Webuser Forums: TBUNIN ( my PC oven) not hot cross sort.

Hello again Joe,
Hope you are ok. Hope you had a visit from the easter bunny, looks like I've had a visit from the easter bunin.
Many thanks for your help,........again.

ComboFix 08-03-25.4 - teded2 2008-03-26 21:56:34.1 - FAT32x86
Running from: C:\Program Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\start.exe
C:\WINDOWS\Web\default.httcc

.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-26 21:45 . 2008-03-26 21:50 1,599,547 --a------ C:\Program Files\ComboFix.exe
2008-03-26 13:34 . 2008-03-26 13:35 532,480 --a------ C:\Program Files\cwshredder.exe
2008-03-26 13:31 . 2008-03-26 13:31 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-26 13:22 . 2008-03-26 13:30 2,751,368 --a------ C:\Program Files\ccsetup206.exe
2008-03-22 19:37 . 2008-03-22 19:37 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\EPSON
2008-03-22 19:21 . 2008-03-22 19:21 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\Smart Panel
2008-03-22 19:21 . 2008-03-22 19:21 29 --a------ C:\WINDOWS\DEBUGSM.INI
2008-03-22 19:09 . 2008-03-22 19:09 <DIR> d-------- C:\Documents and Settings\teded2\Application Data\ABBYY
2008-03-22 19:09 . 2008-03-22 19:09 39,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
2008-03-22 19:06 . 2008-03-22 19:06 <DIR> d-------- C:\Program Files\ABBYY
2008-03-22 19:06 . 2001-10-19 12:18 708,696 --a------ C:\WINDOWS\SYSTEM32\python21.dll
2008-03-22 19:06 . 2001-10-19 12:18 290,919 --a------ C:\WINDOWS\SYSTEM32\pythoncom21.dll
2008-03-22 19:06 . 2001-10-19 12:19 57,344 --a------ C:\WINDOWS\SYSTEM32\PyWinTypes21.dll
2008-03-22 19:05 . 2008-03-22 19:05 <DIR> d-------- C:\Program Files\Common Files\Python
2008-03-22 19:02 . 1999-06-15 11:31 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2008-03-22 19:02 . 1999-12-07 02:03 73,216 --a------ C:\WINDOWS\ADE.DLL
2008-03-22 19:02 . 1999-04-27 00:17 3,136 --a------ C:\WINDOWS\Ade001.bin
2008-03-22 19:02 . 2000-09-08 13:31 72 --------- C:\WINDOWS\SYSTEM32\epDPE.ini
2008-03-22 19:00 . 2008-03-22 19:00 <DIR> d-------- C:\Program Files\Smart Panel
2008-03-22 18:59 . 2003-03-28 16:56 176,128 --a------ C:\WINDOWS\SYSTEM32\ESWIA30.dll
2008-03-22 18:58 . 2003-03-28 16:57 278,528 --a------ C:\WINDOWS\SYSTEM32\esint30.dll
2008-03-22 18:58 . 2003-03-28 16:50 64,000 --a------ C:\WINDOWS\SYSTEM32\ESFW30.BIN
2008-03-22 18:57 . 2003-03-10 00:00 217,088 --a------ C:\WINDOWS\SYSTEM32\ESDTR.dll
2008-03-22 18:53 . 2008-03-22 18:54 131 --a------ C:\WINDOWS\EPSON Perfection 1670S.ini
2008-03-22 18:20 . 2008-03-22 18:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 18:16 . 2008-03-22 18:18 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-03-21 13:08 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2008-03-21 12:57 . 2007-12-20 09:43 248,448 --a------ C:\WINDOWS\SYSTEM32\PROUnstl.exe
2008-03-20 20:36 . 2008-03-20 20:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-03-20 20:36 . 2008-03-20 20:36 79,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdGuard.sys
2008-03-20 20:36 . 2008-03-20 20:36 23,672 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdhlp.sys
2008-03-20 18:56 . 2008-03-20 20:16 20,956,416 --a------ C:\Program Files\CFP_Setup_3.0.20.320_XP_Vista_x32.exe
2008-03-18 17:34 . 2008-03-18 17:34 <DIR> d-------- C:\Program Files\Sun
2008-03-01 13:01 . 2008-03-01 13:01 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-01 12:39 . 2008-03-01 12:59 1,567,713 --a------ C:\Program Files\revosetup.exe
2008-03-01 12:18 . 2008-03-01 12:18 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-01 12:18 . 2008-03-01 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-01 11:59 . 2008-03-01 12:17 2,671,816 --a------ C:\Program Files\spywareblastersetup40.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 19:36 139,008 ----a-w C:\WINDOWS\SYSTEM32\guard32.dll
2008-02-21 10:42 --------- d-----w C:\Documents and Settings\teded2\Application Data\LimeWire
2008-02-21 10:41 --------- d-----w C:\Program Files\LimeWire
2008-02-21 10:40 4,506,256 ----a-w C:\Program Files\LimeWireWin.exe
2008-02-19 10:28 --------- d-----w C:\Documents and Settings\teded2\Application Data\SlipStream
2008-02-18 18:03 --------- d-----w C:\Program Files\Foxit Software
2008-02-18 09:36 --------- d-----w C:\Program Files\Secunia
2008-02-18 09:35 469,794 ----a-w C:\Program Files\PSISetup.exe
2008-02-17 22:40 --------- d-----w C:\Program Files\Common Files\Java
2008-02-17 12:45 --------- d-----w C:\Documents and Settings\teded2\Application Data\wsInspector
2008-02-17 12:38 --------- d-----w C:\Program Files\Startup Inspector for Windows
2008-02-17 12:37 685,988 ----a-w C:\Program Files\isw2.exe
2008-02-16 12:53 --------- d-----w C:\Program Files\Java
2008-02-14 13:20 --------- d-----w C:\Documents and Settings\teded2\Application Data\Uniblue
2008-02-13 11:49 --------- d-----w C:\Documents and Settings\teded2\Application Data\Media Player Classic
2008-02-13 11:48 --------- d-----w C:\Program Files\XP Codec Pack
2008-02-13 11:06 318,904 ----a-w C:\Program Files\wmpfirefoxplugin.exe
2008-02-12 22:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-12 19:21 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-04 11:16 --------- d-----w C:\Program Files\Stickies
2008-02-04 11:16 --------- d-----w C:\Documents and Settings\teded2\Application Data\stickies
2008-02-04 11:15 998,944 ----a-w C:\Program Files\stickies.exe
2008-01-23 18:49 2,733,928 ----a-w C:\Program Files\ccsetup204.exe
2008-01-21 19:09 3,080,257 ----a-w C:\Program Files\aaw2007.exe.part
2008-01-11 05:53 44,544 ------w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2007-12-14 19:59 42,567,136 ----a-w C:\Program Files\93.71_forceware_winxp2k_english_whql.exe
2007-12-11 15:19 6,026,816 ----a-w C:\Program Files\Firefox Setup 2.0.0.11.exe
2007-12-11 10:35 7,467,056 ----a-w C:\Program Files\spybotsd15.exe
2007-12-10 23:20 266 --sh--w C:\Program Files\desktop.ini
2007-12-10 23:20 11,079 ---h--w C:\Program Files\folder.htt
2007-12-14 00:51 32,768 --sha-w C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007121420071215\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 04:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-10-07 12:04 2083664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-22 15:54 579072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-20 20:36 1481984]
"SystemTray"="SysTray.Exe" [2001-08-23 12:00 3072 C:\WINDOWS\SYSTEM32\systray.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GLF2F.tmp"="cmd /c rmdir /s /q C:\Program Files\GLF2F.tmp" [ ]
"onspeed_toolbar"="C:\DOCUME~1\teded2\LOCALS~1\Temp\TBUNIN~1.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-11 15:44 219136]

C:\Documents and Settings\teded2\Start Menu\Programs\Startup\
Stickies.lnk - C:\Program Files\Stickies\stickies.exe [2008-01-16 22:39:46 757760]
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [2008-02-05 11:36:24 610304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-03-20 20:36]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-03-20 20:36]
R1 SMBus;Intel(R) SMBus Driver;C:\WINDOWS\system32\DRIVERS\SMBus.sys [2001-08-20 17:33]
R3 PSI;PSI;C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-01-22 10:18]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"1999-04-23 21:22:00 C:\WINDOWS\Tasks\Tune-up Application Start.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 22:12:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-03-26 22:14:03
ComboFix-quarantined-files.txt 2008-03-26 21:13:56
.
2008-03-15 11:49:54 --- E O F ---

--------------------
XP Home,comodo.AVG. S&D,,Mozilla,
Spywareblaster, Ccleaner and much2much time

I wish I had a mind to make up

Post Extras