager but I get the following: "Task Manager has been disabled by your administrator."

--------------------------------------------------------
At my toolbars next to the timestamp:
I get a triangle warning sign that says
"your computer is not protected against spyware"

Also, a red circle warning sign flashing, with this message:
A critical error could occur
****STOP: 0x000007B (0xf20184, 0x00000, 0xCC0034)***
Inaccessible handler or device.
Click this balloon to fix the problem.
---------------------------------------------------------
Desktop Screen has a black background with red lettering with the following message:
"Warning Spyware threat has been detected on your PC.
Your computer has several fatal errors due to spyware activity.
(pls note: this message also states my IP address)
---------------------------------------------------------
A Windows Security Center window pops up (it looks like a bogus window, I'm afraid to click on it).
This is what it says:
"Possible spyware infection detected"
Threat name: Trojandownloader.xs

Logfile of HijackThis v1.99.1
Scan saved at 10:19:17 PM, on 12/23/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lpcywinp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\1102564426\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\1102564426\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\Common Files\AOL\1102564426\ee\SSCEvtHdlr.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\mcafee.com\personal firewall\MpfTray.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\CAPICOM-KB931906-v2102.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://telemundo.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [avps] C:\WINDOWS\Driver Cache\avps.exe
O4 - HKLM\..\Run: [*avps] C:\WINDOWS\Driver Cache\avps.exe
O4 - HKLM\..\Run: [*imgmp3] C:\WINDOWS\Windows Update Setup Files\imgmp3.exe
O4 - HKLM\..\Run: [*mcc] C:\WINDOWS\msagent\intl\mcc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102564426\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102564426\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\System32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP000.TMP\"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Tswb] "C:\DOCUME~1\LUZLOP~1\APPLIC~1\PPATCH~1\arpa.exe" -vt yazb
O4 - HKCU\..\Run: [Vzccptqi] C:\WINDOWS\?icrosoft.NET\n?pdb.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120879466905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172431406701
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://D:\games\WebDriverFullInstall.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\avrjymrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Hosts Plugin - Unknown owner - C:\WINDOWS\system32\spoolcv.exe (file missing)
Go to the top of the page
 
+Quote Post
kahdah
post Dec 26 2007, 12:59 PM
Post #2


GeekU Teacher
Group Icon
Posts: 9,420
From: Somewhere
OS: Windows xp home



Hello giggles23

Welcome to G2Go. smile.gif
====================
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
  3. Double click on combofix.exe & follow the prompts.
  4. When finished, it will produce a report for you.
  5. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Go to the top of the page
 
+Quote Post
giggles23
post Dec 26 2007, 02:47 PM
Post #3


New Member
*
Posts: 6
OS: Windows XP
ComboFix 07-12-21.4 - Luz Lopez 2007-12-26 15:26:24.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.67 [GMT -5:00]
Running from: C:\Documents and Settings\Luz Lopez\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Luz Lopez\Application Data\PPATCH~1
C:\Documents and Settings\Luz Lopez\Application Data\PPATCH~1\??pPatch\
C:\Documents and Settings\Luz Lopez\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Luz Lopez\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Luz Lopez\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MSN\rtene.html
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\QdrModule\QdrModule11.exe
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Program Files\WinAble\winable.exe
C:\Program Files\WinAble\winable.exe.lzma
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hg173.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\icroso~1.net
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\abc2\bmbrpl2.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\awttrrs.dll
C:\WINDOWS\system32\bjmyhfuh.dllbox
C:\WINDOWS\system32\bmmuplhk.dll
C:\WINDOWS\system32\cfjotteq.exe
C:\WINDOWS\system32\cukksfpi.ini
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\egmulhxk.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fhlmjgjq.dll
C:\WINDOWS\system32\gbqjqqda.exe
C:\WINDOWS\system32\hdddvvxs.ini
C:\WINDOWS\system32\hvhhghed.exe
C:\WINDOWS\system32\hwhjobpx.dll
C:\WINDOWS\system32\iblurlcw.dll
C:\WINDOWS\system32\ipfskkuc.dll
C:\WINDOWS\system32\iuorcwno.dll
C:\WINDOWS\system32\iyjbqjor.dll
C:\WINDOWS\System32\jkklj.dll
C:\WINDOWS\system32\jlkkj.bak2
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\jlkkj.tmp
C:\WINDOWS\system32\khlpummb.ini
C:\WINDOWS\system32\kwlwmhqq.dll
C:\WINDOWS\system32\lpcywinp.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\nofywoe.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pnbrqpbv.dll
C:\WINDOWS\system32\qkwmc.dll
C:\WINDOWS\system32\qomlmlj.dll
C:\WINDOWS\system32\qommjhi.dll
C:\WINDOWS\system32\rojqbjyi.ini
C:\WINDOWS\system32\slecqorc.exe
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sxvvdddh.dll
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\tscgjitq.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wclrulbi.ini
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnscpsv32.exe
C:\WINDOWS\system32\xcjvowhn.dll
C:\WINDOWS\system32\ynfqatbv.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\DomainService
-------\Network Monitor
-------\nm


