pos temp files in C Drive

what type of files are these, whats the Extentions on them

it says tmp file

Get him to run combofix, bobby..

i dragged the hijackthis txt into the combofix and it asked me if i was trying to run CFS script and said it appears to be incorrectly spelt.

Very lucky for you. Please wit for bobby's instructions.

he's uhhh offline lol nah im patient it cool. thanks though

you definately, need to deleted them ( if you can) the fact they are on the root drive you are hijacked, Post your HJT log, lets take a look, in the mean time run avg, adaware, spybot, (i suggest in safe mode.) then combofix then you post a new log after.

and they wont delete btw.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:21 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Razer\razerofa.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Tyler\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespot.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25E6770A-C0BC-40A9-927F-7D33C11FB5CD} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {e1c5a121-711c-8f4b-0754-b63803f41bad} - {dab14f30-836b-4570-b4f8-c117121a5c1e} - C:\WINDOWS\system32\uuruuwlf.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00370ab7] rundll32.exe "C:\WINDOWS\system32\jboobhej.dll",b
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201756380516
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201756373454
O20 - Winlogon Notify: byxxyyx - byxxyyx.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6481 bytes

==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

Here are some bad things you have on your pc

O2 - BHO: (no name) - {25E6770A-C0BC-40A9-927F-7D33C11FB5CD} - C:\WINDOWS\system32\jkklk.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e1c5a121-711c-8f4b-0754-b63803f41bad} - {dab14f30-836b-4570-b4f8-c117121a5c1e} - C:\WINDOWS\system32\uuruuwlf.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O20 - Winlogon Notify: byxxyyx - byxxyyx.dll (file missing)

NB i did say delete in safe more, run the scans in safe mode, thisway mose of the services will not be load and c will not interfare with the cleaning.

here is my log from combofix

ComboFix 08-02.05.3 - Tyler 2008-02-06 19:07:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1407 [GMT -8:00]
Running from: C:\Documents and Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\PYZ1T6OU\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\mrofinu1064.exe
C:\WINDOWS\system32\duhlhpqs.ini
C:\WINDOWS\system32\eyhhqees.ini
C:\WINDOWS\system32\ifaxcdpw.ini
C:\WINDOWS\system32\jdfereum.ini
C:\WINDOWS\system32\jehboobj.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winsys.exe

