pos*.tmp files

Computing.Net > Forums > Security and Virus > pos*.tmp files

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

pos*.tmp files

Name: SCRUFFY
Date: February 18, 2008 at 09:26:34 Pacific
OS: windows xp
CPU/Ram: intel/128
Product: compaq presario 2100

Comment:

I have thousands of pos .tmp files I can't delete. Computer hangs up quite often for a while no matter what i am doing

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: February 18, 2008 at 09:49:24 Pacific

Reply:

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Response Number 2

Name: SCRUFFY
Date: February 18, 2008 at 11:33:18 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:03 PM, on 2/18/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\COMMON~1\AOL\120298~1\EE\AOLHOS~1.exe
C:\PROGRA~1\COMMON~1\AOL\120298~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\explorer.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/r...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {034E98C2-6537-3E9D-5066-5200CDC6D8CC} - C:\WINDOWS\System32\fznabcu.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {77749af9-e4de-43ab-7b04-3fca70d9a9f4} - {4f9a9d07-acf3-40b7-ba34-ed4e9fa94777} - C:\WINDOWS\System32\uurkofut.dll (file missing)
O2 - BHO: (no name) - {82851D04-452A-410B-8F69-85EA45567C6D} - C:\WINDOWS\System32\opppo.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [00000483] rundll32.exe "C:\WINDOWS\System32\dsuwrumc.dll",b
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202980626\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Aaou] "C:\PROGRA~1\YSTEM3~1\ati2evxx.exe" -vt yazb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.exe" -b
O4 - HKCU\..\Run: [Jijpc] "C:\Program Files\??mantec\r?gedit.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Advisor - {FA59B1EC-89C2-44D8-BA0F-D6B47DAC71C8} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...
O17 - HKLM\System\CCS\Services\Tcpip\..\{1FD34CB8-52F7-4DD0-8210-2176C40D6F77}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{1FD34CB8-52F7-4DD0-8210-2176C40D6F77}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
--
End of file - 6788 bytes

Response Number 3

Name: SCRUFFY
Date: February 18, 2008 at 11:45:19 Pacific

Reply:

ComboFix 08-02-18.1 - Gene Campbell 2008-02-18 13:12:11.1 - NTFSx86
Running from: C:\Documents and Settings\Gene Campbell\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Gene Campbell\Application Data\AVSystemCare
C:\Documents and Settings\Gene Campbell\Application Data\AVSystemCare\Logs\threats.log
C:\Documents and Settings\Gene Campbell\Application Data\AVSystemCare\Logs\update.log
C:\Documents and Settings\Gene Campbell\Application Data\SMBOLS~1
C:\Documents and Settings\Gene Campbell\My Documents\PPPATC~1
C:\Documents and Settings\Gene Campbell\My Documents\PPPATC~1\do not call reg..rtf
C:\Documents and Settings\Gene Campbell\My Documents\PPPATC~1\Heinz 57.jpg
C:\Documents and Settings\Gene Campbell\My Documents\PPPATC~1\Thumbs.db
C:\Documents and Settings\Gene Campbell\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Gene Campbell\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Gene Campbell\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\AVSystemCare
C:\Program Files\AVSystemCare\history.db
C:\Program Files\Common Files\ssembl~1
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\mantec~1
C:\Program Files\mantec~1\r?gedit.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ystem3~1
C:\Program Files\ystem3~1\?ystem32\
C:\Program Files\ystem3~1\ati2evxx.exe
C:\Temp\isgTi19
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\lwyqf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\opppo.ini
C:\WINDOWS\system32\opppo.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vturoml.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.
2008-02-18 12:07 . 2008-02-18 12:45 <DIR> d-------- C:\VundoFix Backups
2008-02-17 23:11 . 2008-02-17 23:11 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-02-14 21:09 . 2008-02-14 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 03:32 . 2008-02-14 03:32 <DIR> d-------- C:\Install iTunes
2008-02-14 03:32 . 2008-02-14 03:32 <DIR> d-------- C:\Install ICQ
2008-02-14 03:31 . 2008-02-14 03:31 <DIR> d-------- C:\MAV
2008-02-14 03:29 . 2004-11-19 12:54 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-02-14 03:20 . 2008-02-14 03:20 <DIR> d-------- C:\Program Files\AOL Toolbar
2008-02-14 03:20 . 2008-02-14 03:20 <DIR> d-------- C:\Program Files\AOL Deskbar
2008-02-14 03:19 . 2008-02-14 03:19 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2008-02-14 03:17 . 2008-02-14 03:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-02-14 03:16 . 2008-02-14 16:13 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-02-14 03:16 . 2008-02-17 23:31 <DIR> d-------- C:\Program Files\America Online 9.0
2008-02-13 21:15 . 2008-02-13 21:15 2,560 --a------ C:\WINDOWS\_MSRSTRT.exe
2008-02-12 02:11 . 2008-02-12 02:11 <DIR> d-------- C:\Documents and Settings\Gene Campbell\Application Data\Talkback
2008-02-12 00:39 . 2008-02-18 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-11 00:01 . 2008-02-11 00:27 <DIR> d-------- C:\Program Files\RegCure
2008-02-08 15:01 . 2008-02-08 15:01 36,864 --a------ C:\WINDOWS\17PHolmes572.exe
2008-02-08 00:12 . 2008-02-08 00:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 00:12 . 2008-02-08 00:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 10:36 . 2008-01-23 10:36 <DIR> d--hs---- C:\AVSystemCare
2008-01-23 10:34 . 2008-01-23 10:34 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-23 10:33 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-01-23 10:33 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-23 10:24 . 2008-01-23 10:24 <DIR> d-------- C:\Temp\cXzz9
2008-01-22 23:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-22 23:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-22 23:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-22 23:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 06:49 --------- d-----w C:\Documents and Settings\Carolyn Campbell\Application Data\AOL
2008-02-14 09:36 --------- d-----w C:\Documents and Settings\Gene Campbell\Application Data\AOL
2008-02-14 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-14 09:31 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-14 09:21 --------- d-----w C:\Program Files\Pure Networks
2008-02-14 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 03:30 --------- d-----w C:\Program Files\Quicken
2008-02-14 03:18 --------- d-----w C:\Program Files\McAfee.com
2008-02-14 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-14 03:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-14 00:37 --------- d-----w C:\Program Files\Microsoft Money
2008-02-13 16:37 --------- d-----w C:\Program Files\Picasa2
2008-02-12 06:39 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034E98C2-6537-3E9D-5066-5200CDC6D8CC}]
C:\WINDOWS\System32\fznabcu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f9a9d07-acf3-40b7-ba34-ed4e9fa94777}]
C:\WINDOWS\System32\uurkofut.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82851D04-452A-410B-8F69-85EA45567C6D}]
C:\WINDOWS\System32\opppo.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 11:08 1511453]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]
"Aaou"="C:\PROGRA~1\YSTEM3~1\ati2evxx.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-12 00:39 68856]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17 50776]
"Jijpc"="C:\Program Files\??mantec\r?gedit.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 16:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 19:29 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 09:05 36864]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 09:26 45056]
"QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.exe" [2002-10-14 11:57 98304]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-09-09 16:42 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-09-09 16:41 557056]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 15:19 176197]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-01 16:08 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-12-18 11:23 151597]
"00000483"="C:\WINDOWS\System32\dsuwrumc.dll" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1202980626\EE\AOLHostManager.exe" [2004-11-03 15:03 125528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40 34904]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 15:33 99480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-12 00:39:05 125624]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
backup=C:\WINDOWS\pss\KODAK Picture Transfer Software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2002-12-18 11:23 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 09:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 09:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2002-08-28 18:00]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-17 05:54]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\System32\DRIVERS\Express.sys [2002-10-16 19:00]
S3 WSIMD;wsimd Service;C:\WINDOWS\System32\DRIVERS\wsimd.sys []
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 19:17:14 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-14 09:11:27 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2005-08-29 16:57:02 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-08-29 16:56:45 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-08-31 00:09:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 13:17:38
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????I??p?????????? ?X#B?????????????l|B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\COMMON~1\AOL\120298~1\EE\AOLHOS~1.exe
C:\PROGRA~1\COMMON~1\AOL\120298~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-02-18 13:21:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 19:21:42