((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-26 15:21 . 2007-12-26 15:22 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-26 13:56 . 2007-12-26 15:28 14,033 --a------ C:\pos2AF6.tmp
2007-12-26 12:20 . 2007-12-26 12:20 <DIR> d-------- C:\WINDOWS\system32\svcd
2007-12-26 12:20 . 2007-12-26 12:20 4 --a------ C:\WINDOWS\system32\SvcNm
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\url3
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\url2
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\url1
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\CID
2007-12-26 12:19 . 2007-12-26 12:20 34,304 --a------ C:\wndbwkd.exe
2007-12-26 12:03 . 2007-12-26 12:04 14,033 --a------ C:\pos27FC.tmp
2007-12-26 12:02 . 2007-12-26 12:02 14,033 --a------ C:\pos274B.tmp
2007-12-26 12:01 . 2007-12-26 12:02 14,033 --a------ C:\pos263A.tmp
2007-12-26 10:50 . 2007-12-26 10:50 14,033 --a------ C:\pos2554.tmp
2007-12-26 10:49 . 2007-12-26 10:50 14,033 --a------ C:\pos2503.tmp
2007-12-26 09:58 . 2007-12-26 09:58 14,033 --a------ C:\pos2362.tmp
2007-12-26 09:57 . 2007-12-26 09:58 14,033 --a------ C:\pos2277.tmp
2007-12-26 09:41 . 2007-12-26 09:41 14,033 --a------ C:\pos216B.tmp
2007-12-26 09:40 . 2007-12-26 09:40 14,033 --a------ C:\pos2086.tmp
2007-12-26 09:12 . 2007-12-26 09:12 14,033 --a------ C:\pos203F.tmp
2007-12-25 15:25 . 2007-12-25 15:25 14,033 --a------ C:\pos1EE9.tmp
2007-12-25 15:24 . 2007-12-25 15:24 14,033 --a------ C:\pos1D69.tmp
2007-12-25 15:11 . 2007-12-25 15:11 14,033 --a------ C:\pos1D08.tmp
2007-12-25 15:10 . 2007-12-25 15:11 14,033 --a------ C:\pos1C2B.tmp
2007-12-24 11:29 . 2007-12-24 11:29 14,033 --a------ C:\pos1AFF.tmp
2007-12-24 11:28 . 2007-12-24 11:29 14,033 --a------ C:\pos1AE1.tmp
2007-12-24 11:27 . 2007-12-24 11:28 14,033 --a------ C:\pos1A22.tmp
2007-12-23 22:38 . 2007-12-23 22:38 14,033 --a------ C:\pos18FB.tmp
2007-12-23 21:50 . 2007-12-26 15:11 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-12-23 20:08 . 2007-12-23 20:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-23 20:08 . 2007-12-23 20:08 <DIR> d-------- C:\Documents and Settings\Luz Lopez\Application Data\SUPERAntiSpyware.com
2007-12-23 20:08 . 2007-12-23 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-23 19:58 . 2007-12-23 19:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-23 19:56 . 2007-12-23 22:27 14,033 --a------ C:\pos173A.tmp
2007-12-23 19:50 . 2007-12-23 19:50 14,033 --a------ C:\pos163C.tmp
2007-12-23 19:49 . 2007-12-23 19:50 14,033 --a------ C:\pos15F8.tmp
2007-12-23 19:48 . 2007-12-23 19:48 <DIR> d--hs---- C:\FOUND.003
2007-12-23 18:32 . 2007-12-23 18:32 14,033 --a------ C:\pos13DE.tmp
2007-12-23 18:31 . 2007-12-23 18:31 <DIR> d--hs---- C:\FOUND.002
2007-12-23 18:18 . 2007-12-23 18:18 14,033 --a------ C:\pos1218.tmp
2007-12-23 18:17 . 2007-12-23 18:17 14,033 --a------ C:\pos11BD.tmp
2007-12-23 18:13 . 2007-12-23 18:13 <DIR> d-------- C:\Documents and Settings\Luz Lopez\Application Data\SpywareBot
2007-12-23 13:54 . 2007-12-23 13:54 14,033 --a------ C:\pos119D.tmp
2007-12-23 13:53 . 2007-12-23 13:53 14,033 --a------ C:\posFFD.tmp
2007-12-23 13:52 . 2007-12-23 13:53 11,033 --a------ C:\posEF7.tmp
2007-12-23 13:52 . 2007-12-23 13:53 11,033 --a------ C:\posE60.tmp
2007-12-23 13:52 . 2007-12-23 13:53 10,033 --a------ C:\posE15.tmp
2007-12-23 13:52 . 2007-12-23 13:53 9,033 --a------ C:\posF02.tmp
2007-12-23 12:32 . 2007-12-23 12:32 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-23 12:32 . 2007-12-23 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 12:25 . 2007-12-23 12:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-23 12:05 . 2007-12-23 12:06 14,033 --a------ C:\posE14.tmp
2007-12-23 06:37 . 2007-12-23 06:37 14,033 --a------ C:\posDB5.tmp
2007-12-23 06:36 . 2007-12-23 06:37 14,033 --a------ C:\posBD1.tmp
2007-12-23 05:24 . 2007-12-23 05:24 14,033 --a------ C:\posBAF.tmp
2007-12-23 05:23 . 2007-12-23 05:24 14,033 --a------ C:\posA39.tmp
2007-12-23 02:05 . 2007-12-23 02:05 14,033 --a------ C:\pos9D2.tmp
2007-12-23 02:04 . 2007-12-23 02:05 14,033 --a------ C:\pos836.tmp
2007-12-23 00:56 . 2007-12-23 01:21 14,033 --a------ C:\pos7D8.tmp
2007-12-23 00:55 . 2007-12-23 01:21 14,033 --a------ C:\pos699.tmp
2007-12-23 00:54 . 2007-12-23 00:54 <DIR> d--hs---- C:\FOUND.001
2007-12-23 00:08 . 2007-12-23 18:37 984,617 ---hs---- C:\WINDOWS\system32\mbpfpvwk.ini
2007-12-22 23:50 . 2007-12-22 23:51 14,033 --a------ C:\pos50E.tmp
2007-12-22 23:33 . 2007-12-22 23:48 14,033 --a------ C:\posFA.tmp
2007-12-22 23:32 . 2007-12-22 23:48 14,033 --a------ C:\posF1.tmp
2007-12-22 23:25 . 2007-12-23 00:08 984,137 ---hs---- C:\WINDOWS\system32\oaytimrq.ini
2007-12-22 23:19 . 2007-12-22 23:19 165,472 --a------ C:\WINDOWS\system32\rgrpblns.dll
2007-12-17 21:32 . 2007-12-22 23:19 991,223 ---hs---- C:\WINDOWS\system32\vwwjchxc.ini
2007-12-16 20:04 . 2007-12-16 20:04 <DIR> d--hs---- C:\FOUND.000
2007-12-16 11:06 . 2007-12-23 02:17 2,412 --a------ C:\WINDOWS\WinInit.Ini
2007-12-16 10:19 . 2007-12-17 21:27 971,309 ---hs---- C:\WINDOWS\system32\ausydbyd.ini
2007-12-15 22:17 . 2007-12-15 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-15 22:17 . 2007-12-15 22:17 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-12-15 22:15 . 2007-12-15 22:15 <DIR> d-------- C:\Program Files\Spruce
2007-12-15 22:15 . 2007-12-15 22:15 97,280 --a------ C:\mlist3.exe
2007-12-15 22:12 . 2007-12-15 22:12 <DIR> d--hs---- C:\WINDOWS\THV6IExvcGV6
2007-12-15 22:12 . 2007-12-15 22:12 <DIR> d-------- C:\WINDOWS\system32\shel9
2007-12-15 22:12 . 2007-12-15 22:12 <DIR> d-------- C:\WINDOWS\system32\oc9
2007-12-15 22:12 . 2007-12-15 22:12 <DIR> d-------- C:\WINDOWS\system32\ineWc02
2007-12-15 22:12 . 2007-12-15 22:12 <DIR> d-------- C:\WINDOWS\system32\ex1
2007-12-15 22:12 . 2007-12-15 22:12 <DIR> d-------- C:\Temp\tpBe12
2007-12-15 22:12 . 2007-12-15 22:12 <DIR> d-------- C:\Temp
2007-12-09 14:29 . 2007-12-26 10:42 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-09 14:28 . 2007-12-17 21:35 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 20:33 196 ----a-w C:\WINDOWS\system32\drivers\ALCICH.DAT
2007-12-23 04:19 165,472 ----a-w C:\WINDOWS\system32\bjmyhfuh.dll
2007-12-09 22:08 4,180 ----a-w C:\Documents and Settings\Incomplete\downloads.dat
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2005-02-06 14:09 68,792 ----a-w C:\Documents and Settings\Luz Lopez\Application Data\GDIPFONTCACHEV1.DAT
2004-08-22 00:19 490,608 ----a-w C:\Program Files\ie6setup.exe
2004-06-12 20:27 449 ----a-w C:\Documents and Settings\Luz Lopez\UpdateReg.reg
2004-02-03 00:44 560 ----a-w C:\Documents and Settings\Luz Lopez\PCDOC.BAT
2004-12-08 19:36 515,070,519 --sh--w C:\WINDOWS\msagent\intl\ccm.bak2
2004-12-08 19:20 515,070,519 --sha-w C:\WINDOWS\msagent\intl\ccm.bak1
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54DE7259-C729-45B1-BBD8-4BE9B5BD8248}]
2007-11-29 10:28 401408 --------- C:\Program Files\Spruce\Spruce.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66930D82-76B9-4F7D-BA41-C6A61EB4C3A5}]
C:\Program Files\ComPlus Applications\mesowidy83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E10CF36-F366-4924-905F-26B2278624B4}]
C:\Program Files\ComPlus Applications\mesowidy4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-22 23:19 165472 --a------ C:\WINDOWS\system32\bjmyhfuh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C042BB7D-A3A7-4A76-2E93-30AC242944A1}]
C:\Program Files\MSN\qufa714.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9C5C91A-3977-4892-88AB-42A912A4B80B}]
C:\Program Files\ComPlus Applications\mesowidyC:\DOCUME~1\LUZLOP~1\LOCALS~1\Temp\\hpzasda213a.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 20:52]
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" []
"Tswb"="C:\DOCUME~1\LUZLOP~1\APPLIC~1\PPATCH~1\arpa.exe" []
"Vzccptqi"="C:\WINDOWS\?icrosoft.NET\n?pdb.exe" []
"QdrModule11"="C:\Program Files\QdrModule\QdrModule11.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDRealtime"="C:\WINDOWS\realtime.exe" [2003-03-15 22:46]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" []
"avps"="C:\WINDOWS\Driver Cache\avps.exe" []
"*avps"="C:\WINDOWS\Driver Cache\avps.exe" []
"*imgmp3"="C:\WINDOWS\Windows Update Setup Files\imgmp3.exe" []
"*mcc"="C:\WINDOWS\msagent\intl\mcc.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1102564426\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-08-07 08:47]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2006-02-16 20:35]
"NewsUpd"="C:\Program Files\Creative\News\NewsUpd.exe" [2000-03-23 02:00]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe" [2006-11-20 15:42]
"sscRun"="C:\Program Files\Common Files\AOL\1102564426\ee\SSCRun.exe" [2006-11-20 15:42]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2005-08-18 16:57]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2005-10-19 12:13]
"MPFEXE"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bjmyhfuh]
bjmyhfuh.dll 2007-12-22 23:19 165472 C:\WINDOWS\system32\bjmyhfuh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkjhh]
jkkkjhh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
soundman.exe

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2002-06-06 01:07]
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\System32\drivers\cdrbsvsd.sys [2003-04-28 20:38]
R2 SetupNT;SetupNT;C:\WINDOWS\System32\SetupNT.sys [2000-10-25 15:27]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\System32\DRIVERS\DLKRTS.SYS [2002-06-23 16:31]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\System32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\System32\Drivers\ALIEHCI.sys [2003-12-18 20:56]
S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\System32\DRIVERS\AliRtHub.sys [2003-12-18 10:45]
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\System32\DRIVERS\tj2knd5.sys [2002-10-14 01:40]
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\System32\DRIVERS\tj2kunic.sys [2002-10-14 01:40]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-08-23 12:00]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 20:34:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2007-11-18 01:00:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ANGEL-GN8G3KS7K-Luz Lopez).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 15:34:23
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\bjmyhfuh.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2600.0000]
-> C:\WINDOWS\system32\bjmyhfuh.dll
.
Completion time: 2007-12-26 15:38:38 - machine was rebooted
.
2007-12-26 15:41:10 --- E O F ---



Logfile of HijackThis v1.99.1
Scan saved at 3:39:12 PM, on 12/26/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svcd\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1102564426\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\1102564426\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1102564426\ee\SSCEvtHdlr.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://telemundo.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cg...=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll
O2 - BHO: (no name) - {66930D82-76B9-4F7D-BA41-C6A61EB4C3A5} - C:\Program Files\ComPlus Applications\mesowidy83122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {9E10CF36-F366-4924-905F-26B2278624B4} - C:\Program Files\ComPlus Applications\mesowidy4444.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bjmyhfuh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 0 - {C042BB7D-A3A7-4A76-2E93-30AC242944A1} - C:\Program Files\MSN\qufa714.dll (file missing)
O2 - BHO: (no name) - {F9C5C91A-3977-4892-88AB-42A912A4B80B} - C:\Program Files\ComPlus Applications\mesowidyC:\DOCUME~1\LUZLOP~1\LOCALS~1\Temp\\hpzasda213a.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [avps] C:\WINDOWS\Driver Cache\avps.exe
O4 - HKLM\..\Run: [*avps] C:\WINDOWS\Driver Cache\avps.exe
O4 - HKLM\..\Run: [*imgmp3] C:\WINDOWS\Windows Update Setup Files\imgmp3.exe
O4 - HKLM\..\Run: [*mcc] C:\WINDOWS\msagent\intl\mcc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102564426\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1102564426\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFEXE] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Tswb] "C:\DOCUME~1\LUZLOP~1\APPLIC~1\PPATCH~1\arpa.exe" -vt yazb
O4 - HKCU\..\Run: [Vzccptqi] C:\WINDOWS\?icrosoft.NET\n?pdb.exe
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120879466905
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172431406701
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://D:\games\WebDriverFullInstall.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: bjmyhfuh - C:\WINDOWS\SYSTEM32\bjmyhfuh.dll
O20 - Winlogon Notify: jkkkjhh - jkkkjhh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1102564426\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Security Service (VGEU) - Unknown owner - C:\WINDOWS\System32\svcd\svchost.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Hosts Plugin - Unknown owner - C:\WINDOWS\system32\spoolcv.exe (file missing)
Go to the top of the page
 
