Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] getting unhijacked

Started by Pundah , May 21 2008 04:57 PM

  • This topic is locked This topic is locked
36 replies to this topic

#16 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 June 2008 - 06:31 PM

Open notepad and copy/paste the text in the codebox below into it:

File::
C:\WINDOWS\system32\FF.tmp
C:\WINDOWS\system32\F9.tmp
C:\WINDOWS\system32\F6.tmp
C:\WINDOWS\system32\F3.tmp
C:\WINDOWS\system32\F0.tmp
C:\WINDOWS\system32\ED.tmp
C:\WINDOWS\system32\EA.tmp
C:\WINDOWS\system32\E7.tmp
C:\WINDOWS\system32\E4.tmp
C:\WINDOWS\system32\E1.tmp
C:\WINDOWS\system32\DE.tmp
C:\WINDOWS\system32\DB.tmp
C:\WINDOWS\system32\D8.tmp
C:\WINDOWS\system32\D5.tmp
C:\WINDOWS\system32\D2.tmp
C:\WINDOWS\system32\CF.tmp
C:\WINDOWS\system32\CC.tmp
C:\WINDOWS\system32\C9.tmp
C:\WINDOWS\system32\C6.tmp
C:\WINDOWS\system32\C3.tmp
C:\WINDOWS\system32\C0.tmp
C:\WINDOWS\system32\BC.tmp
C:\WINDOWS\system32\B9.tmp
C:\WINDOWS\system32\B5.tmp
C:\WINDOWS\system32\B0.tmp
C:\WINDOWS\system32\AD.tmp
C:\WINDOWS\system32\AA.tmp
C:\WINDOWS\system32\A7.tmp
C:\WINDOWS\system32\30F.tmp
C:\WINDOWS\system32\309.tmp
C:\WINDOWS\system32\305.tmp
C:\WINDOWS\system32\2DE.tmp
C:\WINDOWS\system32\2DB.tmp
C:\WINDOWS\system32\2D8.tmp
C:\WINDOWS\system32\28E.tmp
C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\AXPFixer
C:\WINDOWS\system32\5F.tmp
C:\WINDOWS\system32\5C.tmp
C:\WINDOWS\system32\59.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\50.tmp
C:\WINDOWS\system32\48.tmp
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\BB.tmp
C:\WINDOWS\system32\B7.tmp
C:\WINDOWS\system32\B4.tmp
C:\WINDOWS\system32\4F.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\3E.tmp
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\3F.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\33.tmp
C:\WINDOWS\system32\2E.tmp

Folder::
C:\Program Files\AXPFixer

Save this as Save this as "CFScript"


Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

    Advertisements

Register to Remove

#17 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 07:01 PM

Can I double check one thing? When I copy that text, am I including the Folder:: C:\Program Files\AXPFixer Or is that where I save the file to? Thanks

#18 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 June 2008 - 07:14 PM

Open notepad and copy/paste the text in the codebox below into it:



Save this as Save this as "CFScript"

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Edited by little eagle, 16 June 2008 - 07:16 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#19 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 16 June 2008 - 07:48 PM

Sorry yes include it.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#20 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 08:18 PM

I think we are getting somewhere! After the run before this last one - no more creepy crawlies on the screen! This time, the axpfixer is gone from the task bar, it did not start on reboot either. Still getting the SCVHOST dialog box every minute or so saying jpeg dll not found; reinstall. Here are the latest logs. And thank you again!

