.tmp files in c: drive

Original Message

Name: ko
Date: February 12, 2008 at 12:10:33 Pacific
Subject: .tmp files in c: drive
OS: Windows xp media centre e
CPU/Ram: 1.86 ghz/ 0.99 gb of ram
Model/Manufacturer: Toshiba satellite, A-100

Comment:

my laptop has a lot of .tmp files in c: drive. Also 2 icons appeared on my desktop that i cannot delete named "windows update" and "help and support centre". When i click on either, it takes me on a website. Please help!

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: February 12, 2008 at 14:03:08 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Report Offensive Follow Up For Removal

Response Number 2

Name: ko
Date: February 12, 2008 at 17:52:09 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

thanks a lot for the early reply.. here is the hijackthis log and combofix log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:54 PM, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Kiran\Desktop\VundoFix.exe
C:\Documents and Settings\Kiran\Desktop\HiJackThis.exe
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {ff62a311-c744-0b58-7a44-a44c4657c591} - {195c7564-c44a-44a7-85b0-447c113a26ff} - C:\WINDOWS\system32\youacphe.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IEbho - {77290CF2-49D3-98D3-9D95-72D9D80DCDB5} - C:\Program Files\IE bho\ie-improver.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [cavUPSDBMaker] "C:\Program Files\Comodo\Comodo AntiVirus\\UPSDBMaker.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [cc584303] rundll32.exe "C:\WINDOWS\system32\ouxqauyh.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [BeachLifeEngSetup.exe] C:\DOCUME~1\Kiran\MYDOCU~1\BEACHL~1.EXE /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Neptune's Secret\Images\stg_drm.ocx
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v4...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file://C:\Program Files\Private Eye\Images\stg_drm.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr0...
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v4...
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/g...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/sh...
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/downloa...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Little Shop of Treasures\Images\armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.iwin.com/global/premium/...
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/d...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcapl...
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 11585 bytes

ComboFix 08-02.05.3 - Kiran 2008-02-11 20:38:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.587 [GMT -8:00]
Running from: C:\Documents and Settings\Kiran\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
2008-02-11 15:58 . 2008-02-11 15:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 15:58 . 2008-02-11 15:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 22:18 . 2008-02-04 22:47 <DIR> d-------- C:\VundoFix Backups
2008-02-04 20:45 . 2008-02-04 20:54 5,100 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-23 02:46 . 2008-01-23 02:46 <DIR> d-------- C:\Program Files\SanDisk
2008-01-23 02:45 . 2008-01-23 02:45 <DIR> d-------- C:\Documents and Settings\Kiran\Application Data\InstallShield
2008-01-22 00:27 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\btnplus1.ocx
2008-01-22 00:27 . 2004-03-08 17:00 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-01-22 00:27 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2008-01-22 00:27 . 2001-06-26 14:35 131,072 --a------ C:\WINDOWS\system32\arbutton.ocx
2008-01-22 00:27 . 2000-09-27 19:45 126,976 --a------ C:\WINDOWS\system32\activeform.ocx
2008-01-22 00:27 . 2000-10-11 17:07 98,304 --a------ C:\WINDOWS\system32\ccrpUCW6.dll
2008-01-22 00:27 . 2000-10-11 17:18 98,304 --a------ C:\WINDOWS\system32\ccrpdtp6.ocx
2008-01-22 00:27 . 1999-12-01 00:00 24,576 --a------ C:\WINDOWS\system32\StopwatchMM.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-05 07:11 --------- d-----w C:\Program Files\QuickTime
2008-02-05 07:10 --------- d-----w C:\Program Files\ltmoh
2008-02-05 07:10 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-05 06:57 40,960 ----a-w C:\WINDOWS\VM_STI .EXE
2008-01-23 10:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 08:35 --------- d-----w C:\Program Files\Acoustica MP3 CD Burner
2008-01-05 08:34 --------- d-----w C:\Documents and Settings\Kiran\Application Data\Acoustica
2008-01-02 22:23 --------- d-----w C:\Program Files\MSN Messenger
2008-01-02 22:21 --------- d-----w C:\Program Files\Windows Live
2008-01-02 22:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-02 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 17:29 --------- d-----w C:\Program Files\TubeSucker
2007-12-29 17:23 --------- d-----w C:\Program Files\LimeWire
2007-12-28 01:17 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-28 01:17 --------- d-----w C:\Documents and Settings\Kiran\Application Data\NCH Swift Sound
2007-12-28 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-24 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-23 23:39 --------- d-----w C:\Program Files\NCH Software
2007-12-20 08:13 --------- d--h--w C:\Program Files\IE bho
2007-10-06 03:20 933 -c--a-w C:\Program Files\INSTALL.LOG
2007-01-04 21:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
[code]
----a-w           185,896 2008-02-05 06:57:36  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w           110,592 2008-02-05 06:57:46  C:\Program Files\Comodo\Comodo AntiVirus\CMain .exe
----a-w           662,016 2008-02-05 06:57:51  C:\Program Files\Comodo\Comodo AntiVirus\UPSDBMaker .exe
----a-w           157,592 2008-02-05 06:57:27  C:\Program Files\DAEMON Tools\daemon .exe
----a-w           696,320 2008-02-05 06:57:09  C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w           802,816 2008-02-05 06:57:06  C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w            83,608 2008-02-05 06:57:39  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w           184,320 2008-02-05 06:56:58  C:\Program Files\ltmoh\Ltmoh .exe
----a-w         5,674,352 2007-12-28 09:22:46  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w            75,584 2008-02-05 06:57:50  C:\Program Files\SanDisk\Sansa Updater\SansaDispatch .exe
----a-w           761,948 2008-02-05 06:57:03  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            65,536 2008-01-09 04:31:58  C:\Program Files\Toshiba\TOSCDSPD\toscdspd .exe
----a-w           356,352 2008-02-05 06:56:54  C:\Program Files\Toshiba\TOSHIBA Applet\thotkey .exe
----a-w           122,880 2008-02-05 06:56:47  C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView .exe
----a-w            73,728 2008-02-05 06:56:51  C:\Program Files\Toshiba\Tvs\TvsTray .exe
----a-w            40,960 2008-02-05 06:57:19  C:\WINDOWS\VM_STI .EXE
----a-w            64,512 2008-02-05 06:13:08  C:\WINDOWS\ehome\ehtray .exe
----a-w           278,545 2008-02-05 06:15:27  C:\WINDOWS\Fonts\svchost .exe
----a-w            15,360 2008-01-16 02:05:49  C:\WINDOWS\system32\ctfmon .exe
----a-w            77,824 2008-02-05 06:14:18  C:\WINDOWS\system32\hkcmd .exe
----a-w           118,784 2008-01-28 06:50:37  C:\WINDOWS\system32\igfxpers .exe
----a-w            94,208 2008-02-05 06:14:15  C:\WINDOWS\system32\igfxtray .exe
----a-w           122,940 2008-02-05 06:56:48  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
[/code]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{195c7564-c44a-44a7-85b0-447c113a26ff}]
C:\WINDOWS\system32\youacphe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77290CF2-49D3-98D3-9D95-72D9D80DCDB5}]
2007-10-02 10:53 95232 --a------ C:\Program Files\IE bho\ie-improver.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [ ]
"BeachLifeEngSetup.exe"="C:\DOCUME~1\Kiran\MYDOCU~1\BEACHL~1.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 15:50 88204 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [ ]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [ ]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [ ]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [ ]
"TFncKy"="TFncKy.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [ ]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"TPSMain"="TPSMain.exe" [2005-05-31 20:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" []
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [ ]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [ ]
"cavUPSDBMaker"="C:\Program Files\Comodo\Comodo AntiVirus\\UPSDBMaker.exe" [ ]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [ ]
"cc584303"="C:\WINDOWS\system32\ouxqauyh.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-10-08 13:30:49 298]
C:\Documents and Settings\Kiran\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-01-29 16:57:47 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
monln.dll 2007-09-17 21:32 216576 C:\WINDOWS\system32\monln.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-10 04:00]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
S3 zlportio;zlportio;C:\Program Files\WinKeeper\zlportio.sys []
S3 ZSMC302;USB(VGA) Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys [2003-10-16 17:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f24332-8c0c-11db-a8fd-0018de06bcd2}]
\Shell\AutoRun\command - F:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1556206-6b30-11dc-abbc-0018de06bcd2}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 20:44:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-11 20:47:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 04:47:53
ComboFix2.txt 2008-02-05 07:22:36
.
2008-01-09 11:05:51 --- E O F ---

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: February 12, 2008 at 18:14:03 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 185,896 2008-02-05 06:57:36 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 110,592 2008-02-05 06:57:46 C:\Program Files\Comodo\Comodo AntiVirus\CMain .exe
----a-w 662,016 2008-02-05 06:57:51 C:\Program Files\Comodo\Comodo AntiVirus\UPSDBMaker .exe
----a-w 157,592 2008-02-05 06:57:27 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 696,320 2008-02-05 06:57:09 C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
----a-w 802,816 2008-02-05 06:57:06 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc .exe
----a-w 83,608 2008-02-05 06:57:39 C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w 184,320 2008-02-05 06:56:58 C:\Program Files\ltmoh\Ltmoh .exe
----a-w 5,674,352 2007-12-28 09:22:46 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 75,584 2008-02-05 06:57:50 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch .exe
----a-w 761,948 2008-02-05 06:57:03 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 65,536 2008-01-09 04:31:58 C:\Program Files\Toshiba\TOSCDSPD\toscdspd .exe
----a-w 356,352 2008-02-05 06:56:54 C:\Program Files\Toshiba\TOSHIBA Applet\thotkey .exe
----a-w 122,880 2008-02-05 06:56:47 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView .exe
----a-w 73,728 2008-02-05 06:56:51 C:\Program Files\Toshiba\Tvs\TvsTray .exe
----a-w 40,960 2008-02-05 06:57:19 C:\WINDOWS\VM_STI .EXE
----a-w 64,512 2008-02-05 06:13:08 C:\WINDOWS\ehome\ehtray .exe
----a-w 278,545 2008-02-05 06:15:27 C:\WINDOWS\Fonts\svchost .exe
----a-w 15,360 2008-01-16 02:05:49 C:\WINDOWS\system32\ctfmon .exe
----a-w 77,824 2008-02-05 06:14:18 C:\WINDOWS\system32\hkcmd .exe
----a-w 118,784 2008-01-28 06:50:37 C:\WINDOWS\system32\igfxpers .exe
----a-w 94,208 2008-02-05 06:14:15 C:\WINDOWS\system32\igfxtray .exe
----a-w 122,940 2008-02-05 06:56:48 C:\WINDOWS\system32\DLA\DLACTRLW .EXE
File::
C:\Program Files\IE bho\ie-improver.dll
C:\WINDOWS\system32\ouxqauyh.dll
C:\WINDOWS\SYSTEM32\monln.dll

Driver::
cc584303
monln
Folder::
C:\Program Files\IE bho

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{195c7564-c44a-44a7-85b0-447c113a26ff}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77290CF2-49D3-98D3-9D95-72D9D80DCDB5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Post a new Combofix log and a new Hijack This log.

Report Offensive Follow Up For Removal

Response Number 4

Name: ko
Date: February 15, 2008 at 22:57:05 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

here is the Kaspersky Online Scanner report.. thanks a lot again for looking into this!

---------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 15, 2008 1:52:07 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 568431
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 84250
Number of viruses found: 17
Number of infected objects: 138
Number of suspicious objects: 0
Duration of the scan process: 02:07:58
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-14_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04A76DC4.0om Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61456861.0om Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65326C0E.0om Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6A536ABD.0om Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6BF812EE.0om Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ECA51D4.0om Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79983BF0.0om Infected: EICAR-Test-File skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\history.dat Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\key3.db Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\30\402a7b1e-2a28851e Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\54\6f1181f6-43e43635/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\54\6f1181f6-43e43635 ZIP: infected - 1 skipped
C:\Documents and Settings\Kiran\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kiran\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\DivX\Movies\divx-890-vo-llnwd-net_.divx.part Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Comodo\Comodo AntiVirus\CMain.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Comodo\Comodo AntiVirus\UPSDBMaker.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\DAEMON Tools\daemon.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\IE bho\ie-improver.dll.vir Infected: Trojan-Downloader.Win32.BHO.ak skipped
C:\QooBox\Quarantine\C\Program Files\Intel\Wireless\Bin\ifrmewrk.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Java\jre1.6.0_01\bin\jusched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\ltmoh\Ltmoh.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\QuickTime\qttask.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Synaptics\SynTP\SynTPEnh.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Toshiba\TOSHIBA Applet\thotkey.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Toshiba\Tvs\TvsTray.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\msnmsgr .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Windows Live\Messenger\MsnMsgr.Exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\aubgoueq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\DLA\DLACTRLW.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\eciqabku.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\geebc.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hggghef.dll.vir Infected: Trojan-Downloader.Win32.Small.hkd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iehmrbhb.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pihlegsr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sysdl132.exe.vir Infected: Trojan-Downloader.Win32.BHO.al skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\C\WINDOWS\VM_STI.EXE.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\winlogon.exe.vir Infected: not-a-virus:PSWTool.Win32.PassView.p skipped
C:\QooBox\Quarantine\catchme2008-02-04_231743.37.zip/geebc.dll Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\catchme2008-02-04_231743.37.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP213\change.log Object is locked skipped
C:\VundoFix Backups\aimqiuix.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\anudddvg.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\clasguon.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\covvxafk.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\ehtray.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\eovcdeud.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\eyeoneer.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\fqmkeeoe.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\fveycdow.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\geebc.dll.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\geebc.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\gnuhsqik.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\gpntmjit.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\hggghef.dll.bad Infected: Trojan-Downloader.Win32.Small.hkd skipped
C:\VundoFix Backups\hkcmd.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\iehmrbhb.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\igfxpers.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\igfxtray.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\kmmqyjub.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\ktslxldy.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\nfjjyuuj.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\nlcobmrr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\oabewgvb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ouxqauyh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
C:\VundoFix Backups\RecoverFromReboot.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\sbihuomw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\svchost.exe.bad Infected: Virus.Win32.Trats.d skipped
C:\VundoFix Backups\tojqsori.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\tooehwvx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wsxvmkaa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\wyaojnel.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\xbpwgqpw.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
C:\VundoFix Backups\xsffbswr.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\yfakoiln.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ynjbxbnt.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.is skipped
C:\VundoFix Backups\youacphe.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\yviowgcd.exe.bad Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\VundoFix Backups\yyhddoma.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{013F4CEE-9A73-4882-9D7A-3DB646518252}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E318DF52-6493-40FA-A2D9-6408576CD138}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\oins.exe Infected: Trojan-Dropper.Win32.PurityScan.ai skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\AviPlayerSetup.exe/data0011 Infected: Trojan-Spy.Win32.Banker.anv skipped
D:\AviPlayerSetup.exe NSIS: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Report Offensive Follow Up For Removal

Response Number 5

Name: ko
Date: February 15, 2008 at 23:17:04 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

Also here are the hijack this and combo fix logs..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:51 AM, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\Kiran\Desktop\HiJackThis.exe
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB(VGA) Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [cavUPSDBMaker] "C:\Program Files\Comodo\Comodo AntiVirus\\UPSDBMaker.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [cc584303] rundll32.exe "C:\WINDOWS\system32\ouxqauyh.dll",b
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKCU\..\Run: [BeachLifeEngSetup.exe] C:\DOCUME~1\Kiran\MYDOCU~1\BEACHL~1.EXE /r
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd....
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Neptune's Secret\Images\stg_drm.ocx
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v4...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file://C:\Program Files\Private Eye\Images\stg_drm.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr0...
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v4...
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/g...
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/sh...
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/downloa...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Little Shop of Treasures\Images\armhelper.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.iwin.com/global/premium/...
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/d...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcapl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 11893 bytes
ComboFix 08-02.05.3 - Kiran 2008-02-15 2:00:01.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.398 [GMT -8:00]
Running from: C:\Documents and Settings\Kiran\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.
2008-02-14 22:23 . 2008-02-14 22:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-14 22:23 . 2008-02-14 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 21:20 . 2004-08-10 04:00 388,608 --a------ C:\kmd.exe
2008-02-11 15:58 . 2008-02-11 15:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 15:58 . 2008-02-11 15:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 22:18 . 2008-02-04 22:47 <DIR> d-------- C:\VundoFix Backups
2008-02-04 20:45 . 2008-02-04 20:54 5,100 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-23 02:46 . 2008-01-23 02:46 <DIR> d-------- C:\Program Files\SanDisk
2008-01-23 02:45 . 2008-01-23 02:45 <DIR> d-------- C:\Documents and Settings\Kiran\Application Data\InstallShield
2008-01-22 00:27 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\btnplus1.ocx
2008-01-22 00:27 . 2004-03-08 17:00 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-01-22 00:27 . 1999-09-16 09:04 151,552 --a------ C:\WINDOWS\system32\ccrpfd6.ocx
2008-01-22 00:27 . 2001-06-26 14:35 131,072 --a------ C:\WINDOWS\system32\arbutton.ocx
2008-01-22 00:27 . 2000-09-27 19:45 126,976 --a------ C:\WINDOWS\system32\activeform.ocx
2008-01-22 00:27 . 2000-10-11 17:07 98,304 --a------ C:\WINDOWS\system32\ccrpUCW6.dll
2008-01-22 00:27 . 2000-10-11 17:18 98,304 --a------ C:\WINDOWS\system32\ccrpdtp6.ocx
2008-01-22 00:27 . 1999-12-01 00:00 24,576 --a------ C:\WINDOWS\system32\StopwatchMM.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 05:21 --------- d-----w C:\Program Files\MSN Messenger
2008-02-12 05:21 --------- d-----w C:\Program Files\ltmoh
2008-02-12 05:21 --------- d-----w C:\Program Files\DAEMON Tools
2008-02-05 07:11 --------- d-----w C:\Program Files\QuickTime
2008-02-05 06:57 40,960 ----a-w C:\WINDOWS\VM_STI.EXE
2008-01-23 10:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-05 08:35 --------- d-----w C:\Program Files\Acoustica MP3 CD Burner
2008-01-05 08:34 --------- d-----w C:\Documents and Settings\Kiran\Application Data\Acoustica
2008-01-02 22:21 --------- d-----w C:\Program Files\Windows Live
2008-01-02 22:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-02 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-29 17:29 --------- d-----w C:\Program Files\TubeSucker
2007-12-29 17:23 --------- d-----w C:\Program Files\LimeWire
2007-12-28 01:17 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-28 01:17 --------- d-----w C:\Documents and Settings\Kiran\Application Data\NCH Swift Sound
2007-12-28 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-24 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-12-23 23:39 --------- d-----w C:\Program Files\NCH Software
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-10-06 03:20 933 -c--a-w C:\Program Files\INSTALL.LOG
2007-01-04 21:03 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-01-08 20:31 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 04:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr .exe" [ ]
"VoipDiscount"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" [ ]
"BeachLifeEngSetup.exe"="C:\DOCUME~1\Kiran\MYDOCU~1\BEACHL~1.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2008-02-04 22:13 64512]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 14:59 16206848 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 15:50 88204 C:\WINDOWS\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2008-02-04 22:56 122940]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2008-02-04 22:56 122880]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2008-02-04 22:56 73728]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2008-02-04 22:56 356352]
"TFncKy"="TFncKy.exe" []
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2008-02-04 22:56 184320]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-04 22:57 761948]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-02-04 22:57 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-02-04 22:57 696320]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-04 22:14 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-04 22:14 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2008-01-27 22:50 118784]
"TPSMain"="TPSMain.exe" [2005-05-31 20:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" []
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2008-02-04 22:57 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-02-04 22:57 157592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-04 22:57 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2008-02-04 22:57 83608]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [ ]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-02-04 22:57 110592]
"cavUPSDBMaker"="C:\Program Files\Comodo\Comodo AntiVirus\\UPSDBMaker.exe" [2008-02-04 22:57 662016]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [ ]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-02-04 22:57 75584]
"cc584303"="C:\WINDOWS\system32\ouxqauyh.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]
C:\Documents and Settings\Kiran\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14 59080]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-01-29 16:57:47 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-10 04:00]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47]
S3 zlportio;zlportio;C:\Program Files\WinKeeper\zlportio.sys []
S3 ZSMC302;USB(VGA) Camera;C:\WINDOWS\system32\Drivers\usbvm302.sys [2003-10-16 17:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83f24332-8c0c-11db-a8fd-0018de06bcd2}]
\Shell\AutoRun\command - F:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1556206-6b30-11dc-abbc-0018de06bcd2}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 02:11:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
.
**************************************************************************
.
Completion time: 2008-02-15 2:14:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 10:14:01
ComboFix2.txt 2008-02-12 05:31:06
ComboFix3.txt 2008-02-12 04:47:59
ComboFix4.txt 2008-02-05 07:22:36
.
2008-02-12 11:55:18 --- E O F ---

Report Offensive Follow Up For Removal


POS. tmp files in C drive, Red X ic pos.tmp files on c drive and my doc pos tmp files on c, red x,slow,dll Red X virus Help! pos.tmp files, red x on c:/	my C drive changed to a RED X POS .tmp files HELP! POS.tmp files, slow computer HELP! Error Msgs & Random tmp Files pos.tmp in C: w/ error pop ups

Response Number 6

Name: jabuck
Date: February 16, 2008 at 05:16:18 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.
Next,navigate to and delete the contents of this folder, but do not delete the folder itself.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File:
C:\WINDOWS\system32\oins.exe
C:\WINDOWS\Fonts\Setup.exe
Folder::
C:\QooBox
C:\VundoFix Backups

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Your D: drive is infected, run you antivirus on the D: drive.
Run Hijack This> click the "open misc. tools section" button> click the "open uninstall manager" button> click "save list..."> click save> post the list that is produced.
Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and click "fix checked":
O4 - HKLM\..\Run: [cc584303] rundll32.exe "C:\WINDOWS\system32\ouxqauyh.dll",b
Exit Hijack this
Please please a new Kaspersky scan.

Report Offensive Follow Up For Removal

Response Number 7

Name: ko
Date: February 16, 2008 at 15:15:37 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

here is the uninstall report by hijack this and next to it is kaspersky scan report

32 Bit HP CIO Components Installer
3D Groove Playback Engine
Acoustica MP3 CD Burner
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Shockwave Player
afreeCodecVT
Agatha Christie Peril At End House
Apple Software Update
avast! Antivirus
AVG 7.5
AVG Anti-Spyware 7.5
Avi Player
BitTorrent 5.0.7
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Cole2k Media - Codec Pack (Advanced) 6.0.9
Comodo AntiVirus Beta 2.0
Compatibility Pack for the 2007 Office system
Daniusoft Video to MP4 Converter(Build 1.1.10)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD-RAM Driver
EA SPORTS(TM) Cricket 07
Express Burn
Express Rip
EZface ActiveX 209
FileZilla (remove only)
GDivX Zenith Player
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB917332)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
Java(TM) 6 Update 4
Kaspersky Online Scanner
LiveUpdate 3.0 (Symantec Corporation)
Maple 10
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
MINITAB 14 Student
mIWA
MixPad
mLogView
mMHouse
Mozilla Firefox (2.0.0.12)
MP3 Player Utilities 3.68
MP3 Remix Player Standalone
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
mZConfig
neroxml
Otto
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Sansa Updater
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic DLA
Sonic Encoders
Sonic RecordNow!
SopCore 1.1.2
Switch
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
TubeSucker
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB(VGA) Camera
Video ActiveX Enhancement 2.07
Virtools 3D Life Player
WavePad Uninstall
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
WordWeb
Yahoo! Install Manager
Yazzle by Outerinfo
---------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 16, 2008 6:09:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/02/2008
Kaspersky Anti-Virus database records: 569372
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 84226
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 02:28:28
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\history.dat Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\key3.db Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\30\402a7b1e-2a28851e Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\54\6f1181f6-43e43635/BaaaaBaa.class Infected: Exploit.Java.Gimsh.a skipped
C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\54\6f1181f6-43e43635 ZIP: infected - 1 skipped
C:\Documents and Settings\Kiran\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Application Data\Mozilla\Firefox\Profiles\nw8cl5ul.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\History\History.IE5\MSHist012008021620080217\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kiran\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kiran\My Documents\AgathaChristieDeathontheNile_dwn.exe Object is locked skipped
C:\Documents and Settings\Kiran\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kiran\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP220\A0157775.exe Object is locked skipped
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP220\A0157776.exe Object is locked skipped
C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP221\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9EA302F4-BCC5-4E2F-8275-9B30EA2D3DD2}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{055B75CF-5D22-4CBA-B9D1-2D6654DF6E1F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_7bc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\AviPlayerSetup.exe/data0011 Infected: Trojan-Spy.Win32.Banker.anv skipped
D:\AviPlayerSetup.exe NSIS: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP221\A0157880.exe Object is locked skipped
D:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP221\change.log Object is locked skipped
Scan process completed.

Report Offensive Follow Up For Removal

Response Number 8

Name: jabuck
Date: February 21, 2008 at 16:22:08 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

Go to start> controll panel. add/remove programs and uninstall this program:
Yazzle by Outerinfo
navigate to and delete these files if found:

D:\AviPlayerSetup.exe/data0011 D:\AviPlayerSetup.exe
C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\30\402a7b1e-2a28851e C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\54\6f1181f6-43e43635/BaaaaBaa.class C:\Documents and Settings\Kiran\Application Data\Sun\Java\Deployment\cache\6.0\54\6f1181f6-43e43635 ZIP
You will most likely need to reinstall Java and AviPlayer.

Report Offensive Follow Up For Removal

Response Number 9

Name: ko
Date: February 25, 2008 at 22:42:03 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

thank you so much for all your help! my laptop is working great now. I appreciate it a lot!

Report Offensive Follow Up For Removal

Response Number 10

Name: ko
Date: March 2, 2008 at 11:33:51 Pacific
Subject: .tmp files in c: drive

Reply: (edit)

Hello again, I don't know if this new problem is related to the old one, but my laptop was working for so ma