Hi Silver, I appreciate your help very much. I followed your instructions. Remember that I cannot disable the axpfixer that I guess is causing the problems. I did snooze the antivirus tho. It worked as you said with these few differences: While the combofix log was running, the dialog box said do not run any other programs. But, as soon as it rebooted and started to run the log, axp fixer popped up. I closed it but could see it running in background in the task bar. Thru out the process, that "Sorry, jpeg dll not found. You must reinstall program" continued to pop up. 18 times so far, every few minutes. When axpfixer finished running in the background, it gave dialog box as usual saying 186 threat found, recommend cleaning. (That's the $50 purchase deal.) after I ran both logs and rebooted, the big yellow warning box was still in the center of my desktop, and AXPfixer was still there too. System remains very slow while axp running in background. When it finishes (and tells me to clean), it frees up and regains speed. I did notice that when I checked those 5 boxes you told me to check, there was one for AXPfixer. I guess checkng that wont get rid of it?
Anyway...thanks for haning in with us! Here are the 2 logs:
Logfile of HijackThis v1.99.1
Scan saved at 19:37, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AXPFixer\AXPFixer.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinService32] svchost
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe
O4 - HKLM\..\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) -
http://www1.snapfish...tlookImport.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish...fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1119564746437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1119570358859
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://real.gamehous...mjolauncher.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -
http://photo.walmart...ploadClient.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) -
http://photo.walmart...ploadClient.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
http://real.gamehous...outLauncher.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) -
http://photofiddle.c...loaderProj1.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
ComboFix 08-06-15.2 - Owner 2008-06-16 19:20:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.283 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.RESTOREFEB05\desktop\combofix.exe
Command switches used :: /killall
.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.
2008-06-15 00:01 . 2008-06-14 23:51 52,736 --a------ C:\WINDOWS\system32\FF.tmp
2008-06-14 23:41 . 2008-06-14 23:31 52,736 --a------ C:\WINDOWS\system32\F9.tmp
2008-06-14 23:31 . 2008-06-14 23:20 52,736 --a------ C:\WINDOWS\system32\F6.tmp
2008-06-14 23:20 . 2008-06-14 23:10 52,736 --a------ C:\WINDOWS\system32\F3.tmp
2008-06-14 23:10 . 2008-06-14 23:00 52,736 --a------ C:\WINDOWS\system32\F0.tmp
2008-06-14 23:00 . 2008-06-14 22:49 52,736 --a------ C:\WINDOWS\system32\ED.tmp
2008-06-14 22:49 . 2008-06-14 22:39 52,736 --a------ C:\WINDOWS\system32\EA.tmp
2008-06-14 22:39 . 2008-06-14 22:28 52,736 --a------ C:\WINDOWS\system32\E7.tmp
2008-06-14 22:28 . 2008-06-14 22:18 52,736 --a------ C:\WINDOWS\system32\E4.tmp
2008-06-14 22:18 . 2008-06-14 22:08 52,736 --a------ C:\WINDOWS\system32\E1.tmp
2008-06-14 22:08 . 2008-06-14 21:58 52,736 --a------ C:\WINDOWS\system32\DE.tmp
2008-06-14 21:57 . 2008-06-14 21:47 52,736 --a------ C:\WINDOWS\system32\DB.tmp