Response Number 4

Name: jabuck
Date: February 18, 2008 at 12:42:52 Pacific

Reply:

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\System32\opppo.dll
C:\WINDOWS\System32\uurkofut.dll
C:\WINDOWS\System32\fznabcu.dll
C:\WINDOWS\System32\dsuwrumc.dll

Folder::
C:\AVSystemCare
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034E98C2-6537-3E9D-5066-5200CDC6D8CC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f9a9d07-acf3-40b7-ba34-ed4e9fa94777}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82851D04-452A-410B-8F69-85EA45567C6D}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aaou"=-
"Jijpc"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00000483"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdwareAlert]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Response Number 5

Name: SCRUFFY
Date: February 18, 2008 at 17:32:26 Pacific

Reply:

---------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 7:23:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/02/2008
Kaspersky Anti-Virus database records: 572562
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 35012
Number of viruses found: 10
Number of infected objects: 54
Number of suspicious objects: 0
Duration of the scan process: 01:29:11
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\grccampbell\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\grccampbell\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\grccampbe00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\grccampbell Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\grccampbell.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\grccampbell.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\59cec646bc7858938fbf054e8f12bd15_34c96432-5348-43a4-b84a-3808c011d717 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7dff33ea0baf1cf4e8c8d5b5dfd46250_34c96432-5348-43a4-b84a-3808c011d717 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Gene Campbell\Application Data\AOL\C_America Online 9.0\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Gene Campbell\Application Data\AOL\C_America Online 9.0\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Gene Campbell\Application Data\AOL\C_America Online 9.0\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Gene Campbell\Application Data\AOL\C_America Online 9.0\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Gene Campbell\Application Data\AOL\C_America Online 9.0\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Gene Campbell\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gene Campbell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gene Campbell\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gene Campbell\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gene Campbell\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gene Campbell\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Gene Campbell\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\AOL\ACS\US\static Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan.Win32.Scapur.k skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\MANTEC~1\rеgedit.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\YSTEM3~1\ati2evxx.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\QooBox\Quarantine\C\VundoFix Backups\cluwxqlm.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\cvobcrbb.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\djktcsuo.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\dsuwrumc.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\jtqrysqk.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\mcivrxqp.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\opppo.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\rqonlki.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\sjwhcjtb.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\tuvustq.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\uurkofut.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\vturoml.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\vvjpqhpt.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\xxyayaw.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\VundoFix Backups\xymlxpfp.dll.bad.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\17PHolmes572.exe.vir Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lwyqf.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vturoml.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0047770.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0047771.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0047775.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048019.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048021.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048023.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048025.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048026.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048027.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048029.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048030.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048031.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048032.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048033.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP177\A0048037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048108.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048110.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048111.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048114.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048115.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048115.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048116.exe Infected: Trojan-Downloader.Win32.Agent.jal skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048117.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP178\A0048118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP179\A0048214.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP179\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

dp83815/816 vista lastgood.tmp ehome infrared transceiver driver	pos tmp file how to open tmp file .tmp files in my documents
See More

Response Number 6

Name: SCRUFFY
Date: February 18, 2008 at 17:52:32 Pacific

Reply:

ComboFix 08-02-18.1 - Gene Campbell 2008-02-18 19:35:49.3 - NTFSx86
Running from: C:\Documents and Settings\Gene Campbell\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.
2008-02-18 16:17 . 2008-02-18 16:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-18 16:17 . 2008-02-18 16:17 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-18 16:17 . 2008-02-18 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 23:11 . 2008-02-17 23:11 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-02-14 21:09 . 2008-02-14 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 03:32 . 2008-02-14 03:32 <DIR> d-------- C:\Install iTunes
2008-02-14 03:32 . 2008-02-14 03:32 <DIR> d-------- C:\Install ICQ
2008-02-14 03:31 . 2008-02-14 03:31 <DIR> d-------- C:\MAV
2008-02-14 03:29 . 2004-11-19 12:54 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-02-14 03:20 . 2008-02-14 03:20 <DIR> d-------- C:\Program Files\AOL Toolbar
2008-02-14 03:20 . 2008-02-14 03:20 <DIR> d-------- C:\Program Files\AOL Deskbar
2008-02-14 03:19 . 2008-02-14 03:19 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2008-02-14 03:17 . 2008-02-14 03:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-02-14 03:16 . 2008-02-14 16:13 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-02-14 03:16 . 2008-02-18 15:32 <DIR> d-------- C:\Program Files\America Online 9.0
2008-02-13 21:15 . 2008-02-13 21:15 2,560 --a------ C:\WINDOWS\_MSRSTRT.exe
2008-02-12 02:11 . 2008-02-12 02:11 <DIR> d-------- C:\Documents and Settings\Gene Campbell\Application Data\Talkback
2008-02-12 00:39 . 2008-02-18 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-11 00:01 . 2008-02-11 00:27 <DIR> d-------- C:\Program Files\RegCure
2008-02-08 00:12 . 2008-02-08 00:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 00:12 . 2008-02-08 00:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 10:34 . 2008-01-23 10:34 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-23 10:33 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-01-23 10:33 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-23 10:24 . 2008-01-23 10:24 <DIR> d-------- C:\Temp\cXzz9
2008-01-22 23:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-22 23:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-22 23:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-22 23:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 06:49 --------- d-----w C:\Documents and Settings\Carolyn Campbell\Application Data\AOL
2008-02-14 09:36 --------- d-----w C:\Documents and Settings\Gene Campbell\Application Data\AOL
2008-02-14 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-14 09:31 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-14 09:21 --------- d-----w C:\Program Files\Pure Networks
2008-02-14 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 03:30 --------- d-----w C:\Program Files\Quicken
2008-02-14 03:18 --------- d-----w C:\Program Files\McAfee.com
2008-02-14 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-14 03:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-14 00:37 --------- d-----w C:\Program Files\Microsoft Money
2008-02-13 16:37 --------- d-----w C:\Program Files\Picasa2
2008-02-12 06:39 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 11:08 1511453]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-12 00:39 68856]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 16:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 19:29 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 09:05 36864]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 09:26 45056]
"QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.exe" [2002-10-14 11:57 98304]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-09-09 16:42 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-09-09 16:41 557056]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 15:19 176197]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-01 16:08 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-12-18 11:23 151597]
"HostManager"="C:\Program Files\Common Files\AOL\1202980626\EE\AOLHostManager.exe" [2004-11-03 15:03 125528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40 34904]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 15:33 99480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-12 00:39:05 125624]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
backup=C:\WINDOWS\pss\KODAK Picture Transfer Software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2002-12-18 11:23 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 09:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 09:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2002-08-28 18:00]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-17 05:54]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\System32\DRIVERS\Express.sys [2002-10-16 19:00]
S3 WSIMD;wsimd Service;C:\WINDOWS\System32\DRIVERS\wsimd.sys []
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 23:00:12 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-14 09:11:27 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2005-08-29 16:57:02 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-08-29 16:56:45 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-08-31 00:09:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 19:39:43
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????I??p?????????? ?X#B?????????????l|B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-18 19:41:21
ComboFix-quarantined-files.txt 2008-02-19 01:41:04
ComboFix2.txt 2008-02-18 21:36:36
ComboFix3.txt 2008-02-18 19:21:49

Response Number 7

Name: jabuck
Date: February 18, 2008 at 19:08:57 Pacific

Reply:

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Open Notepad and copy/paste everything between the X"s into it and make sure "Folder::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Folder::
C:\QooBox

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Please go to Virus Total and upload the following file for analysis:
C:\WINDOWS\_MSRSTRT.EXE

Post the results in your reply.
Post a new Combofix log.