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-06 16:22 . 2006-02-28 04:00 388,608 --a------ C:\kmd.exe
2008-02-06 16:04 . 2008-02-06 16:04 <DIR> d-------- C:\VundoFix Backups
2008-02-06 13:00 . 2008-02-06 13:19 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\AdobeUM
2008-02-05 22:42 . 2008-02-06 13:24 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-05 21:51 . 2008-02-05 21:51 90,688 --a------ C:\WINDOWS\system32\jboobhej.dll
2008-02-05 14:51 . 2008-02-05 14:51 <DIR> d-------- C:\WINDOWS\Sun
2008-02-05 11:26 . 2008-02-05 12:26 <DIR> d-------- C:\Documents and Settings\Tyler\temp
2008-02-05 11:20 . 2008-02-05 12:26 <DIR> d--h----- C:\Documents and Settings\Tyler\QMCache00
2008-02-05 11:20 . 2008-02-05 11:20 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\Move Networks
2008-02-03 10:02 . 2008-02-03 10:02 <DIR> d-------- C:\Documents and Settings\Tyler\Incomplete
2008-02-03 10:01 . 2008-02-05 16:46 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\FrostWire
2008-02-01 12:44 . 2008-02-01 12:44 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\DivX
2008-01-31 22:38 . 2008-01-31 22:38 <DIR> d-------- C:\Program Files\Midway Home Entertainment
2008-01-31 22:01 . 2008-01-31 22:14 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\HP
2008-01-31 22:01 . 2006-06-03 21:29 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll
2008-01-31 15:45 . 2008-01-31 15:45 <DIR> d-------- C:\WINDOWS\Setup2K
2008-01-31 15:45 . 2002-10-01 14:43 119,798 --a------ C:\WINDOWS\system32\drivers\spca561.sys
2008-01-31 15:45 . 2002-11-22 15:56 118,784 --a------ C:\WINDOWS\ShowBmp.exe
2008-01-31 15:45 . 2003-08-05 11:41 53,248 --a------ C:\WINDOWS\ap561.exe
2008-01-31 15:45 . 2002-08-13 18:01 14,385 --a------ C:\WINDOWS\Tw561a.ini
2008-01-31 15:45 . 2002-08-13 18:01 7,431 --a------ C:\WINDOWS\Tw561a.src
2008-01-31 15:45 . 2002-03-19 14:11 81 --a------ C:\WINDOWS\Setup8a.ini
2008-01-31 07:29 . 2008-02-06 19:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 07:29 . 2008-01-31 07:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-31 07:28 . 2008-01-31 07:28 <DIR> d-------- C:\Program Files\QuickTime
2008-01-31 07:28 . 2008-01-31 07:28 <DIR> d-------- C:\Program Files\iPod
2008-01-31 01:27 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-31 01:27 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-30 23:51 . 2008-01-30 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-30 23:50 . 2008-01-30 23:50 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-01-30 23:47 . 2008-02-03 10:01 <DIR> d-------- C:\Program Files\FrostWire
2008-01-30 23:40 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-01-30 23:40 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-01-30 23:40 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-01-30 23:34 . 2008-01-30 23:34 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-01-30 23:12 . 2008-01-30 23:14 286,720 --------- C:\WINDOWS\Setup1.exe
2008-01-30 23:12 . 2008-01-30 23:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-30 22:51 . 2008-01-30 22:51 <DIR> d-------- C:\Program Files\LucasArts
2008-01-30 22:27 . 2008-01-30 22:27 1,167 --a------ C:\WINDOWS\mozver.dat
2008-01-30 22:23 . 2008-02-04 22:31 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\OpenOffice.org2
2008-01-30 22:21 . 2008-01-30 22:21 <DIR> d-------- C:\Documents and Settings\Tyler\Contacts
2008-01-30 22:19 . 2008-01-30 22:19 <DIR> d-------- C:\Program Files\OpenOffice.org 2.3
2008-01-30 22:19 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-30 22:18 . 2008-01-30 22:19 <DIR> d-------- C:\Program Files\Java
2008-01-30 22:18 . 2008-01-30 22:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-30 22:15 . 2008-02-04 00:51 <DIR> d-------- C:\Program Files\Steam
2008-01-30 22:15 . 2008-01-30 22:15 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\Ubisoft
2008-01-30 22:15 . 2008-01-30 22:15 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\InstallShield Installation Information
2008-01-30 21:51 . 2008-01-30 22:20 <DIR> d-------- C:\Program Files\Windows Live
2008-01-30 21:51 . 2008-01-30 22:20 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-30 21:51 . 2008-01-30 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-30 21:36 . 2008-01-30 21:36 <DIR> d-------- C:\Program Files\The Weather Channel FW
2008-01-30 21:35 . 2008-01-30 21:35 <DIR> d-------- C:\Program Files\Google
2008-01-30 21:33 . 2008-01-30 21:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-30 21:31 . 2008-01-30 21:31 <DIR> d-------- C:\Documents and Settings\Tyler\Application Data\acccore
2008-01-30 21:31 . 2008-01-30 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-30 21:30 . 2008-01-30 21:48 <DIR> d-------- C:\Program Files\Viewpoint
2008-01-30 21:30 . 2008-01-30 21:30 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-01-30 21:30 . 2008-01-30 21:39 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-01-30 21:30 . 2008-01-30 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-30 21:30 . 2008-01-30 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-01-30 21:29 . 2008-01-30 21:49 <DIR> d-------- C:\Program Files\AIM6
2008-01-30 21:27 . 2008-01-30 21:27 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

and i had hijackthis delete those files from what u had asked.

and for the record those files are gone so thank you for helping me with all this. I really appreciate it

get a malware/spyware on your pc and keep it updated,,,,,spybot S&D is a good one, install, update and immunize the eystem, run a scan every week and keep it updated....

You are very welcome,,,,,,,,,anytime

What is C:\kmd.exe?

Whatever that file is.. [check its properties] you should delete this next one:
C:\WINDOWS\system32\jboobhej.dll