ComboFix 08-06-15.2 - Owner 2008-06-16 21:31:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.RESTOREFEB05\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.RESTOREFEB05\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\AXPFixer
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\28E.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\2D8.tmp
C:\WINDOWS\system32\2DB.tmp
C:\WINDOWS\system32\2DE.tmp
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\305.tmp
C:\WINDOWS\system32\309.tmp
C:\WINDOWS\system32\30F.tmp
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\33.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\3E.tmp
C:\WINDOWS\system32\3F.tmp
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\48.tmp
C:\WINDOWS\system32\4F.tmp
C:\WINDOWS\system32\50.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\59.tmp
C:\WINDOWS\system32\5C.tmp
C:\WINDOWS\system32\5F.tmp
C:\WINDOWS\system32\A7.tmp
C:\WINDOWS\system32\AA.tmp
C:\WINDOWS\system32\AD.tmp
C:\WINDOWS\system32\B0.tmp
C:\WINDOWS\system32\B4.tmp
C:\WINDOWS\system32\B5.tmp
C:\WINDOWS\system32\B7.tmp
C:\WINDOWS\system32\B9.tmp
C:\WINDOWS\system32\BB.tmp
C:\WINDOWS\system32\BC.tmp
C:\WINDOWS\system32\C0.tmp
C:\WINDOWS\system32\C3.tmp
C:\WINDOWS\system32\C6.tmp
C:\WINDOWS\system32\C9.tmp
C:\WINDOWS\system32\CC.tmp
C:\WINDOWS\system32\CF.tmp
C:\WINDOWS\system32\D2.tmp
C:\WINDOWS\system32\D5.tmp
C:\WINDOWS\system32\D8.tmp
C:\WINDOWS\system32\DB.tmp
C:\WINDOWS\system32\DE.tmp
C:\WINDOWS\system32\E1.tmp
C:\WINDOWS\system32\E4.tmp
C:\WINDOWS\system32\E7.tmp
C:\WINDOWS\system32\EA.tmp
C:\WINDOWS\system32\ED.tmp
C:\WINDOWS\system32\F0.tmp
C:\WINDOWS\system32\F3.tmp
C:\WINDOWS\system32\F6.tmp
C:\WINDOWS\system32\F9.tmp
C:\WINDOWS\system32\FF.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AXPFixer
C:\Program Files\AXPFixer\AXPFixer.exe
C:\Program Files\AXPFixer\AXPFixer.exe.local
C:\Program Files\AXPFixer\AXPFixerSkin.dll
C:\Program Files\AXPFixer\database.dat
C:\Program Files\AXPFixer\license.txt
C:\Program Files\AXPFixer\MFC71.dll
C:\Program Files\AXPFixer\MFC71ENU.DLL
C:\Program Files\AXPFixer\msvcp71.dll
C:\Program Files\AXPFixer\msvcr71.dll
C:\Program Files\AXPFixer\Uninstall.exe
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\28E.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\2D8.tmp
C:\WINDOWS\system32\2DB.tmp
C:\WINDOWS\system32\2DE.tmp
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\system32\30.tmp
C:\WINDOWS\system32\305.tmp
C:\WINDOWS\system32\309.tmp
C:\WINDOWS\system32\30F.tmp
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\33.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\3E.tmp
C:\WINDOWS\system32\3F.tmp
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\46.tmp
C:\WINDOWS\system32\48.tmp
C:\WINDOWS\system32\4F.tmp
C:\WINDOWS\system32\50.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\59.tmp
C:\WINDOWS\system32\5C.tmp
C:\WINDOWS\system32\5F.tmp
C:\WINDOWS\system32\A7.tmp
C:\WINDOWS\system32\AA.tmp
C:\WINDOWS\system32\AD.tmp
C:\WINDOWS\system32\B0.tmp
C:\WINDOWS\system32\B4.tmp
C:\WINDOWS\system32\B5.tmp
C:\WINDOWS\system32\B7.tmp
C:\WINDOWS\system32\B9.tmp
C:\WINDOWS\system32\BB.tmp
C:\WINDOWS\system32\BC.tmp
C:\WINDOWS\system32\C0.tmp
C:\WINDOWS\system32\C3.tmp
C:\WINDOWS\system32\C6.tmp
C:\WINDOWS\system32\C9.tmp
C:\WINDOWS\system32\CC.tmp
C:\WINDOWS\system32\CF.tmp
C:\WINDOWS\system32\D2.tmp
C:\WINDOWS\system32\D5.tmp
C:\WINDOWS\system32\D8.tmp
C:\WINDOWS\system32\DB.tmp
C:\WINDOWS\system32\DE.tmp
C:\WINDOWS\system32\E1.tmp
C:\WINDOWS\system32\E4.tmp
C:\WINDOWS\system32\E7.tmp
C:\WINDOWS\system32\EA.tmp
C:\WINDOWS\system32\ED.tmp
C:\WINDOWS\system32\F0.tmp
C:\WINDOWS\system32\F3.tmp
C:\WINDOWS\system32\F6.tmp
C:\WINDOWS\system32\F9.tmp
C:\WINDOWS\system32\FF.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-14 19:05 . 2008-06-14 18:55 52,736 --a------ C:\WINDOWS\system32\A3.tmp
2008-06-14 18:55 . 2008-06-14 18:45 52,736 --a------ C:\WINDOWS\system32\A0.tmp
2008-06-14 17:55 . 2008-06-14 17:45 52,736 --a------ C:\WINDOWS\system32\8E.tmp
2008-06-14 17:45 . 2008-06-14 17:34 52,736 --a------ C:\WINDOWS\system32\8B.tmp
2008-06-14 17:34 . 2008-06-14 17:24 52,736 --a------ C:\WINDOWS\system32\86.tmp
2008-06-14 17:24 . 2008-06-14 17:14 52,736 --a------ C:\WINDOWS\system32\81.tmp
2008-06-14 17:14 . 2008-06-14 17:04 52,736 --a------ C:\WINDOWS\system32\7D.tmp
2008-06-14 17:04 . 2008-06-14 16:54 52,736 --a------ C:\WINDOWS\system32\78.tmp
2008-06-14 16:54 . 2008-06-14 16:44 52,736 --a------ C:\WINDOWS\system32\75.tmp
2008-06-14 08:11 . 2008-06-14 08:01 52,736 --a------ C:\WINDOWS\system32\3AC.tmp
2008-06-14 08:01 . 2008-06-14 07:50 52,736 --a------ C:\WINDOWS\system32\3A9.tmp
2008-06-14 07:50 . 2008-06-14 07:40 52,736 --a------ C:\WINDOWS\system32\3A6.tmp
2008-06-14 07:40 . 2008-06-14 07:30 52,736 --a------ C:\WINDOWS\system32\3A3.tmp
2008-06-14 07:30 . 2008-06-14 07:19 52,736 --a------ C:\WINDOWS\system32\3A0.tmp
2008-06-14 07:19 . 2008-06-14 07:09 52,736 --a------ C:\WINDOWS\system32\39D.tmp
2008-06-14 07:09 . 2008-06-14 06:59 52,736 --a------ C:\WINDOWS\system32\39A.tmp
2008-06-14 06:58 . 2008-06-14 06:48 52,736 --a------ C:\WINDOWS\system32\397.tmp
2008-06-14 06:48 . 2008-06-14 06:38 52,736 --a------ C:\WINDOWS\system32\394.tmp
2008-06-14 06:38 . 2008-06-14 06:28 52,736 --a------ C:\WINDOWS\system32\391.tmp
2008-06-14 06:28 . 2008-06-14 06:17 52,736 --a------ C:\WINDOWS\system32\38E.tmp
2008-06-14 06:17 . 2008-06-14 06:07 52,736 --a------ C:\WINDOWS\system32\38B.tmp
2008-06-14 06:07 . 2008-06-14 05:56 52,736 --a------ C:\WINDOWS\system32\388.tmp
2008-06-14 05:56 . 2008-06-14 05:46 52,736 --a------ C:\WINDOWS\system32\385.tmp
2008-06-14 05:46 . 2008-06-14 05:36 52,736 --a------ C:\WINDOWS\system32\382.tmp
2008-06-14 05:36 . 2008-06-14 05:26 52,736 --a------ C:\WINDOWS\system32\37F.tmp
2008-06-14 05:26 . 2008-06-14 05:15 52,736 --a------ C:\WINDOWS\system32\37C.tmp
2008-06-14 05:15 . 2008-06-14 05:05 52,736 --a------ C:\WINDOWS\system32\379.tmp
2008-06-14 05:05 . 2008-06-14 04:55 52,736 --a------ C:\WINDOWS\system32\376.tmp
2008-06-14 04:55 . 2008-06-14 04:44 52,736 --a------ C:\WINDOWS\system32\373.tmp
2008-06-14 04:44 . 2008-06-14 04:34 52,736 --a------ C:\WINDOWS\system32\370.tmp
2008-06-14 04:34 . 2008-06-14 04:24 52,736 --a------ C:\WINDOWS\system32\36D.tmp
2008-06-14 04:24 . 2008-06-14 04:14 52,736 --a------ C:\WINDOWS\system32\36A.tmp
2008-06-14 04:14 . 2008-06-14 04:03 52,736 --a------ C:\WINDOWS\system32\367.tmp
2008-06-14 04:03 . 2008-06-14 03:53 52,736 --a------ C:\WINDOWS\system32\364.tmp
2008-06-14 03:53 . 2008-06-14 03:43 52,736 --a------ C:\WINDOWS\system32\361.tmp
2008-06-14 03:43 . 2008-06-14 03:33 52,736 --a------ C:\WINDOWS\system32\35E.tmp
2008-06-14 03:33 . 2008-06-14 03:22 52,736 --a------ C:\WINDOWS\system32\35B.tmp
2008-06-14 03:22 . 2008-06-14 03:12 52,736 --a------ C:\WINDOWS\system32\358.tmp
2008-06-14 03:12 . 2008-06-14 03:02 52,736 --a------ C:\WINDOWS\system32\355.tmp
2008-06-14 03:02 . 2008-06-14 02:52 52,736 --a------ C:\WINDOWS\system32\352.tmp
2008-06-14 02:52 . 2008-06-14 02:41 52,736 --a------ C:\WINDOWS\system32\34F.tmp
2008-06-14 02:41 . 2008-06-14 02:30 52,736 --a------ C:\WINDOWS\system32\34C.tmp
2008-06-14 02:30 . 2008-06-14 02:20 52,736 --a------ C:\WINDOWS\system32\348.tmp
2008-06-14 02:20 . 2008-06-14 02:09 52,736 --a------ C:\WINDOWS\system32\345.tmp
2008-06-14 02:09 . 2008-06-14 01:59 52,736 --a------ C:\WINDOWS\system32\342.tmp
2008-06-14 01:59 . 2008-06-14 01:49 52,736 --a------ C:\WINDOWS\system32\33F.tmp
2008-06-14 01:49 . 2008-06-14 01:39 52,736 --a------ C:\WINDOWS\system32\33C.tmp
2008-06-14 01:39 . 2008-06-14 01:29 52,736 --a------ C:\WINDOWS\system32\339.tmp
2008-06-14 01:29 . 2008-06-14 01:18 52,736 --a------ C:\WINDOWS\system32\336.tmp
2008-06-14 01:18 . 2008-06-14 01:08 52,736 --a------ C:\WINDOWS\system32\333.tmp
2008-06-14 01:08 . 2008-06-14 00:58 52,736 --a------ C:\WINDOWS\system32\330.tmp
2008-06-14 00:58 . 2008-06-14 00:48 52,736 --a------ C:\WINDOWS\system32\32D.tmp
2008-06-14 00:48 . 2008-06-14 00:38 52,736 --a------ C:\WINDOWS\system32\32A.tmp
2008-06-14 00:38 . 2008-06-14 00:27 52,736 --a------ C:\WINDOWS\system32\327.tmp