2008-06-14 21:47 . 2008-06-14 21:37 52,736 --a------ C:\WINDOWS\system32\D8.tmp
2008-06-14 21:37 . 2008-06-14 21:27 52,736 --a------ C:\WINDOWS\system32\D5.tmp
2008-06-14 21:27 . 2008-06-14 21:16 52,736 --a------ C:\WINDOWS\system32\D2.tmp
2008-06-14 21:16 . 2008-06-14 21:06 52,736 --a------ C:\WINDOWS\system32\CF.tmp
2008-06-14 21:06 . 2008-06-14 20:56 52,736 --a------ C:\WINDOWS\system32\CC.tmp
2008-06-14 20:56 . 2008-06-14 20:46 52,736 --a------ C:\WINDOWS\system32\C9.tmp
2008-06-14 20:46 . 2008-06-14 20:36 52,736 --a------ C:\WINDOWS\system32\C6.tmp
2008-06-14 20:36 . 2008-06-14 20:26 52,736 --a------ C:\WINDOWS\system32\C3.tmp
2008-06-14 20:26 . 2008-06-14 20:16 52,736 --a------ C:\WINDOWS\system32\C0.tmp
2008-06-14 20:16 . 2008-06-14 20:05 52,736 --a------ C:\WINDOWS\system32\BC.tmp
2008-06-14 20:05 . 2008-06-14 19:55 52,736 --a------ C:\WINDOWS\system32\B9.tmp
2008-06-14 19:55 . 2008-06-14 19:45 52,736 --a------ C:\WINDOWS\system32\B5.tmp
2008-06-14 19:45 . 2008-06-14 19:35 52,736 --a------ C:\WINDOWS\system32\B0.tmp
2008-06-14 19:35 . 2008-06-14 19:25 52,736 --a------ C:\WINDOWS\system32\AD.tmp
2008-06-14 19:25 . 2008-06-14 19:15 52,736 --a------ C:\WINDOWS\system32\AA.tmp
2008-06-14 19:15 . 2008-06-14 19:05 52,736 --a------ C:\WINDOWS\system32\A7.tmp
2008-06-14 19:05 . 2008-06-14 18:55 52,736 --a------ C:\WINDOWS\system32\A3.tmp
2008-06-14 18:55 . 2008-06-14 18:45 52,736 --a------ C:\WINDOWS\system32\A0.tmp
2008-06-14 17:55 . 2008-06-14 17:45 52,736 --a------ C:\WINDOWS\system32\8E.tmp
2008-06-14 17:45 . 2008-06-14 17:34 52,736 --a------ C:\WINDOWS\system32\8B.tmp
2008-06-14 17:34 . 2008-06-14 17:24 52,736 --a------ C:\WINDOWS\system32\86.tmp
2008-06-14 17:24 . 2008-06-14 17:14 52,736 --a------ C:\WINDOWS\system32\81.tmp
2008-06-14 17:14 . 2008-06-14 17:04 52,736 --a------ C:\WINDOWS\system32\7D.tmp
2008-06-14 17:04 . 2008-06-14 16:54 52,736 --a------ C:\WINDOWS\system32\78.tmp
2008-06-14 16:54 . 2008-06-14 16:44 52,736 --a------ C:\WINDOWS\system32\75.tmp
2008-06-14 08:11 . 2008-06-14 08:01 52,736 --a------ C:\WINDOWS\system32\3AC.tmp
2008-06-14 08:01 . 2008-06-14 07:50 52,736 --a------ C:\WINDOWS\system32\3A9.tmp
2008-06-14 07:50 . 2008-06-14 07:40 52,736 --a------ C:\WINDOWS\system32\3A6.tmp
2008-06-14 07:40 . 2008-06-14 07:30 52,736 --a------ C:\WINDOWS\system32\3A3.tmp
2008-06-14 07:30 . 2008-06-14 07:19 52,736 --a------ C:\WINDOWS\system32\3A0.tmp
2008-06-14 07:19 . 2008-06-14 07:09 52,736 --a------ C:\WINDOWS\system32\39D.tmp
2008-06-14 07:09 . 2008-06-14 06:59 52,736 --a------ C:\WINDOWS\system32\39A.tmp
2008-06-14 06:58 . 2008-06-14 06:48 52,736 --a------ C:\WINDOWS\system32\397.tmp
2008-06-14 06:48 . 2008-06-14 06:38 52,736 --a------ C:\WINDOWS\system32\394.tmp
2008-06-14 06:38 . 2008-06-14 06:28 52,736 --a------ C:\WINDOWS\system32\391.tmp
2008-06-14 06:28 . 2008-06-14 06:17 52,736 --a------ C:\WINDOWS\system32\38E.tmp
2008-06-14 06:17 . 2008-06-14 06:07 52,736 --a------ C:\WINDOWS\system32\38B.tmp
2008-06-14 06:07 . 2008-06-14 05:56 52,736 --a------ C:\WINDOWS\system32\388.tmp
2008-06-14 05:56 . 2008-06-14 05:46 52,736 --a------ C:\WINDOWS\system32\385.tmp
2008-06-14 05:46 . 2008-06-14 05:36 52,736 --a------ C:\WINDOWS\system32\382.tmp
2008-06-14 05:36 . 2008-06-14 05:26 52,736 --a------ C:\WINDOWS\system32\37F.tmp
2008-06-14 05:26 . 2008-06-14 05:15 52,736 --a------ C:\WINDOWS\system32\37C.tmp
2008-06-14 05:15 . 2008-06-14 05:05 52,736 --a------ C:\WINDOWS\system32\379.tmp
2008-06-14 05:05 . 2008-06-14 04:55 52,736 --a------ C:\WINDOWS\system32\376.tmp