Response Number 8

Name: SCRUFFY
Date: February 18, 2008 at 19:42:55 Pacific

Reply:

ComboFix 08-02-18.1 - Gene Campbell 2008-02-18 21:28:40.4 - NTFSx86
Running from: C:\Documents and Settings\Gene Campbell\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Gene Campbell\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\QooBox
C:\QooBox\BackEnv\appdata.folder.dat
C:\QooBox\BackEnv\cache.folder.dat
C:\QooBox\BackEnv\desktop.folder.dat
C:\QooBox\BackEnv\favorites.folder.dat
C:\QooBox\BackEnv\localappdata.folder.dat
C:\QooBox\BackEnv\localsettings.folder.dat
C:\QooBox\BackEnv\mypictures.folder.dat
C:\QooBox\BackEnv\personal.folder.dat
C:\QooBox\BackEnv\profiles.folder.dat
C:\QooBox\BackEnv\programs.folder.dat
C:\QooBox\BackEnv\setpath.bat
C:\QooBox\BackEnv\setpath.dat
C:\QooBox\BackEnv\startmenu.folder.dat
C:\QooBox\BackEnv\startup.folder.dat
C:\QooBox\BackEnv\templates.folder.dat
C:\QooBox\CFScript_used_2008-02-18@15.33.txt
C:\QooBox\CFScript_used_2008-02-18@21.28.txt
C:\QooBox\ComboFix-quarantined-files.txt
C:\QooBox\ComboFix2.txt
C:\QooBox\ComboFix3.txt
C:\QooBox\ComboFix4.txt
C:\QooBox\snapshot@2008-02-18_13.21.18.70.dat
C:\QooBox\snapshot@2008-02-18_13.21.18.70_B.dat
.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.
2008-02-18 16:17 . 2008-02-18 16:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-18 16:17 . 2008-02-18 16:17 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-18 16:17 . 2008-02-18 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-17 23:11 . 2008-02-17 23:11 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-02-14 21:09 . 2008-02-14 21:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 03:32 . 2008-02-14 03:32 <DIR> d-------- C:\Install iTunes
2008-02-14 03:32 . 2008-02-14 03:32 <DIR> d-------- C:\Install ICQ
2008-02-14 03:31 . 2008-02-14 03:31 <DIR> d-------- C:\MAV
2008-02-14 03:29 . 2004-11-19 12:54 173,184 --a------ C:\WINDOWS\system32\ygpss.scr
2008-02-14 03:20 . 2008-02-14 03:20 <DIR> d-------- C:\Program Files\AOL Toolbar
2008-02-14 03:20 . 2008-02-14 03:20 <DIR> d-------- C:\Program Files\AOL Deskbar
2008-02-14 03:19 . 2008-02-14 03:19 <DIR> d-------- C:\Program Files\Common Files\AolCoach
2008-02-14 03:17 . 2008-02-14 03:21 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-02-14 03:16 . 2008-02-14 16:13 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-02-14 03:16 . 2008-02-18 15:32 <DIR> d-------- C:\Program Files\America Online 9.0
2008-02-13 21:15 . 2008-02-13 21:15 2,560 --a------ C:\WINDOWS\_MSRSTRT.exe
2008-02-12 02:11 . 2008-02-12 02:11 <DIR> d-------- C:\Documents and Settings\Gene Campbell\Application Data\Talkback
2008-02-12 00:39 . 2008-02-18 10:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-11 00:01 . 2008-02-11 00:27 <DIR> d-------- C:\Program Files\RegCure
2008-02-08 00:12 . 2008-02-08 00:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-08 00:12 . 2008-02-08 00:12 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 10:34 . 2008-01-23 10:34 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-23 10:33 . 2004-10-07 13:39 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-01-23 10:33 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-23 10:24 . 2008-01-23 10:24 <DIR> d-------- C:\Temp\cXzz9
2008-01-22 23:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-22 23:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-22 23:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-22 23:37 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 06:49 --------- d-----w C:\Documents and Settings\Carolyn Campbell\Application Data\AOL
2008-02-14 09:36 --------- d-----w C:\Documents and Settings\Gene Campbell\Application Data\AOL
2008-02-14 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-14 09:31 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-14 09:21 --------- d-----w C:\Program Files\Pure Networks
2008-02-14 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 03:30 --------- d-----w C:\Program Files\Quicken
2008-02-14 03:18 --------- d-----w C:\Program Files\McAfee.com
2008-02-14 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-14 03:05 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-14 00:37 --------- d-----w C:\Program Files\Microsoft Money
2008-02-13 16:37 --------- d-----w C:\Program Files\Picasa2
2008-02-12 06:39 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 11:08 1511453]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-12 00:39 68856]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 16:18 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 19:29 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 09:05 36864]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 09:26 45056]
"QT4HPOT"="C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.exe" [2002-10-14 11:57 98304]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-09-09 16:42 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-09-09 16:41 557056]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2002-10-23 15:19 176197]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-01 16:08 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-12-18 11:23 151597]
"HostManager"="C:\Program Files\Common Files\AOL\1202980626\EE\AOLHostManager.exe" [2004-11-03 15:03 125528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40 34904]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 15:33 99480]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-12 00:39:05 125624]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]
backup=C:\WINDOWS\pss\KODAK Picture Transfer Software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2002-12-18 11:23 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 09:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 09:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2002-08-28 18:00]
S3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\System32\DRIVERS\aliirda.sys [2001-12-17 05:54]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;C:\WINDOWS\System32\DRIVERS\Express.sys [2002-10-16 19:00]
S3 WSIMD;wsimd Service;C:\WINDOWS\System32\DRIVERS\wsimd.sys []
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 23:00:12 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-14 09:11:27 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2005-08-29 16:57:02 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2005-08-29 16:56:45 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2003-08-31 00:09:56 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 21:32:19
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????I??p?????????? ?X#B?????????????l|B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-18 21:33:45

Response Number 9

Name: SCRUFFY
Date: February 18, 2008 at 19:58:26 Pacific

Reply:

File _MSRSTRT.exe received on 02.19.2008 04:49:11 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 2/32 (6.25%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.2.19.1 2008.02.19 Win-AppCare/Reboot.2560
AntiVir 7.6.0.67 2008.02.18 -
Authentium 4.93.8 2008.02.19 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.18 -
BitDefender 7.2 2008.02.19 -
CAT-QuickHeal 9.50 2008.02.18 Tool.Win32.Reboot (Not a Virus)
ClamAV None 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.18 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5546 2008.02.18 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.19 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.18 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
Kaspersky 7.0.0.125 2008.02.19 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2884 2008.02.18 -
Norman 5.80.02 2008.02.18 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.19 -
Rising 20.32.02.00 2008.02.18 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.18 -
Symantec 10 2008.02.19 -
TheHacker 6.2.9.223 2008.02.18 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.18 -
Webwasher-Gateway 6.6.2 2008.02.18 -
Additional information
File size: 2560 bytes
MD5: 815372073da85b2098a37ded84083c8a
SHA1: 0a70574450bee11c9c09f25f082e0253aa32ceaa
PEiD: -

Response Number 10

Name: jabuck
Date: February 18, 2008 at 20:04:17 Pacific

Reply:

Your logs appear to be clean.
How is the computer operating?

Response Number 11

Name: SCRUFFY
Date: February 18, 2008 at 20:14:03 Pacific

Reply:

It seems to be doing much better. Thanks

Response Number 12

Name: jabuck
Date: February 18, 2008 at 20:34:28 Pacific

Reply:

I didn't see an antivirus running.
I use the free version of AVG, you can download it at this link:
AVG Free Antivirus
You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster
Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.
Glad we could help.

Sponsored Link

Ads by Google

Embedded ads, dll virus

Suspcious IPs pinging/pro...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: pos*.tmp files

pos.tmp files, red X, kernel errors

Summary

www.computing.net/answers/security/postmp-files-red-x-kernel-errors/22343.html

pos.tmp files on my C: drive

Summary

www.computing.net/answers/security/postmp-files-on-my-c-drive/22200.html

pos.tmp files and red x on my c:/

Summary

www.computing.net/answers/security/postmp-files-and-red-x-on-my-c/22153.html

From the Geek Dictionary
adult - The state a person enters once they have reached the age of majority. The ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
Automatically refresh content in calendar

Loss of c\windows\system\config\systemprofile

Loss of c\windows\system\config\systemprofile

can't connect to the internet via wired ethe

Can anyone help me with this really confusing

All Awaiting Reply

Tom's News
New York Testing Console-Based Alert System

Google Uses Ad to Explain Offensive First Lady Pic

U.S. Air Force Buying 2,200 PlayStation 3s

LittleBigPlanet Playing Part in Obama's STEM Plan

Facebook Worm Sends Users to Porn

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE