OK here is the new combo log
ComboFix 07-10-19.1 - Auto 2007-10-19 19:14:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.138 [GMT -4:00]
Running from: C:\Documents and Settings\Auto\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Auto\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\ogfygxul.exe
C:\WINDOWS\system32\xwvwa.bak1
C:\WINDOWS\system32\xwvwa.bak2
.
ADS - _default.pif: deleted 940358 bytes in 87 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Auto\Application Data\WeatherBug
C:\Documents and Settings\Auto\Application Data\WeatherBug\
0107_Winter.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\
0107_Winter_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\
06_Winter_BUBBLE_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\
06_Winter_BUBBLE_Mask_updated.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\
06_Winter_Bubble_Wrap.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\
06_Winter_Bubble_Wrap_updated.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_ActiveStorms.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_Disney.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_Disney_2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_Disney_3.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_Hurricane_09252007.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_Hurricane_Dean.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_HurricaneCommandCenter.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_HurricaneCommandCenterWithFlag.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_NST_3-22-07.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_NWF.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_Unicef2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96_VZW.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96BlowoutSale.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96BlowoutSalev2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96DisneyQuestforGold.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96FarmersAlmanacOutlookTile.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96FOG_Lightning.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96FreeTrial.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96HurricaneNameVideo_Plus_Mobile.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96HurricaneVideo.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96LiveTrafficCameras.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96Mobile2_0507.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96New_Disney.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96New_Disney_2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96PlusNVerizon.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96Professional.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96SponsorTileMobileVideo.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96Verizon.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96video.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96video1_mobile2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96vidgallery.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96vidgallery2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless10.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless12.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless13.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless18.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless20.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless21.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless22.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless24.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\102x96wireless27.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\4th_of_July_0707.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\4th_of_July_0707_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\505.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_blueyellow.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_blueyellow_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_blueyellow_nav_traffic.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brand_delta_approved.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brand_delta_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brand_holidayinn_approved1.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brand_holidayinn_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brand_sony_approved.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brand_sony_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_APPROVED.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_cherryb_approved.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_cherryb_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_mobile.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_mobile_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_Mobile_MASK_bubble.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_MobileAPPROVED.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_plus.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_PLUS_AP_Holiday.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_plus_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_PLUS_MASK_Holiday.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_pws.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_pws_mask_new.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_spring2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_spring2_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_valAPPROVED.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_valMASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_winter_PLUS.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_brandwrap_winter_Plus_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Default_Fall_1007.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Default_Fall_1007_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Default_Spring_Mobile_BG_0506.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Default_Spring_Mobile_MASK_0506.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_default_winter_0106_Background.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_default_winter_0106_bg_updated.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_default_winter_0106_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_fall_mobile1_new.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_fall_mobile2_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_fallbrandwrap_mobile1.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_fallbrandwrap_mobile2B.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_fallbrandwrap_plus.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_fallbrandwrap_plus_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Fixed_BRWP_valMASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_FixedBRWP_valAPPROVED.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic_Forecast_BG_0206.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic_Forecast_MASK_0206.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic_Photo_Approved.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic_Photo_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_generic_summerAPPROVED.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_generic_summerMASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic_Sun_0306_Final.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic_Sun_0306_Final.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2005_Final.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2005_Final.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2006_Fall_091406.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2006_Fall_091406.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2007_Summe_0807r.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2007_Summer.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2007_Summer_070507.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2007_Summer_070507_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2007_Summer_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Generic2007_Summer_Mask_0807.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_GenericPLUS_approved.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_GenericPLUS_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_GenericPLUS_Summer_082906.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_GenericPLUS_Summer_082906.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_GenericRadarMaps_Final.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_GenericRadarMaps_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_nav_dark_round_1105.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_nav_light_round_0706.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_nav_light_square_0206.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_nav_light_square_0706.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Protonix_Approved2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Protonix_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Shamrock-mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Shamrock.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Share_alert_tab2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Share_alert_tab2_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Spring_Bubble_0507.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Spring_Bubble_Mask_0507.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Tornado_Spring_0607.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60_Tornado_Spring_0607_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60brandwrap.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60brandwrap_plus.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Default-mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Default.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60fall_mobiletile.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60nav_dark_round.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60nav_Generic2005.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60nav_Generic2005_1.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60nav_light_square.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-ACE-2-083007.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-ACE-2-083007.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-AmericanExpress-mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-AmericanExpress.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-BlockBuster-mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-BlockBuster.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Bose.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Bose_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Campbells-mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Campbells.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-CastrolSPnew.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-CastrolSPnew_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-GoRving-mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-GoRving.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Netflix-mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Netflix.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-OralB.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-OralB_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Tamiflu.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Tamiflu_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-Toshiba.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-ToshibaMASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-trane2_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales-trane3_shell.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Ace_Hardware.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Clinique_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_clinique_shell.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Delsym_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Delsym_shell.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Orlando_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_OrlandoNEW.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Stovetop_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Stovetop_shell.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Toshiba_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_Toshiba_SHELL.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_united_0707_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\60Sales_united_0707_SKIN.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\60SalesAce_Hardware_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Adderall_BRWP_Final.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Adderall_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Allstate.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Allstate_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Cortaid.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Cortaid.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\disney_wrap.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\disney_wrap_background.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Fall-VZWbubble_APPROVED.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Fall-VZWbubble_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Fall.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Fall_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Fox_Theatrical_approved.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Fox_Theatrical_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\GoldTopNav_Wireless_Round.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\GoldTopNav_Wireless_sq.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\HBO_Sopranos_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\HBO_Sopranos_shell.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\katrina.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\KatrinaRelief.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\leftnav_605Generic.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Memorial_Generic_07.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Memorial_Generic_07_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_07182007.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_alt2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_Generic_Forecast_0206.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_Generic_Photos_0206.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_Generic_Radar_0206.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_Generic2005_0106.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_Generic2005_032907.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_Generic2006.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_Generic2006_0706.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_square_traffic.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\nav_square2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\New_Spring_Bubble_052007.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\New_Spring_Bubble_052007_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\newkatrina.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\NghtAtTheMus_back.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\NghtAtTheMus_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\pwstile.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\rita.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Rita_Relief.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Sears_Generic.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Sears_Generic_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Sears_Mobile.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Sears_Mobile_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\SponsorFreeTrial.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\SponsorTile28b.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\sponsortile34.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\SponsorTile37.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\SponsorTile38.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\SponsorTile39.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\SponsorTile40.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\SponsorTile42.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Spring_2007.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Spring_2007_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Summer_Hurricane_Bubble_071707.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Summer_Hurricane_Bubble_071707_Mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\SurveyAIMTile.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Tamiflu.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Tamiflu_mask.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\TopNav_Free_Round_Green.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\TopNav_Free_Sq_Green.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_Generic2005.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_Generic2005_121505.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_Generic2007.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_round.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_round_121505.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_square.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_square_121505.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_stations_generic.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_stations_round.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\topnav_stations_square.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\TopNav_Wireless_round.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\VerizonWrap_Approved.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\VerizonWrap_MASK.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Video21_60_nav_dark_square.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Visa_Mask_revised.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Visa_revised.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\wilma.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Winter_BUBBLE2.bmp
C:\Documents and Settings\Auto\Application Data\WeatherBug\Winter_BUBBLE2.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Zaditor.jpg
C:\Documents and Settings\Auto\Application Data\WeatherBug\Zaditor_Mask.bmp
C:\WINDOWS\system32\ogfygxul.exe
C:\WINDOWS\system32\xwvwa.bak1
C:\WINDOWS\system32\xwvwa.bak2
.
((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.
2007-10-19 17:33 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-18 17:21 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-18 15:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-18 15:33 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-18 11:07 <DIR> d-------- C:\VundoFix Backups
2007-10-16 16:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-10-16 10:02 <DIR> d-------- C:\Documents and Settings\Auto\Application Data\AVG7
2007-10-16 10:01 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-16 10:01 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-16 10:01 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-10-16 10:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-10-15 14:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-19 22:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-19 21:33 --------- d-----w C:\Program Files\Java
2007-10-17 21:00 --------- d-----w C:\Program Files\SBC Yahoo!
2007-10-17 20:59 --------- d-----w C:\Program Files\Yahoo!
2007-10-17 20:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-10-17 20:57 --------- d-----w C:\Program Files\Common Files\Scanner
2007-10-15 18:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-10 11:21 --------- d-----w C:\Program Files\Apple Software Update
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-19_17.24.58.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-18 21:22:16 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-10-19 23:14:20 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
- 2005-11-10 16:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 02:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 16:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 02:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 18:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 03:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2001-08-23 08:00]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-23 08:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2001-08-23 08:00]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]
"HP Network Registry Agent"="C:\WINDOWS\System32\hpnra.exe" [2000-10-26 17:21]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-16 16:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 08:00]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-10-29 12:01]
"Spyware Begone"="c:\freescan\freescan.exe" []
"iIWiper"="C:\Program Files\iISystem Wiper\SystemWiper.exe" [2004-08-28 22:11]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-10-26 22:21]
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-19 19:16:29
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
iIWiper = C:\Program Files\iISystem Wiper\SystemWiper.exe m???????????????????????????????????????_????w????B?_????x?? .?s????dx?????s8??????????s`x??8???_????x??s??s8????????????y?????s???????????????????????????????????s????8W2??x???=??????-A?w?????_?wc_?w????8W2????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-19 19:17:13
C:\ComboFix2.txt ... 2007-10-19 17:25
.
--- E O F ---
And here is the HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:56 PM, on 10/19/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\hpnra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\iISystem Wiper\SystemWiper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINDOWS\System32\hpnra.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &eBay Search -
res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.c ... urrent.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://webcams.mtu.edu/webcam8/AxisCamControl.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/fi ... tup145.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
--
End of file - 4983 bytes
Will not be back to this trouble computer till morning going home for the night.