2008-06-14 04:55 . 2008-06-14 04:44 52,736 --a------ C:\WINDOWS\system32\373.tmp
2008-06-14 04:44 . 2008-06-14 04:34 52,736 --a------ C:\WINDOWS\system32\370.tmp
2008-06-14 04:34 . 2008-06-14 04:24 52,736 --a------ C:\WINDOWS\system32\36D.tmp
2008-06-14 04:24 . 2008-06-14 04:14 52,736 --a------ C:\WINDOWS\system32\36A.tmp
2008-06-14 04:14 . 2008-06-14 04:03 52,736 --a------ C:\WINDOWS\system32\367.tmp
2008-06-14 04:03 . 2008-06-14 03:53 52,736 --a------ C:\WINDOWS\system32\364.tmp
2008-06-14 03:53 . 2008-06-14 03:43 52,736 --a------ C:\WINDOWS\system32\361.tmp
2008-06-14 03:43 . 2008-06-14 03:33 52,736 --a------ C:\WINDOWS\system32\35E.tmp
2008-06-14 03:33 . 2008-06-14 03:22 52,736 --a------ C:\WINDOWS\system32\35B.tmp
2008-06-14 03:22 . 2008-06-14 03:12 52,736 --a------ C:\WINDOWS\system32\358.tmp
2008-06-14 03:12 . 2008-06-14 03:02 52,736 --a------ C:\WINDOWS\system32\355.tmp
2008-06-14 03:02 . 2008-06-14 02:52 52,736 --a------ C:\WINDOWS\system32\352.tmp
2008-06-14 02:52 . 2008-06-14 02:41 52,736 --a------ C:\WINDOWS\system32\34F.tmp
2008-06-14 02:41 . 2008-06-14 02:30 52,736 --a------ C:\WINDOWS\system32\34C.tmp
2008-06-14 02:30 . 2008-06-14 02:20 52,736 --a------ C:\WINDOWS\system32\348.tmp
2008-06-14 02:20 . 2008-06-14 02:09 52,736 --a------ C:\WINDOWS\system32\345.tmp
2008-06-14 02:09 . 2008-06-14 01:59 52,736 --a------ C:\WINDOWS\system32\342.tmp
2008-06-14 01:59 . 2008-06-14 01:49 52,736 --a------ C:\WINDOWS\system32\33F.tmp
2008-06-14 01:49 . 2008-06-14 01:39 52,736 --a------ C:\WINDOWS\system32\33C.tmp
2008-06-14 01:39 . 2008-06-14 01:29 52,736 --a------ C:\WINDOWS\system32\339.tmp
2008-06-14 01:29 . 2008-06-14 01:18 52,736 --a------ C:\WINDOWS\system32\336.tmp
2008-06-14 01:18 . 2008-06-14 01:08 52,736 --a------ C:\WINDOWS\system32\333.tmp
2008-06-14 01:08 . 2008-06-14 00:58 52,736 --a------ C:\WINDOWS\system32\330.tmp
2008-06-14 00:58 . 2008-06-14 00:48 52,736 --a------ C:\WINDOWS\system32\32D.tmp
2008-06-14 00:48 . 2008-06-14 00:38 52,736 --a------ C:\WINDOWS\system32\32A.tmp
2008-06-14 00:38 . 2008-06-14 00:27 52,736 --a------ C:\WINDOWS\system32\327.tmp
2008-06-14 00:27 . 2008-06-14 00:17 52,736 --a------ C:\WINDOWS\system32\324.tmp
2008-06-14 00:17 . 2008-06-14 00:04 52,736 --a------ C:\WINDOWS\system32\321.tmp
2008-06-14 00:04 . 2008-06-13 23:44 52,736 --a------ C:\WINDOWS\system32\31E.tmp
2008-06-13 23:44 . 2008-06-13 23:23 52,736 --a------ C:\WINDOWS\system32\31B.tmp
2008-06-13 23:23 . 2008-06-13 23:02 52,736 --a------ C:\WINDOWS\system32\318.tmp
2008-06-13 23:02 . 2008-06-13 22:42 52,736 --a------ C:\WINDOWS\system32\315.tmp
2008-06-13 22:41 . 2008-06-13 22:21 52,736 --a------ C:\WINDOWS\system32\312.tmp
2008-06-13 22:21 . 2008-06-13 22:01 52,736 --a------ C:\WINDOWS\system32\30F.tmp
2008-06-13 22:01 . 2008-06-13 21:40 52,736 --a------ C:\WINDOWS\system32\309.tmp
2008-06-13 21:40 . 2008-06-13 21:19 52,736 --a------ C:\WINDOWS\system32\305.tmp
2008-06-13 20:58 . 2008-06-13 20:38 52,736 --a------ C:\WINDOWS\system32\2DE.tmp
2008-06-13 20:38 . 2008-06-13 20:18 52,736 --a------ C:\WINDOWS\system32\2DB.tmp
2008-06-13 20:18 . 2008-06-13 19:57 52,736 --a------ C:\WINDOWS\system32\2D8.tmp
2008-06-13 19:37 . 2008-06-13 19:17 52,736 --a------ C:\WINDOWS\system32\28E.tmp
2008-06-13 17:58 . 2008-06-13 17:58 <DIR> d-------- C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\AXPFixer
2008-06-13 17:57 . 2008-06-13 17:57 <DIR> d-------- C:\Program Files\AXPFixer
2008-06-12 22:35 . 2008-06-12 22:25 52,736 --a------ C:\WINDOWS\system32\5F.tmp
2008-06-12 22:25 . 2008-06-12 22:15 52,736 --a------ C:\WINDOWS\system32\5C.tmp
2008-06-12 22:15 . 2008-06-12 22:05 52,736 --a------ C:\WINDOWS\system32\59.tmp
2008-06-12 22:05 . 2008-06-12 21:55 52,736 --a------ C:\WINDOWS\system32\55.tmp
2008-06-12 21:55 . 2008-06-12 21:39 52,736 --a------ C:\WINDOWS\system32\50.tmp
2008-06-12 21:39 . 2008-06-12 21:29 52,736 --a------ C:\WINDOWS\system32\48.tmp
2008-06-12 21:29 . 2008-06-12 21:19 52,736 --a------ C:\WINDOWS\system32\41.tmp
2008-06-12 21:19 . 2008-06-12 21:09 52,736 --a------ C:\WINDOWS\system32\3B.tmp
2008-06-12 21:09 . 2008-06-12 20:59 52,736 --a------ C:\WINDOWS\system32\30.tmp
2008-06-12 20:59 . 2008-06-12 20:48 52,736 --a------ C:\WINDOWS\system32\27.tmp
2008-06-12 20:44 . 2008-06-12 20:34 52,736 --a------ C:\WINDOWS\system32\BB.tmp
2008-06-12 20:34 . 2008-06-12 20:24 52,736 --a------ C:\WINDOWS\system32\B7.tmp
2008-06-12 20:24 . 2008-06-12 20:14 52,736 --a------ C:\WINDOWS\system32\B4.tmp
2008-06-12 20:04 . 2008-06-12 19:53 52,736 --a------ C:\WINDOWS\system32\4F.tmp
2008-06-12 19:43 . 2008-06-12 19:33 52,736 --a------ C:\WINDOWS\system32\46.tmp
2008-06-12 19:23 . 2008-06-12 19:13 52,736 --a------ C:\WINDOWS\system32\3E.tmp
2008-06-12 18:09 . 2008-06-12 17:59 52,736 --a------ C:\WINDOWS\system32\31.tmp
2008-06-12 17:59 . 2008-06-12 17:49 52,736 --a------ C:\WINDOWS\system32\2B.tmp
2008-06-12 17:49 . 2008-06-12 17:39 52,736 --a------ C:\WINDOWS\system32\28.tmp
2008-06-12 17:39 . 2008-06-12 17:29 52,736 --a------ C:\WINDOWS\system32\22.tmp
2008-06-12 17:29 . 2008-06-12 17:18 52,736 --a------ C:\WINDOWS\system32\1E.tmp
2008-06-12 17:18 . 2008-06-12 17:08 52,736 --a------ C:\WINDOWS\system32\19.tmp
2008-06-12 16:56 . 2008-06-12 16:46 52,736 --a------ C:\WINDOWS\system32\3F.tmp
2008-06-12 16:46 . 2008-06-12 16:36 52,736 --a------ C:\WINDOWS\system32\3C.tmp
2008-06-12 16:36 . 2008-06-12 16:26 52,736 --a------ C:\WINDOWS\system32\38.tmp
2008-06-12 16:26 . 2008-06-12 16:16 52,736 --a------ C:\WINDOWS\system32\33.tmp
2008-06-12 16:16 . 2008-06-12 16:06 52,736 --a------ C:\WINDOWS\system32\2E.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 14:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 22:12 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-06-13 22:12 32,240 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-06-13 22:12 26,352 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2008-06-13 22:12 21,488 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-06-13 22:12 21,104 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2008-06-09 22:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-04 22:37 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-04 22:37 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2008-05-31 21:46 --------- d-----w C:\Program Files\Java
2008-05-31 21:40 --------- d-----w C:\Program Files\Furcadia
2008-05-31 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 22:47 0 ----a-w C:\Program Files\temp01
2007-06-22 23:15 512 ---ha-w C:\Documents and Settings\Owner.VIGGO.000\hpothb07.dat
2007-06-22 23:15 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2007-06-22 23:15 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2007-06-22 23:14 529 ---ha-w C:\Program Files\hpothb07.tif
2007-06-22 23:14 318 -c-ha-w C:\Program Files\hpothb07.dat
2007-06-22 23:14 185 ---ha-w C:\Documents and Settings\All Users\Application Data\hpothb07.dat
2006-11-18 21:50 524 ---ha-w C:\Documents and Settings\Owner.RESTOREFEB05\hpothb07.dat
2006-11-18 21:50 157 ---ha-w C:\Documents and Settings\Owner.VIGGO\hpothb07.dat
2006-01-22 16:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-11-26 01:33 167 ---ha-w C:\Documents and Settings\OWNERV~1~000\hpothb07.dat
2005-11-26 01:33 0 -c-ha-w C:\Documents and Settings\Royster\hpothb07.dat
2005-08-18 00:48 956 ---ha-w C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\hpothb07.dat
2005-06-21 22:56 158 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-06-21 22:56 158 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2005-06-21 22:56 0 -c-ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2004-06-09 15:54 390 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2004-05-24 16:34 166,887 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Owner.VIGGO.000\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Guest\Application Data\tvmknwrd.dll
2003-11-01 15:34 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-15_19.45.38.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 23:19:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 23:25:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-15 23:21:01 52,736 ----a-w C:\WINDOWS\system32\blphc3bmj0eg6r.scr
+ 2008-06-16 23:05:19 52,736 ----a-w C:\WINDOWS\system32\blphc3bmj0eg6r.scr
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 21:00 200767]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 23:28 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-01 20:03 77824]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 21:37 1544192]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"WinService32"="svchost" []
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2008-06-13 18:12 234736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 15:44 185896]
"cctray"="C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2008-05-21 18:13 181512]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AXPFixer"="C:\Program Files\AXPFixer\AXPFixer.exe" [2008-05-19 14:03 1564672]
"WinLiveUpdate"="C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe" [2005-06-17 13:37 636416]
C:\Documents and Settings\Owner.VIGGO.000\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-06-15 21:13:40 256000]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-22 21:37:11 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-01-27 15:54:31 1078]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-01-03 14:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a8777a-827f-11d9-9dc7-806d6172696f}]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 22:31:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7200#CN37Q2B178I3.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
"2008-06-16 23:22:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-06-15 23:50:20 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-16 19:27:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-06-16 19:36:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 23:35:31
ComboFix2.txt 2008-06-15 23:48:37
Pre-Run: 41,697,681,408 bytes free
Post-Run: 41,707,057,152 bytes free
277 --- E O F --- 2008-06-11 14:40:54
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
And here come the bugs crawling. UGH. There is one other dialog box that comes up that doesnt seem to have any icons. It's called winifixer and it founds threats too the same # that defender and Xfixer find. Well and the defender dialog box just popped up too. The missing jpeg box keeps popping. Well I think we're in the right direction. Here is the log:
