The file, unfortunately, is still there.
ComboFix report:ComboFix 08-07-20.4 - joal 2008-07-22 17:10:32.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1655 [GMT -4:00]
Running from: C:\Documents and Settings\joal\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\joal\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 )))))))))))))))))))))))))))))))
.
2008-07-22 01:58 . 2008-07-22 01:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 01:58 . 2008-07-22 01:58 <DIR> d-------- C:\Documents and Settings\joal\Application Data\Malwarebytes
2008-07-22 01:58 . 2008-07-22 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 01:58 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 01:58 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 12:46 . 2008-07-21 12:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-21 12:46 . 2008-07-21 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-20 13:09 . 2008-07-20 13:09 <DIR> d-------- C:\_OTMoveIt
2008-07-19 14:20 . 2008-07-19 14:20 <DIR> d-------- C:\Deckard
2008-07-18 22:45 . 2008-07-19 13:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-18 20:32 . 2008-07-18 20:32 3,568 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-18 17:57 . 2008-07-19 14:13 <DIR> d-------- C:\VundoFix Backups
2008-07-13 18:56 . 2008-07-16 00:29 <DIR> d-------- C:\Program Files\iTunes
2008-07-13 18:56 . 2008-07-13 18:56 <DIR> d-------- C:\Program Files\iPod
2008-07-13 18:55 . 2008-07-13 18:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-05 18:24 . 2008-07-05 18:27 <DIR> d-------- C:\Program Files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 21:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-22 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-19 04:41 --------- d-----w C:\Program Files\Bonjour
2008-07-18 23:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-17 01:14 --------- d-----w C:\Documents and Settings\joal\Application Data\LimeWire
2008-07-16 04:29 --------- d-----w C:\Program Files\Last.fm
2008-07-13 15:37 --------- d-----w C:\Program Files\Creative
2008-07-09 06:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-02 04:48 --------- d-----w C:\Program Files\ZillaTube
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 04:47 --------- d-----w C:\Documents and Settings\joal\Application Data\IceChat
2008-06-15 03:05 --------- d-----w C:\Program Files\QuickTime
2008-06-14 16:53 --------- d-----w C:\Program Files\Java
2008-06-14 16:52 --------- d-----w C:\Program Files\Common Files\Java
2008-06-14 16:47 --------- d-----w C:\Program Files\Viewpoint
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 22:22 --------- d-----w C:\Documents and Settings\joal\Application Data\U3
2008-06-12 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 03:26 --------- d-----w C:\Program Files\DivX
2008-06-07 04:39 --------- d-----w C:\Documents and Settings\joal\Application Data\DivX
2008-05-31 02:58 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 02:58 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 02:58 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 02:58 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 02:58 --------- d-----w C:\Program Files\Symantec
2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-11 02:00 70,072 ----a-w C:\Documents and Settings\joal\Application Data\GDIPFONTCACHEV1.DAT
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
<pre>
----a-w 100,189,297 2008-06-02 17:34:44 C:\Documents and Settings\joal\My Documents\Albums\Lil Wayne - Tha Carter III Special Edition [2008] [RAP]\Lil Wayne - Tha Carter III.zip .exe
</pre>
((((((((((((((((((((((((((((( snapshot@2008-07-21_ 2.53.50.60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-29 20:52:52 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-21 06:57:42 40,836 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-29 20:52:52 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-21 06:57:42 314,508 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 02:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 02:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 02:13 774168]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
C:\Documents and Settings\joal\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-06 13:24:21 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\IceChat7\\IceChat7.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-07-18 00:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-22 17:13:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-22 17:19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 21:19:37
ComboFix2.txt 2008-07-22 05:50:58
ComboFix3.txt 2008-07-21 16:41:53
ComboFix4.txt 2008-07-21 06:54:14
ComboFix5.txt 2008-07-22 21:10:13
Pre-Run: 95,253,688,320 bytes free
Post-Run: 95,540,400,128 bytes free
157 --- E O F --- 2008-07-13 15:40:07
HijackThis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:44, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\joal\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx...owserPlugin.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6557 bytes