2008-06-14 00:27 . 2008-06-14 00:17 52,736 --a------ C:\WINDOWS\system32\324.tmp
2008-06-14 00:17 . 2008-06-14 00:04 52,736 --a------ C:\WINDOWS\system32\321.tmp
2008-06-14 00:04 . 2008-06-13 23:44 52,736 --a------ C:\WINDOWS\system32\31E.tmp
2008-06-13 23:44 . 2008-06-13 23:23 52,736 --a------ C:\WINDOWS\system32\31B.tmp
2008-06-13 23:23 . 2008-06-13 23:02 52,736 --a------ C:\WINDOWS\system32\318.tmp
2008-06-13 23:02 . 2008-06-13 22:42 52,736 --a------ C:\WINDOWS\system32\315.tmp
2008-06-13 22:41 . 2008-06-13 22:21 52,736 --a------ C:\WINDOWS\system32\312.tmp
2008-06-13 17:58 . 2008-06-13 17:58 <DIR> d-------- C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\AXPFixer
2008-06-12 16:06 . 2008-06-12 15:56 52,736 --a------ C:\WINDOWS\system32\2A.tmp
2008-06-12 15:56 . 2008-06-12 15:46 52,736 --a------ C:\WINDOWS\system32\25.tmp
2008-06-12 15:46 . 2008-06-12 15:36 52,736 --a------ C:\WINDOWS\system32\21.tmp
2008-06-12 05:40 . 2008-06-12 05:29 52,736 --a------ C:\WINDOWS\system32\A1.tmp
2008-06-12 05:29 . 2008-06-12 05:19 52,736 --a------ C:\WINDOWS\system32\9E.tmp
2008-06-12 05:19 . 2008-06-12 05:08 52,736 --a------ C:\WINDOWS\system32\9B.tmp
2008-06-12 05:08 . 2008-06-12 04:58 52,736 --a------ C:\WINDOWS\system32\98.tmp
2008-06-12 04:58 . 2008-06-12 04:47 52,736 --a------ C:\WINDOWS\system32\95.tmp
2008-06-12 04:47 . 2008-06-12 04:36 52,736 --a------ C:\WINDOWS\system32\92.tmp
2008-06-12 04:36 . 2008-06-12 04:26 52,736 --a------ C:\WINDOWS\system32\8F.tmp
2008-06-12 04:26 . 2008-06-12 04:16 52,736 --a------ C:\WINDOWS\system32\8C.tmp
2008-06-12 04:16 . 2008-06-12 04:05 52,736 --a------ C:\WINDOWS\system32\89.tmp
2008-06-12 04:05 . 2008-06-12 03:55 52,736 --a------ C:\WINDOWS\system32\85.tmp
2008-06-12 03:55 . 2008-06-12 03:45 52,736 --a------ C:\WINDOWS\system32\82.tmp
2008-06-12 03:45 . 2008-06-12 03:34 52,736 --a------ C:\WINDOWS\system32\7F.tmp
2008-06-12 03:34 . 2008-06-12 03:24 52,736 --a------ C:\WINDOWS\system32\7C.tmp
2008-06-12 03:24 . 2008-06-12 03:14 52,736 --a------ C:\WINDOWS\system32\79.tmp
2008-06-12 03:14 . 2008-06-12 03:04 52,736 --a------ C:\WINDOWS\system32\76.tmp
2008-06-12 03:04 . 2008-06-12 02:54 52,736 --a------ C:\WINDOWS\system32\73.tmp
2008-06-12 02:54 . 2008-06-12 02:43 52,736 --a------ C:\WINDOWS\system32\70.tmp
2008-06-12 02:43 . 2008-06-12 02:33 52,736 --a------ C:\WINDOWS\system32\6D.tmp
2008-06-12 02:33 . 2008-06-12 02:23 52,736 --a------ C:\WINDOWS\system32\6A.tmp
2008-06-12 02:23 . 2008-06-12 02:13 52,736 --a------ C:\WINDOWS\system32\67.tmp
2008-06-12 02:13 . 2008-06-12 02:01 52,736 --a------ C:\WINDOWS\system32\64.tmp
2008-06-12 02:01 . 2008-06-12 01:51 52,736 --a------ C:\WINDOWS\system32\61.tmp
2008-06-12 01:51 . 2008-06-12 01:41 52,736 --a------ C:\WINDOWS\system32\5D.tmp
2008-06-12 01:41 . 2008-06-12 01:31 52,736 --a------ C:\WINDOWS\system32\5A.tmp
2008-06-12 01:31 . 2008-06-12 01:21 52,736 --a------ C:\WINDOWS\system32\57.tmp
2008-06-12 01:21 . 2008-06-12 01:10 52,736 --a------ C:\WINDOWS\system32\54.tmp
2008-06-12 01:10 . 2008-06-12 01:00 52,736 --a------ C:\WINDOWS\system32\51.tmp
2008-06-12 01:00 . 2008-06-12 00:50 52,736 --a------ C:\WINDOWS\system32\4E.tmp
2008-06-12 00:50 . 2008-06-12 00:40 52,736 --a------ C:\WINDOWS\system32\4A.tmp
2008-06-12 00:40 . 2008-06-12 00:30 52,736 --a------ C:\WINDOWS\system32\47.tmp
2008-06-11 21:14 . 2008-06-11 21:04 52,736 --a------ C:\WINDOWS\system32\32.tmp
2008-06-11 21:04 . 2008-06-11 20:54 52,736 --a------ C:\WINDOWS\system32\2F.tmp
2008-06-11 20:54 . 2008-06-11 20:44 52,736 --a------ C:\WINDOWS\system32\2C.tmp
2008-06-11 20:44 . 2008-06-11 20:34 52,736 --a------ C:\WINDOWS\system32\29.tmp
2008-06-11 20:34 . 2008-06-11 20:24 52,736 --a------ C:\WINDOWS\system32\26.tmp
2008-06-11 20:24 . 2008-06-11 20:14 52,736 --a------ C:\WINDOWS\system32\23.tmp
2008-06-11 20:14 . 2008-06-11 20:04 52,736 --a------ C:\WINDOWS\system32\20.tmp
2008-06-11 20:04 . 2008-06-11 19:48 52,736 --a------ C:\WINDOWS\system32\1B.tmp
2008-06-11 19:48 . 2008-06-11 19:38 52,736 --a------ C:\WINDOWS\system32\17.tmp
2008-06-11 19:38 . 2008-06-11 19:28 52,736 --a------ C:\WINDOWS\system32\13.tmp
2008-06-11 19:28 . 2008-06-11 19:18 52,736 --a------ C:\WINDOWS\system32\10.tmp
2008-06-11 10:30 . 2008-06-11 10:30 <DIR> d-------- C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\shc5bmj0eg6r
2008-06-11 10:29 . 2008-06-11 10:30 <DIR> d-------- C:\Program Files\shc5bmj0eg6r
2008-06-11 10:29 . 2008-06-16 19:05 52,736 --a------ C:\WINDOWS\system32\blphc3bmj0eg6r.scr
2008-06-11 10:28 . 2008-06-11 10:28 92,160 --a------ C:\WINDOWS\system32\lphc3bmj0eg6r.exe
2008-06-11 10:28 . 2008-06-16 18:53 90,838 --a------ C:\WINDOWS\system32\phc3bmj0eg6r.bmp
2008-06-11 09:02 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-31 18:27 . 2008-06-12 18:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 18:27 . 2008-05-31 18:27 <DIR> d-------- C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\Malwarebytes
2008-05-31 18:27 . 2008-05-31 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 14:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 22:12 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-06-13 22:12 32,240 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-06-13 22:12 26,352 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2008-06-13 22:12 21,488 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-06-13 22:12 21,104 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2008-06-09 22:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-04 22:37 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-04 22:37 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2008-05-31 21:46 --------- d-----w C:\Program Files\Java
2008-05-31 21:40 --------- d-----w C:\Program Files\Furcadia
2008-05-31 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 22:47 0 ----a-w C:\Program Files\temp01
2007-06-22 23:15 512 ---ha-w C:\Documents and Settings\Owner.VIGGO.000\hpothb07.dat
2007-06-22 23:15 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2007-06-22 23:15 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2007-06-22 23:14 529 ---ha-w C:\Program Files\hpothb07.tif
2007-06-22 23:14 318 -c-ha-w C:\Program Files\hpothb07.dat
2007-06-22 23:14 185 ---ha-w C:\Documents and Settings\All Users\Application Data\hpothb07.dat
2006-11-18 21:50 524 ---ha-w C:\Documents and Settings\Owner.RESTOREFEB05\hpothb07.dat
2006-11-18 21:50 157 ---ha-w C:\Documents and Settings\Owner.VIGGO\hpothb07.dat
2006-01-22 16:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-11-26 01:33 167 ---ha-w C:\Documents and Settings\OWNERV~1~000\hpothb07.dat
2005-11-26 01:33 0 -c-ha-w C:\Documents and Settings\Royster\hpothb07.dat
2005-08-18 00:48 956 ---ha-w C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\hpothb07.dat
2005-06-21 22:56 158 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-06-21 22:56 158 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2005-06-21 22:56 0 -c-ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2004-06-09 15:54 390 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2004-05-24 16:34 166,887 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Owner.VIGGO.000\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Guest\Application Data\tvmknwrd.dll
2003-11-01 15:34 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_19.45.38.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 23:19:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 23:40:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 21:00 200767]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 23:28 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-01 20:03 77824]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 21:37 1544192]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"WinService32"="svchost" []
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2008-06-13 18:12 234736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 15:44 185896]
"cctray"="C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2008-05-21 18:13 181512]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AXPFixer"="C:\Program Files\AXPFixer\AXPFixer.exe" [ ]
"WinLiveUpdate"="C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe" [2005-06-17 13:37 636416]