+Quote Post
giggles23
post Dec 26 2007, 04:25 PM
Post #4


New Member
*
Posts: 6
OS: Windows XP
This message was edited.

Hi Kahdah, I searched your previous topics with other members. I found one that exactly resembles the problem I'm encountering at startup:

During a scan of files at system startup,potential errors in the system registry were found.
p-07-0100 irql; 1f SYSVER 0xff00024
NT_Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED

I did the SmitfraudFix, Combofix and than did a Hijacklog. However, your next solution was to open Notepad and insert a code & to save as CFScript.txt, in which I did not continue because I was not sure if those codes apply to me.
Please see below for the 3 logs and let me know whats next:

Thanks! wacko.gif

SmitFraudFix v2.274

Scan done at 20:36:24.95, Wed 12/26/2007
Run from C:\Documents and Settings\Luz Lopez\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0F1BEECC-27C2-4ABE-A0B2-DA49A4084076}: DhcpNameServer=24.29.99.32 24.29.99.18 24.29.99.19
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A497645-E0BE-4D1A-85E0-11F09B0182C5}: DhcpNameServer=192.168.2.1 71.250.0.12 71.242.0.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9CD99937-A907-4103-8B56-FF5F9D48F8E2}: DhcpNameServer=68.87.64.196 68.87.66.196 68.46.144.6
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0F1BEECC-27C2-4ABE-A0B2-DA49A4084076}: DhcpNameServer=24.29.99.32 24.29.99.18 24.29.99.19
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2A497645-E0BE-4D1A-85E0-11F09B0182C5}: DhcpNameServer=192.168.2.1 71.250.0.12 71.242.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9CD99937-A907-4103-8B56-FF5F9D48F8E2}: DhcpNameServer=68.87.64.196 68.87.66.196 68.46.144.6
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0F1BEECC-27C2-4ABE-A0B2-DA49A4084076}: DhcpNameServer=24.29.99.32 24.29.99.18 24.29.99.19
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2A497645-E0BE-4D1A-85E0-11F09B0182C5}: DhcpNameServer=192.168.2.1 71.250.0.12 71.242.0.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9CD99937-A907-4103-8B56-FF5F9D48F8E2}: DhcpNameServer=68.87.64.196 68.87.66.196 68.46.144.6
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 71.250.0.12 71.242.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 71.250.0.12 71.242.0.12
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 71.250.0.12 71.242.0.12


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


ComboFix 07-12-21.4 - Luz Lopez 2007-12-26 20:50:11.2 - FAT32x86
Running from: C:\Documents and Settings\Luz Lopez\Desktop\ComboFix.exe
.
/wow section - STAGE 3

