ComboFix Log:ComboFix 08-07-26.1 - joal 2008-07-27 22:29:14.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1623 [GMT -4:00]
Running from: C:\Documents and Settings\joal\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\joal\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\joal\My Documents\My Music\iTunes\iTunes Music\Lil Wayne - Tha Carter III Special Edition [2008] [RAP].zip
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\joal\My Documents\My Music\iTunes\iTunes Music\Lil Wayne - Tha Carter III Special Edition [2008] [RAP].zip
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-28 )))))))))))))))))))))))))))))))
.
2008-07-23 19:07 . 2008-01-06 12:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-23 19:07 . 2008-07-23 19:07 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-22 01:58 . 2008-07-22 01:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 01:58 . 2008-07-22 01:58 <DIR> d-------- C:\Documents and Settings\joal\Application Data\Malwarebytes
2008-07-22 01:58 . 2008-07-22 01:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 01:58 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 01:58 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 12:46 . 2008-07-21 12:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-21 12:46 . 2008-07-21 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-20 13:09 . 2008-07-20 13:09 <DIR> d-------- C:\_OTMoveIt
2008-07-19 14:20 . 2008-07-19 14:20 <DIR> d-------- C:\Deckard
2008-07-18 22:45 . 2008-07-19 13:08 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-18 20:32 . 2008-07-18 20:32 3,568 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-18 17:57 . 2008-07-19 14:13 <DIR> d-------- C:\VundoFix Backups
2008-07-13 18:56 . 2008-07-16 00:29 <DIR> d-------- C:\Program Files\iTunes
2008-07-13 18:56 . 2008-07-13 18:56 <DIR> d-------- C:\Program Files\iPod
2008-07-13 18:55 . 2008-07-13 18:55 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-05 18:24 . 2008-07-27 00:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-28 02:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-28 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-25 18:30 --------- d-----w C:\Documents and Settings\joal\Application Data\LimeWire
2008-07-25 04:49 --------- d-----w C:\Documents and Settings\joal\Application Data\IceChat
2008-07-23 07:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-23 03:28 --------- d-----w C:\Program Files\ZillaTube
2008-07-19 04:41 --------- d-----w C:\Program Files\Bonjour
2008-07-18 23:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-16 04:29 --------- d-----w C:\Program Files\Last.fm
2008-07-13 15:37 --------- d-----w C:\Program Files\Creative
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 03:05 --------- d-----w C:\Program Files\QuickTime
2008-06-14 16:53 --------- d-----w C:\Program Files\Java
2008-06-14 16:52 --------- d-----w C:\Program Files\Common Files\Java
2008-06-14 16:47 --------- d-----w C:\Program Files\Viewpoint
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 22:22 --------- d-----w C:\Documents and Settings\joal\Application Data\U3
2008-06-12 22:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-12 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-12 03:26 --------- d-----w C:\Program Files\DivX
2008-06-07 04:39 --------- d-----w C:\Documents and Settings\joal\Application Data\DivX
2008-05-31 02:58 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-31 02:58 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-31 02:58 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-31 02:58 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-31 02:58 --------- d-----w C:\Program Files\Symantec
2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-11 02:00 70,072 ----a-w C:\Documents and Settings\joal\Application Data\GDIPFONTCACHEV1.DAT
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 02:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 02:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 02:13 774168]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
C:\Documents and Settings\joal\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-06 13:24:21 106496]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\IceChat7\\IceChat7.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-07-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-27 22:43:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-27 23:09:33
ComboFix-quarantined-files.txt 2008-07-28 03:08:31
ComboFix2.txt 2008-07-27 02:47:57
ComboFix3.txt 2008-07-23 01:59:19
ComboFix4.txt 2008-07-22 22:59:19
ComboFix5.txt 2008-07-28 02:28:58
Pre-Run: 95,246,520,320 bytes free
Post-Run: 95,245,230,080 bytes free
139 --- E O F --- 2008-07-23 07:23:59
Dr. Web log:Process.exe;C:\Documents and Settings\joal\Desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\joal\Desktop\SmitfraudFix;Tool.ShutDown.11;;
Lil Wayne - Tha Carter III Special Edition [2008] [RAP]/Lil Wayne - Tha Carter III.zip ;C:\QooBox\Quarantine\C\Documents and Settings\joal\My Documents\My Music\iTunes\iTunes Music\Lil Wayne - Tha Carter III Special;Trojan.Virtumod.based.11;;
Lil Wayne - Tha Carter III Special Edition [2008] [RAP]/Lil Wayne - Tha Carter III.zip ;C:\QooBox\Quarantine\C\Documents and Settings\joal\My Documents\My Music\iTunes\iTunes Music\Lil Wayne - Tha Carter III Special;Archive contains infected objects;;
Lil Wayne - Tha Carter III Special Edition [2008] [RAP].zip.vir;C:\QooBox\Quarantine\C\Documents and Settings\joal\My Documents\My Music\iTunes\iTunes Music;Archive contains infected objects;Moved.;
ddcBUkhf.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
ekxkimkh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
iljpfz.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
ipxiaygs.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
kcetywfo.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
nnnlKaba.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
ppfkprgh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
uvturksg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
wcomqwqo.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
A0121230.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP191\A0121230.exe;Probably SCRIPT.Virus;;
A0121230.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP191\A0121230.exe;Program.PsExec.171;;
A0121230.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP191;Archive contains infected objects;Moved.;
A0127979.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP200;Trojan.Virtumod.based.21;Deleted.;
A0127999.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP200;Trojan.Virtumod.based.21;Deleted.;
A0128070.exe\SmitfraudFix\404Fix.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201\A0128070.exe;BackDoor.IRC.Chazz.38;;
A0128070.exe\SmitfraudFix\GenericRenosFix.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201\A0128070.exe;BackDoor.IRC.Chazz.38;;
A0128070.exe\SmitfraudFix\IEDFix.C.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201\A0128070.exe;BackDoor.IRC.Chazz.38;;
A0128070.exe\SmitfraudFix\IEDFix.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201\A0128070.exe;BackDoor.IRC.Chazz.38;;
A0128070.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201\A0128070.exe;Tool.Prockill;;
A0128070.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201\A0128070.exe;Tool.ShutDown.11;;
A0128070.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201;Archive contains infected objects;Moved.;
A0128071.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201\A0128071.exe;Program.PsExec.171;;
A0128071.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP201;Archive contains infected objects;Moved.;
A0128113.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128114.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128117.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128118.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128120.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128122.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128123.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128125.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0128127.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Trojan.Virtumod.based.21;Deleted.;
A0129122.EXE;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP202;Program.PsExec.170;;
A0129206.EXE;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP204;Program.PsExec.170;;
A0130297.EXE;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP206;Program.PsExec.170;;
A0130385.EXE;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP207;Program.PsExec.170;;
A0130439.EXE;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP208;Program.PsExec.170;;
A0130759.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP212\A0130759.exe;Program.PsExec.171;;
A0130759.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP212;Archive contains infected objects;Moved.;
A0133806.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218\A0133806.exe;Program.PsExec.171;;
A0133806.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;Archive contains infected objects;Moved.;
A0133807.exe\SmitfraudFix\404Fix.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218\A0133807.exe;BackDoor.IRC.Chazz.38;;
A0133807.exe\SmitfraudFix\GenericRenosFix.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218\A0133807.exe;BackDoor.IRC.Chazz.38;;
A0133807.exe\SmitfraudFix\IEDFix.C.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218\A0133807.exe;BackDoor.IRC.Chazz.38;;
A0133807.exe\SmitfraudFix\IEDFix.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218\A0133807.exe;BackDoor.IRC.Chazz.38;;
A0133807.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218\A0133807.exe;Tool.Prockill;;
A0133807.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218\A0133807.exe;Tool.ShutDown.11;;
A0133807.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;Archive contains infected objects;Moved.;
A0133808.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;Trojan.Virtumod.based.16;Deleted.;
A0133809.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;Trojan.Virtumod.based.21;Deleted.;
A0133810.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;Trojan.Virtumod.based.21;Deleted.;
A0133811.dll;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;Trojan.Virtumod.based.21;Deleted.;
A0133812.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;BackDoor.IRC.Chazz.38;Deleted.;
A0133813.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;BackDoor.IRC.Chazz.38;Deleted.;
A0133814.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;BackDoor.IRC.Chazz.38;Deleted.;
A0133815.exe;C:\System Volume Information\_restore{5AFB35E4-54CF-42C3-A69B-0E5374F54C31}\RP218;BackDoor.IRC.Chazz.38;Deleted.;
avkapveq.dll;C:\_OTMoveIt\MovedFiles\07202008_130901\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
qhtrti.dll;C:\_OTMoveIt\MovedFiles\07202008_130901\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
qoMeETLD.dll;C:\_OTMoveIt\MovedFiles\07202008_130901\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
xptjkrur.dll;C:\_OTMoveIt\MovedFiles\07202008_130901\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
xxyxxwWo.dll;C:\_OTMoveIt\MovedFiles\07202008_130901\WINDOWS\system32;Trojan.Virtumod.based.21;Deleted.;
New HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:55:14, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\joal\Desktop\drweb-cureit.exe
C:\DOCUME~1\joal\LOCALS~1\Temp\RarSFX1\_start.exe
C:\DOCUME~1\joal\LOCALS~1\Temp\RarSFX1\setup.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Documents and Settings\joal\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -
http://download.divx...owserPlugin.cabO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 7212 bytes