C:\Documents and Settings\Owner.VIGGO.000\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-06-15 21:13:40 256000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-22 21:37:11 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-01-27 15:54:31 1078]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-01-03 14:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a8777a-827f-11d9-9dc7-806d6172696f}]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 22:31:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7200#CN37Q2B178I3.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
"2008-06-16 23:22:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-06-16 23:50:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 21:39:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-16 21:44:41
ComboFix-quarantined-files.txt 2008-06-17 01:44:10
ComboFix2.txt 2008-06-16 23:36:22
ComboFix3.txt 2008-06-15 23:48:37

Pre-Run: 41,698,471,936 bytes free
Post-Run: 41,683,111,936 bytes free

395 --- E O F --- 2008-06-11 14:40:54


Logfile of HijackThis v1.99.1
Scan saved at 22:17, on 2008-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinService32] svchost
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe
O4 - HKLM\..\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish...tlookImport.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119564746437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119570358859
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://real.gamehous...mjolauncher.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehous...outLauncher.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.c...loaderProj1.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

#21 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 18 June 2008 - 05:13 PM

Hi Silver, I am checking in. So far so good! No more bugs, no more Malware 2008 or XP FIXER popping up. I found the big yellow box stuck into my screen saver and deleted that, so it is normal again. The only thing that is going on is the dialog box pops up every minute or so: 'SVCHOST - Sorry, JPEG DLL not found. You must reinstall this program. And my clock did not return to normal after combofix was thru - should I reset it? Thank you again!