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bjmyhfuh.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-26 20:43 . 2007-12-26 20:52 14,033 --a------ C:\pos37FF.tmp
2007-12-26 20:42 . 2007-12-26 20:52 14,033 --a------ C:\pos3765.tmp
2007-12-26 20:36 . 2007-12-26 20:36 14,033 --a------ C:\pos3693.tmp
2007-12-26 20:35 . 2007-12-26 20:36 14,033 --a------ C:\pos358E.tmp
2007-12-26 20:20 . 2007-12-26 20:33 14,033 --a------ C:\pos354F.tmp
2007-12-26 20:19 . 2007-12-26 20:33 14,033 --a------ C:\pos3453.tmp
2007-12-26 20:18 . 2007-12-26 20:33 14,033 --a------ C:\pos3384.tmp
2007-12-26 19:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-26 19:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-26 19:43 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-26 19:43 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-26 19:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-26 19:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-26 19:43 . 2007-12-26 20:36 3,822 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-26 19:41 . 2007-12-26 19:43 14,033 --a------ C:\pos31A2.tmp
2007-12-26 19:39 . 2007-12-26 19:39 14,033 --a------ C:\pos3174.tmp
2007-12-26 19:28 . 2007-12-26 19:32 14,033 --a------ C:\pos310B.tmp
2007-12-26 19:27 . 2007-12-26 19:32 14,033 --a------ C:\pos2F27.tmp
2007-12-26 16:53 . 2007-12-26 19:23 14,033 --a------ C:\pos2F19.tmp
2007-12-26 16:52 . 2007-12-26 19:23 14,033 --a------ C:\pos2E35.tmp
2007-12-26 15:36 . 2007-12-26 16:50 14,033 --a------ C:\pos2CBD.tmp
2007-12-26 15:35 . 2007-12-26 16:50 14,033 --a------ C:\pos2BE2.tmp
2007-12-26 15:21 . 2007-12-26 17:54 7,168 --a------ C:\WINDOWS\system32\windows
2007-12-26 13:56 . 2007-12-26 15:28 14,033 --a------ C:\pos2AF6.tmp
2007-12-26 12:20 . 2007-12-26 12:20 <DIR> d-------- C:\WINDOWS\system32\svcd
2007-12-26 12:20 . 2007-12-26 12:20 4 --a------ C:\WINDOWS\system32\SvcNm
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\url3
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\url2
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\url1
2007-12-26 12:20 . 2007-12-26 12:20 0 --a------ C:\WINDOWS\system32\CID
2007-12-26 12:19 . 2007-12-26 12:20 34,304 --a------ C:\wndbwkd.exe
2007-12-26 12:03 . 2007-12-26 12:04 14,033 --a------ C:\pos27FC.tmp
2007-12-26 12:02 . 2007-12-26 12:02 14,033 --a------ C:\pos274B.tmp
2007-12-26 12:01 . 2007-12-26 12:02 14,033 --a------ C:\pos263A.tmp
2007-12-26 10:50 . 2007-12-26 10:50 14,033 --a------ C:\pos2554.tmp
2007-12-26 10:49 . 2007-12-26 10:50 14,033 --a------ C:\pos2503.tmp
2007-12-26 09:58 . 2007-12-26 09:58 14,033 --a------ C:\pos2362.tmp
2007-12-26 09:57 . 2007-12-26 09:58 14,033 --a------ C:\pos2277.tmp
2007-12-26 09:41 . 2007-12-26 09:41 14,033 --a------ C:\pos216B.tmp
2007-12-26 09:40 . 2007-12-26 09:40 14,033 --a------ C:\pos2086.tmp
2007-12-26 09:12 . 2007-12-26 09:12 14,033 --a------ C:\pos203F.tmp
2007-12-25 15:25 . 2007-12-25 15:25 14,033 --a------ C:\pos1EE9.tmp
2007-12-25 15:24 . 2007-12-25 15:24 14,033 --a------ C:\pos1D69.tmp
2007-12-25 15:11 . 2007-12-25 15:11 14,033 --a------ C:\pos1D08.tmp
2007-12-25 15:10 . 2007-12-25 15:11 14,033 --a------ C:\pos1C2B.tmp
2007-12-24 11:29 . 2007-12-24 11:29 14,033 --a------ C:\pos1AFF.tmp
2007-12-24 11:28 . 2007-12-24 11:29 14,033 --a------ C:\pos1AE1.tmp
2007-12-24 11:27 . 2007-12-24 11:28 14,033 --a------ C:\pos1A22.tmp
2007-12-23 22:38 . 2007-12-23 22:38 14,033 --a------ C:\pos18FB.tmp
2007-12-23 20:08 . 2007-12-23 20:08 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-23 20:08 . 2007-12-23 20:08 <DIR> d-------- C:\Documents and Settings\Luz Lopez\Application Data\SUPERAntiSpyware.com
2007-12-23 20:08 . 2007-12-23 20:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-23 19:58 . 2007-12-23 19:58 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-12-23 19:56 . 2007-12-23 22:27 14,033 --a------ C:\pos173A.tmp
2007-12-23 19:50 . 2007-12-23 19:50 14,033 --a------ C:\pos163C.tmp
2007-12-23 19:49 . 2007-12-23 19:50 14,033 --a------ C:\pos15F8.tmp
2007-12-23 19:48 . 2007-12-23 19:48 <DIR> d--hs---- C:\FOUND.003
2007-12-23 18:32 . 2007-12-23 18:32 14,033 --a------ C:\pos13DE.tmp
2007-12-23 18:31 . 2007-12-23 18:31 <DIR> d--hs---- C:\FOUND.002
2007-12-23 18:18 . 2007-12-23 18:18 14,033 --a------ C:\pos1218.tmp
2007-12-23 18:17 . 2007-12-23 18:17 14,033 --a------ C:\pos11BD.tmp