#22 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 18 June 2008 - 07:20 PM

Download and run cleanup http://www.stevengou...o...9&Itemid=72
Run it and log off when the program is finished running.


Then open notepad and copy/paste the text in the codebox below into it:

File::
C:\WINDOWS\system32\blphc3bmj0eg6r.scr
C:\WINDOWS\system32\lphc3bmj0eg6r.exe
C:\WINDOWS\system32\phc3bmj0eg6r.bmp
C:\WINDOWS\system32\76.tmp

Save this as Save this as "CFScript"


Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#23 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 19 June 2008 - 05:23 PM

Hi. I ran it in demo as instructed since first time user. This is what would have been deleted. Should I go ahead? ... C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\CAPE3ITB - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\CAUCN1FM - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\CAVVAXBC - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\CAWQ3FOB - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\CAZMH53V - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk16.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk18.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk1A.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk1C.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk1E.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk20.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk22.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk24.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk26.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk28.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk2A.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk2C.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbk2E.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbkAD.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\B4D07XFY\wbkAF.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA1RKX0O - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA2H1EJG - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA2NVBWF - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA3SBW9O - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA4JBE1S - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA4RW37A - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA56UIPF - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA5HKBVU - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA5NFZVM - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA6FAPZD - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA6FQUL6 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA7DKKJQ - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA7S773G - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA81T2X0 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA81Y73S - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA88QDXP - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA900MQZ - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CA94HT11 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAAIN6ZN - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CACS86DS - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CACTFJUB - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CADAQ07T - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CADNN2RH - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAE2NTR4 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAFCV2WK - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAGLZCUX - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAGNWLKG - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAGQ0JNX - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAH77VX4 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAHBT14S - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAIR988Y - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAIYWPCL - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAJ311BS - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAJ9X3V3 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAJDWERD - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAJR8DRE - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAJSLNHE - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAK1R5EM - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAK9BS4F - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAKAIERI - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CALDONA1 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CALFLU6D - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CALKDVSN - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAM6VK07 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAMOXA9I - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAMR3JDF - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CANA7Q6E - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CANDAMSW - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CANYEGTM - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAO8K2RT - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAO8YURR - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAODQGN1 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAP4J7FY - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAP55KYK - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAPDO02L - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAPDQ1OX - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAQ54L8F - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAQ9ASPY - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAQCA2K1 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAQIIRCL - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CARYNS28 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAS9R7MR - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CASGGXLC - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CASNFI7U - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CASOA7KQ - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CASR3YRY - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAU8U4UY - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAV20BQO - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAW1MBGJ - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAW30BNP - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAWIIONS - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAWZACPX - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAXFTUIB - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAXHKTW4 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAXMBV4V - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAXT0E84 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAY6XRCX - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAYDC8V2 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAYN6IRV - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAZCLNDI - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAZFNX8D - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAZOGR97 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAZRHCZE - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\CAZXU358 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\css_pp_header[1].gif - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\ipb_global_xmlenhanced[1].js - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\loading_anim[1].gif - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\logostrip_right[1].gif - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\nav_m[1].gif - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\pop_tile[1].gif - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\tile_back[1].jpg - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\tile_sub[1].gif - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk30.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk32.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk34.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk36.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk38.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk3A.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk3C.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk3E.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk40.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk42.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk44.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk46.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk48.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk4A.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\IMMZFOW5\wbk4C.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\#1 Vacation Rental Rates.doc - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\Accommodation and Amenities for Holiday House #1.doc - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CA1COASV - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CA3NNIBL - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CA3UDZIN - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CADALZWF - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAH9L1CE - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAJ3LCR8 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAJPKGRU - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAMPUR3U - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAMWF61I - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAPJNEW2 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CARO44PS - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAS6CYEP - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CASJYAS9 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAVLR2Q5 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAVQ5K3B - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAVYNBW1 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAW83H4Q - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAWNU0FD - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAXQF0MV - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAZGWC29 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\CAZZOFE6 - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\close[1].png - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\dom-drag[1].js - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\favicon[1].ico - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\ipb_topic[1].js - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\menu_action_down[1].gif - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk134.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk136.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk138.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk13A.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk13C.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk13E.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk140.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk142.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk144.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk146.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk43.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk45.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbk47.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbkA4.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbkA6.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbkA8.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\wbkAB.tmp - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\[1] - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\[2] - deleted C:\Documents and Settings\Owner.RESTOREFEB05\Local Settings\Temporary Internet Files\Content.IE5\VOYWBA5X\[3] - deleted C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat - deleted C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat - deleted C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat - deleted C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat - deleted C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012007070820070709\index.dat - deleted C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat - deleted C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat - deleted C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - deleted C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat - deleted C:\Documents and Settings\Guest\Local Settings\History\History.IE5\index.dat - deleted C:\Documents and Settings\Guest\Local Settings\History\History.IE5\MSHist012003042820030429\index.dat - deleted C:\Documents and Settings\Guest\Local Settings\History\History.IE5\MSHist012003112220031123\index.dat - deleted C:\Documents and Settings\Guest\Local Settings\History\History.IE5\MSHist012003123020031231\index.dat - deleted C:\Documents and Settings\Guest\Local Settings\History\History.IE5\MSHist012004052720040528\index.dat - deleted C:\Documents and Settings\Default User\locals~1\tempor~1\Tvm.log - deleted C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat - deleted C:\Documents and Settings\Default User\Local Settings\History\History.IE5\MSHist012003042820030429\index.dat - deleted C:\Documents and Settings\Default User\Local Settings\History\History.IE5\MSHist012003112220031123\index.dat - deleted C:\Documents and Settings\Default User\Local Settings\History\History.IE5\MSHist012003123020031231\index.dat - deleted C:\Documents and Settings\Default User\Local Settings\History\History.IE5\MSHist012004052720040528\index.dat - deleted C:\Documents and Settings\Default User\Local Settings\Temp\PDSetupbc20.exe - deleted C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Tvm.log - deleted C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat - deleted C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012003042820030429\index.dat - deleted C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012004052820040529\index.dat - deleted C:\temp\calibtest.txt - deleted C:\temp\EnhancedDataOutput.txt - deleted C:\temp\PHOTOS.ini - deleted Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 125.6 MB of disk space from 7157 files. CleanUp! finished on 06/19/08 19:21:25.

#24 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 19 June 2008 - 08:29 PM

Should I go ahead?

Yes :thumbup:
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#25 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 26 June 2008 - 05:45 PM

Sorry, been on the crazy work schedule again. Ok, here I go! Thanks!

    Advertisements

Register to Remove

#26 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 26 June 2008 - 06:13 PM

Sorry, been on the crazy work schedule again. Ok, here I go! Thanks!


#27 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 26 June 2008 - 06:15 PM

Hey - I ran cleanup, and when I tried to run CFScript into Combofix, it wants a new version of Combofix. I went to the link you sent me a while back to download it, but it told me I couldnot rename the file combofix {1} (which I didnt try to do, I guess it was automatic). Anyway, it then took away the version I had on my desktop. I tried again to download it with the same response. UGH. Sorry, I'm so obtuse, but I cant figure out how to get it again! Thanks.

#28 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 26 June 2008 - 09:30 PM

Download the OTMoveIt.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
Press cleanup & it will search for and delete/uninstall all the tools we have used
to fix your problems and all their backup folders and then delete itself when you next reboot.

-------------------------------------------------------------

Download ComboFix from Here or Here to your Desktop.


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net


2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review


Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#29 Pundah

Pundah

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 29 June 2008 - 06:19 PM

Hi, ComboFix log 6-29-08:

ComboFix 08-06-20.4 - Owner 2008-06-29 20:10:52.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.167 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.RESTOREFEB05\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-19 19:19 . 2008-06-26 19:55 <DIR> d-------- C:\Program Files\CleanUp!
2008-06-14 19:05 . 2008-06-14 18:55 52,736 --a------ C:\WINDOWS\system32\A3.tmp
2008-06-14 18:55 . 2008-06-14 18:45 52,736 --a------ C:\WINDOWS\system32\A0.tmp
2008-06-14 17:55 . 2008-06-14 17:45 52,736 --a------ C:\WINDOWS\system32\8E.tmp
2008-06-14 17:45 . 2008-06-14 17:34 52,736 --a------ C:\WINDOWS\system32\8B.tmp
2008-06-14 17:34 . 2008-06-14 17:24 52,736 --a------ C:\WINDOWS\system32\86.tmp
2008-06-14 17:24 . 2008-06-14 17:14 52,736 --a------ C:\WINDOWS\system32\81.tmp
2008-06-14 17:14 . 2008-06-14 17:04 52,736 --a------ C:\WINDOWS\system32\7D.tmp
2008-06-14 17:04 . 2008-06-14 16:54 52,736 --a------ C:\WINDOWS\system32\78.tmp
2008-06-14 16:54 . 2008-06-14 16:44 52,736 --a------ C:\WINDOWS\system32\75.tmp
2008-06-14 08:11 . 2008-06-14 08:01 52,736 --a------ C:\WINDOWS\system32\3AC.tmp
2008-06-14 08:01 . 2008-06-14 07:50 52,736 --a------ C:\WINDOWS\system32\3A9.tmp
2008-06-14 07:50 . 2008-06-14 07:40 52,736 --a------ C:\WINDOWS\system32\3A6.tmp
2008-06-14 07:40 . 2008-06-14 07:30 52,736 --a------ C:\WINDOWS\system32\3A3.tmp
2008-06-14 07:30 . 2008-06-14 07:19 52,736 --a------ C:\WINDOWS\system32\3A0.tmp
2008-06-14 07:19 . 2008-06-14 07:09 52,736 --a------ C:\WINDOWS\system32\39D.tmp
2008-06-14 07:09 . 2008-06-14 06:59 52,736 --a------ C:\WINDOWS\system32\39A.tmp
2008-06-14 06:58 . 2008-06-14 06:48 52,736 --a------ C:\WINDOWS\system32\397.tmp
2008-06-14 06:48 . 2008-06-14 06:38 52,736 --a------ C:\WINDOWS\system32\394.tmp
2008-06-14 06:38 . 2008-06-14 06:28 52,736 --a------ C:\WINDOWS\system32\391.tmp
2008-06-14 06:28 . 2008-06-14 06:17 52,736 --a------ C:\WINDOWS\system32\38E.tmp
2008-06-14 06:17 . 2008-06-14 06:07 52,736 --a------ C:\WINDOWS\system32\38B.tmp
2008-06-14 06:07 . 2008-06-14 05:56 52,736 --a------ C:\WINDOWS\system32\388.tmp
2008-06-14 05:56 . 2008-06-14 05:46 52,736 --a------ C:\WINDOWS\system32\385.tmp
2008-06-14 05:46 . 2008-06-14 05:36 52,736 --a------ C:\WINDOWS\system32\382.tmp
2008-06-14 05:36 . 2008-06-14 05:26 52,736 --a------ C:\WINDOWS\system32\37F.tmp
2008-06-14 05:26 . 2008-06-14 05:15 52,736 --a------ C:\WINDOWS\system32\37C.tmp
2008-06-14 05:15 . 2008-06-14 05:05 52,736 --a------ C:\WINDOWS\system32\379.tmp
2008-06-14 05:05 . 2008-06-14 04:55 52,736 --a------ C:\WINDOWS\system32\376.tmp
2008-06-14 04:55 . 2008-06-14 04:44 52,736 --a------ C:\WINDOWS\system32\373.tmp
2008-06-14 04:44 . 2008-06-14 04:34 52,736 --a------ C:\WINDOWS\system32\370.tmp
2008-06-14 04:34 . 2008-06-14 04:24 52,736 --a------ C:\WINDOWS\system32\36D.tmp
2008-06-14 04:24 . 2008-06-14 04:14 52,736 --a------ C:\WINDOWS\system32\36A.tmp
2008-06-14 04:14 . 2008-06-14 04:03 52,736 --a------ C:\WINDOWS\system32\367.tmp
2008-06-14 04:03 . 2008-06-14 03:53 52,736 --a------ C:\WINDOWS\system32\364.tmp
2008-06-14 03:53 . 2008-06-14 03:43 52,736 --a------ C:\WINDOWS\system32\361.tmp
2008-06-14 03:43 . 2008-06-14 03:33 52,736 --a------ C:\WINDOWS\system32\35E.tmp
2008-06-14 03:33 . 2008-06-14 03:22 52,736 --a------ C:\WINDOWS\system32\35B.tmp
2008-06-14 03:22 . 2008-06-14 03:12 52,736 --a------ C:\WINDOWS\system32\358.tmp
2008-06-14 03:12 . 2008-06-14 03:02 52,736 --a------ C:\WINDOWS\system32\355.tmp
2008-06-14 03:02 . 2008-06-14 02:52 52,736 --a------ C:\WINDOWS\system32\352.tmp
2008-06-14 02:52 . 2008-06-14 02:41 52,736 --a------ C:\WINDOWS\system32\34F.tmp
2008-06-14 02:41 . 2008-06-14 02:30 52,736 --a------ C:\WINDOWS\system32\34C.tmp
2008-06-14 02:30 . 2008-06-14 02:20 52,736 --a------ C:\WINDOWS\system32\348.tmp
2008-06-14 02:20 . 2008-06-14 02:09 52,736 --a------ C:\WINDOWS\system32\345.tmp
2008-06-14 02:09 . 2008-06-14 01:59 52,736 --a------ C:\WINDOWS\system32\342.tmp
2008-06-14 01:59 . 2008-06-14 01:49 52,736 --a------ C:\WINDOWS\system32\33F.tmp
2008-06-14 01:49 . 2008-06-14 01:39 52,736 --a------ C:\WINDOWS\system32\33C.tmp
2008-06-14 01:39 . 2008-06-14 01:29 52,736 --a------ C:\WINDOWS\system32\339.tmp
2008-06-14 01:29 . 2008-06-14 01:18 52,736 --a------ C:\WINDOWS\system32\336.tmp
2008-06-14 01:18 . 2008-06-14 01:08 52,736 --a------ C:\WINDOWS\system32\333.tmp
2008-06-14 01:08 . 2008-06-14 00:58 52,736 --a------ C:\WINDOWS\system32\330.tmp
2008-06-14 00:58 . 2008-06-14 00:48 52,736 --a------ C:\WINDOWS\system32\32D.tmp
2008-06-14 00:48 . 2008-06-14 00:38 52,736 --a------ C:\WINDOWS\system32\32A.tmp
2008-06-14 00:38 . 2008-06-14 00:27 52,736 --a------ C:\WINDOWS\system32\327.tmp
2008-06-14 00:27 . 2008-06-14 00:17 52,736 --a------ C:\WINDOWS\system32\324.tmp
2008-06-14 00:17 . 2008-06-14 00:04 52,736 --a------ C:\WINDOWS\system32\321.tmp
2008-06-14 00:04 . 2008-06-13 23:44 52,736 --a------ C:\WINDOWS\system32\31E.tmp
2008-06-13 23:44 . 2008-06-13 23:23 52,736 --a------ C:\WINDOWS\system32\31B.tmp
2008-06-13 23:23 . 2008-06-13 23:02 52,736 --a------ C:\WINDOWS\system32\318.tmp
2008-06-13 23:02 . 2008-06-13 22:42 52,736 --a------ C:\WINDOWS\system32\315.tmp
2008-06-13 22:41 . 2008-06-13 22:21 52,736 --a------ C:\WINDOWS\system32\312.tmp
2008-06-13 17:58 . 2008-06-13 17:58 <DIR> d-------- C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\AXPFixer
2008-06-12 16:06 . 2008-06-12 15:56 52,736 --a------ C:\WINDOWS\system32\2A.tmp
2008-06-12 15:56 . 2008-06-12 15:46 52,736 --a------ C:\WINDOWS\system32\25.tmp
2008-06-12 15:46 . 2008-06-12 15:36 52,736 --a------ C:\WINDOWS\system32\21.tmp
2008-06-12 05:40 . 2008-06-12 05:29 52,736 --a------ C:\WINDOWS\system32\A1.tmp
2008-06-12 05:29 . 2008-06-12 05:19 52,736 --a------ C:\WINDOWS\system32\9E.tmp
2008-06-12 05:19 . 2008-06-12 05:08 52,736 --a------ C:\WINDOWS\system32\9B.tmp
2008-06-12 05:08 . 2008-06-12 04:58 52,736 --a------ C:\WINDOWS\system32\98.tmp
2008-06-12 04:58 . 2008-06-12 04:47 52,736 --a------ C:\WINDOWS\system32\95.tmp
2008-06-12 04:47 . 2008-06-12 04:36 52,736 --a------ C:\WINDOWS\system32\92.tmp
2008-06-12 04:36 . 2008-06-12 04:26 52,736 --a------ C:\WINDOWS\system32\8F.tmp
2008-06-12 04:26 . 2008-06-12 04:16 52,736 --a------ C:\WINDOWS\system32\8C.tmp
2008-06-12 04:16 . 2008-06-12 04:05 52,736 --a------ C:\WINDOWS\system32\89.tmp
2008-06-12 04:05 . 2008-06-12 03:55 52,736 --a------ C:\WINDOWS\system32\85.tmp
2008-06-12 03:55 . 2008-06-12 03:45 52,736 --a------ C:\WINDOWS\system32\82.tmp
2008-06-12 03:45 . 2008-06-12 03:34 52,736 --a------ C:\WINDOWS\system32\7F.tmp
2008-06-12 03:34 . 2008-06-12 03:24 52,736 --a------ C:\WINDOWS\system32\7C.tmp
2008-06-12 03:24 . 2008-06-12 03:14 52,736 --a------ C:\WINDOWS\system32\79.tmp
2008-06-12 03:14 . 2008-06-12 03:04 52,736 --a------ C:\WINDOWS\system32\76.tmp
2008-06-12 03:04 . 2008-06-12 02:54 52,736 --a------ C:\WINDOWS\system32\73.tmp
2008-06-12 02:54 . 2008-06-12 02:43 52,736 --a------ C:\WINDOWS\system32\70.tmp
2008-06-12 02:43 . 2008-06-12 02:33 52,736 --a------ C:\WINDOWS\system32\6D.tmp
2008-06-12 02:33 . 2008-06-12 02:23 52,736 --a------ C:\WINDOWS\system32\6A.tmp
2008-06-12 02:23 . 2008-06-12 02:13 52,736 --a------ C:\WINDOWS\system32\67.tmp
2008-06-12 02:13 . 2008-06-12 02:01 52,736 --a------ C:\WINDOWS\system32\64.tmp
2008-06-12 02:01 . 2008-06-12 01:51 52,736 --a------ C:\WINDOWS\system32\61.tmp
2008-06-12 01:51 . 2008-06-12 01:41 52,736 --a------ C:\WINDOWS\system32\5D.tmp
2008-06-12 01:41 . 2008-06-12 01:31 52,736 --a------ C:\WINDOWS\system32\5A.tmp
2008-06-12 01:31 . 2008-06-12 01:21 52,736 --a------ C:\WINDOWS\system32\57.tmp
2008-06-12 01:21 . 2008-06-12 01:10 52,736 --a------ C:\WINDOWS\system32\54.tmp
2008-06-12 01:10 . 2008-06-12 01:00 52,736 --a------ C:\WINDOWS\system32\51.tmp
2008-06-12 01:00 . 2008-06-12 00:50 52,736 --a------ C:\WINDOWS\system32\4E.tmp
2008-06-12 00:50 . 2008-06-12 00:40 52,736 --a------ C:\WINDOWS\system32\4A.tmp
2008-06-12 00:40 . 2008-06-12 00:30 52,736 --a------ C:\WINDOWS\system32\47.tmp
2008-06-11 21:14 . 2008-06-11 21:04 52,736 --a------ C:\WINDOWS\system32\32.tmp
2008-06-11 21:04 . 2008-06-11 20:54 52,736 --a------ C:\WINDOWS\system32\2F.tmp
2008-06-11 20:54 . 2008-06-11 20:44 52,736 --a------ C:\WINDOWS\system32\2C.tmp
2008-06-11 20:44 . 2008-06-11 20:34 52,736 --a------ C:\WINDOWS\system32\29.tmp
2008-06-11 20:34 . 2008-06-11 20:24 52,736 --a------ C:\WINDOWS\system32\26.tmp
2008-06-11 20:24 . 2008-06-11 20:14 52,736 --a------ C:\WINDOWS\system32\23.tmp
2008-06-11 20:14 . 2008-06-11 20:04 52,736 --a------ C:\WINDOWS\system32\20.tmp
2008-06-11 20:04 . 2008-06-11 19:48 52,736 --a------ C:\WINDOWS\system32\1B.tmp
2008-06-11 19:48 . 2008-06-11 19:38 52,736 --a------ C:\WINDOWS\system32\17.tmp
2008-06-11 19:38 . 2008-06-11 19:28 52,736 --a------ C:\WINDOWS\system32\13.tmp
2008-06-11 19:28 . 2008-06-11 19:18 52,736 --a------ C:\WINDOWS\system32\10.tmp
2008-06-11 09:02 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-31 18:27 . 2008-06-12 18:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 18:27 . 2008-05-31 18:27 <DIR> d-------- C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\Malwarebytes
2008-05-31 18:27 . 2008-05-31 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 04:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-27 04:53 --------- d-----w C:\Program Files\AIM
2008-06-19 12:38 --------- d-----w C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\AdobeUM
2008-06-17 22:22 --------- d-----w C:\Program Files\Java
2008-06-13 22:12 91,376 ----a-w C:\WINDOWS\system32\isafprod.dll
2008-06-13 22:12 32,240 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-06-13 22:12 26,352 ----a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2008-06-13 22:12 21,488 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-06-13 22:12 21,104 ----a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 22:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-04 22:37 880,560 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-04 22:37 108,368 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2008-05-31 21:40 --------- d-----w C:\Program Files\Furcadia
2008-05-31 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dragon's Eye Productions
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 22:47 0 ----a-w C:\Program Files\temp01
2007-06-22 23:15 512 ---ha-w C:\Documents and Settings\Owner.VIGGO.000\hpothb07.dat
2007-06-22 23:15 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2007-06-22 23:15 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2007-06-22 23:14 529 ---ha-w C:\Program Files\hpothb07.tif
2007-06-22 23:14 318 -c-ha-w C:\Program Files\hpothb07.dat
2007-06-22 23:14 185 ---ha-w C:\Documents and Settings\All Users\Application Data\hpothb07.dat
2006-11-18 21:50 524 ---ha-w C:\Documents and Settings\Owner.RESTOREFEB05\hpothb07.dat
2006-11-18 21:50 157 ---ha-w C:\Documents and Settings\Owner.VIGGO\hpothb07.dat
2006-01-22 16:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-11-26 01:33 167 ---ha-w C:\Documents and Settings\OWNERV~1~000\hpothb07.dat
2005-11-26 01:33 0 -c-ha-w C:\Documents and Settings\Royster\hpothb07.dat
2005-08-18 00:48 956 ---ha-w C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\hpothb07.dat
2005-06-21 22:56 158 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-06-21 22:56 158 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2005-06-21 22:56 0 -c-ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2004-06-09 15:54 390 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Owner.VIGGO.000\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Owner.RESTOREFEB05\Application Data\tvmknwrd.dll
2004-05-24 16:34 166,887 ----a-w C:\Documents and Settings\Guest\Application Data\tvmknwrd.dll
2003-11-01 15:34 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Aim6"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 21:00 200767]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 23:28 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-01 20:03 77824]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 21:37 1544192]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"WinService32"="svchost" []
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2008-06-13 18:12 234736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-11 15:44 185896]
"cctray"="C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe" [2008-05-21 18:13 181512]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AXPFixer"="C:\Program Files\AXPFixer\AXPFixer.exe" [ ]
"WinLiveUpdate"="C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe" [2005-06-17 13:37 636416]

C:\Documents and Settings\Owner.VIGGO.000\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2004-06-15 21:13:40 256000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-22 21:37:11 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-01-27 15:54:31 1078]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

S4 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2006-01-03 14:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6a8777a-827f-11d9-9dc7-806d6172696f}]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 22:31:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7200#CN37Q2B178I3.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7200#CN37Q2B178I3
"2008-06-29 23:22:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2008-06-29 16:23:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 20:13:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-29 20:17:16
ComboFix-quarantined-files.txt 2008-06-30 00:16:10
ComboFix2.txt 2008-06-29 23:59:15

Pre-Run: 41,319,096,320 bytes free
Post-Run: 41,308,971,008 bytes free

243 --- E O F --- 2008-06-20 13:56:39

Hijack This Log 6-29-08:
Logfile of HijackThis v1.99.1
Scan saved at 20:00, on 2008-06-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinService32] svchost
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AXPFixer] C:\Program Files\AXPFixer\AXPFixer.exe
O4 - HKLM\..\Run: [WinLiveUpdate] C:\Program Files\Common Files\Microsoft Shared\DAO\system32\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsu...asp/tgctlsr.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www1.snapfish...tlookImport.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119564746437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1119570358859
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://real.gamehous...mjolauncher.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://real.gamehous...outLauncher.cab
O16 - DPF: {E6182DB0-BE70-4EA3-A8FB-D402C6D951D5} (VUploader Control) - http://photofiddle.c...loaderProj1.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

#30 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 29 June 2008 - 06:53 PM

Now do this please

Download and run cleanup http://www.stevengou...o...9&Itemid=72
Run it and log off when the program is finished running.


Then open notepad and copy/paste the text in the codebox below into it:

File::
C:\WINDOWS\system32\blphc3bmj0eg6r.scr
C:\WINDOWS\system32\lphc3bmj0eg6r.exe
C:\WINDOWS\system32\phc3bmj0eg6r.bmp
C:\WINDOWS\system32\76.tmp

Save this as Save this as "CFScript"


Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·