Here is the Combofix log followed by the Malware log and a new Hijackthis:
ComboFix 08-12-18.01 - Cindy 2008-12-24 13:18:10.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.498 [GMT -6:00]
Running from: c:\documents and settings\Cindy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cindy\Desktop\CfScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
c:\windows\system32\berateno.dll
c:\windows\system32\jugusaja.dll
c:\windows\system32\zumidiba.dll
e:\program files\Incomplete\T-2368521-i want girl married dear old 192kb.mp3
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\berateno.dll
c:\windows\system32\jugusaja.dll
c:\windows\system32\zumidiba.dll
e:\program files\Incomplete\T-2368521-i want girl married dear old 192kb.mp3
.
((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.
2008-12-24 13:12 . 2008-12-24 13:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-24 13:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-24 13:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 12:49 . 2008-12-24 12:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-23 17:42 . 2008-12-23 17:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-23 17:42 . 2008-12-23 17:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-23 13:15 . 2008-12-24 13:23 0 --a------ c:\windows\system32\drivers\lvuvc.hs
2008-12-22 15:53 . 2008-12-23 17:25 <DIR> d-------- c:\documents and settings\Cindy\Application Data\uTorrent
2008-12-21 22:51 . 2008-12-21 22:52 250 --a------ c:\windows\gmer.ini
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> d-------- c:\program files\BillP Studios
2008-12-14 18:53 . 2008-12-14 18:53 <DIR> d-------- c:\documents and settings\Cindy\Application Data\WinPatrol
2008-12-11 20:38 . 2008-12-11 20:38 <DIR> d-------- c:\program files\IObit
2008-12-11 20:38 . 2008-12-11 20:38 <DIR> d-------- c:\documents and settings\Cindy\Application Data\IObit
2008-12-11 20:36 . 2008-12-11 22:37 <DIR> d-------- c:\program files\Wise Registry Cleaner 3
2008-12-11 20:24 . 2008-12-11 20:24 <DIR> d-------- c:\program files\CleanMyPC
2008-12-09 20:49 . 2008-12-09 20:49 <DIR> d-------- c:\program files\Free Audio Pack
2008-12-02 22:57 . 2008-12-04 09:56 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-02 22:57 . 2008-12-04 09:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 22:50 . 2008-12-02 22:50 <DIR> d-------- c:\documents and settings\Cindy\Application Data\Malwarebytes
2008-12-01 19:39 . 2008-12-01 19:39 <DIR> d-------- c:\program files\AVG
2008-12-01 19:39 . 2008-12-11 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-01 19:35 . 2008-12-01 19:35 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-01 19:20 . 2008-12-01 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-30 18:34 . 2008-11-30 18:34 <DIR> d-------- C:\HJT
2008-11-30 17:44 . 2008-11-30 17:43 67,424 --a------ c:\windows\system32\drivers\CDAVFS.sys
2008-11-30 17:44 . 2008-11-30 17:44 64 --a------ c:\windows\av_affiliate.ini
2008-11-30 17:44 . 2008-11-30 17:44 64 --a------ c:\windows\as_affiliate.ini
2008-11-28 12:28 . 2008-11-28 12:28 <DIR> d-------- c:\program files\K-Lite Codec Pack
2008-11-28 12:28 . 2008-07-04 00:34 860,160 --a------ c:\windows\system32\lameACM.acm
2008-11-28 12:28 . 2008-01-10 06:15 755,027 --a------ c:\windows\system32\xvidcore.dll
2008-11-28 12:28 . 2004-01-25 10:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2008-11-28 12:28 . 2007-09-04 10:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-11-28 12:28 . 2008-01-10 06:16 159,839 --a------ c:\windows\system32\xvidvfw.dll
2008-11-28 12:28 . 2008-06-12 12:36 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-28 12:28 . 2007-07-10 10:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-28 12:28 . 2007-10-03 09:03 414 --a------ c:\windows\system32\lame_acm.xml
2008-11-28 12:28 . 2008-07-30 13:09 38 --a------ c:\windows\avisplitter.ini
2008-11-28 11:47 . 2008-11-28 11:47 <DIR> d-------- c:\documents and settings\Cindy\Application Data\Media Player Classic
2008-11-24 05:56 . 2008-11-24 05:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-24 19:05 --------- d-----w c:\program files\Common Files\Adobe
2008-12-24 05:29 --------- d-----w c:\documents and settings\Cindy\Application Data\Skype
2008-12-24 05:03 --------- d-----w c:\documents and settings\Cindy\Application Data\skypePM
2008-12-23 23:41 --------- d-----w c:\program files\Java
2008-12-12 21:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-12 21:00 --------- d-----w c:\program files\Norton Security Scan
2008-12-12 17:25 --------- d--h--w c:\documents and settings\Cindy\Application Data\Move Networks
2008-12-12 04:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-12 04:32 --------- d-----w c:\program files\Yahoo!
2008-12-02 02:07 --------- d-----w c:\program files\Trend Micro
2008-12-01 00:53 --------- d-----w c:\program files\AWS
2008-11-24 11:56 --------- d--h--w c:\documents and settings\Cindy\Application Data\yahoo!
2008-11-15 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-11 19:06 --------- d-----w c:\program files\Sun
2008-11-09 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\Last.fm
2008-11-09 06:41 --------- d-----w c:\program files\Last.fm
2008-11-03 00:33 --------- d-----w c:\documents and settings\Cindy\Application Data\ArcSoft
2008-11-01 21:41 --------- d-----w c:\program files\Musicnotes
2008-11-01 21:40 --------- d-----w c:\documents and settings\All Users\Application Data\Musicnotes
2008-10-27 18:00 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-26 19:00 --------- d-----w c:\program files\Common Files\LogiShrd
2008-10-26 18:57 --------- d-----w c:\program files\Logitech
2008-10-26 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-10-26 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-14 00:22 24 ----a-w c:\documents and settings\Cindy\jagex_runescape_preferences.dat
2008-07-21 22:53 61,224 ----a-w c:\documents and settings\Cindy\GoToAssistDownloadHelper.exe
2008-05-30 19:37 97,916 -c--a-w c:\program files\dxupdate.cab
2008-05-30 19:36 4,165,878 -c--a-w c:\program files\Apr2006_MDX1_x86_Archive.cab
2008-05-30 19:36 13,267,416 -c--a-w c:\program files\dxnt.cab
2008-05-30 19:36 1,805,306 -c--a-w c:\program files\Nov2007_d3dx9_36_x64.cab
2008-05-30 19:36 1,803,408 -c--a-w c:\program files\AUG2007_d3dx9_35_x64.cab
2008-05-30 19:34 528,392 ----a-w c:\program files\DXSETUP.exe
2007-04-25 00:06 88 --sha-r c:\windows\system32\808A268AF2.sys
2007-04-25 00:06 2,516 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-18 21:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080819\index.dat
.
((((((((((((((((((((((((((((( snapshot_2008-12-23_17.52.49.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 21:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2008-11-02 13:30:10 552,768 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-24 19:23:33 202,528 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-12-23 19:20:25 219,495 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-24 19:28:01 219,500 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-24 19:24:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_248.dat
+ 2008-12-24 19:24:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-21 16:53 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Cindy^Start Menu^Programs^Startup^Registration Heritage of Kings - The Settlers.LNK]
backup=c:\windows\pss\Registration Heritage of Kings - The Settlers.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a--c--- 2006-11-17 16:49 77824 c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-11-07 05:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a--c--- 2005-02-23 16:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a--c--- 2005-08-05 13:56 64512 c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2004-07-27 16:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2004-07-27 16:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 14:18 267048 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2006-12-08 19:06 823362 c:\program files\Trend Micro\Internet Security 12\pccguide.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
--a------ 2008-04-13 18:11 177152 c:\windows\system32\mqrt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2005-03-22 18:20 339968 c:\windows\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\Tmntsrv.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\ComboFix\\fdsv.cfexe"=
"c:\\Program Files\\Common Files\\LogiShrd\\LQCVFX\\COCIManager.exe"=
"c:\\Documents and Settings\\Cindy\\Desktop\\uTorrent.exe"=
"c:\\Documents and Settings\\Cindy\\Desktop\\Skype.exe"=
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2006-12-08 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2006-12-08 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-12-08 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2006-12-08 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-12-08 262215]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-11-24 24652]
S3 CDAVFS;CDAVFS;c:\windows\system32\DRIVERS\CDAVFS.sys [2008-11-30 67424]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-01-07 513152]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\DRIVERS\MusCVideo32.sys [2008-01-07 3768]
S3 PAC207;CIF USB Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2008-10-20 505984]
.
Contents of the 'Scheduled Tasks' folder
2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-12-13 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-01-18 17:24]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CPM7bd66a08 - c:\windows\system32\berateno.dll
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
hxxp://us.mg3.mail.yahoo.com/dc/launch? ... r25qqqla35FF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Cindy\Application Data\Mozilla\Firefox\Profiles\w80lv25l.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
ATTENTION: FIREFOX POLICES IS IN FORCE c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-24 13:25:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
c:\windows\explorer.exe [3824] 0x830059E0
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\system32\snmp.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-12-24 13:33:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-24 19:33:00
ComboFix2.txt 2008-12-23 23:54:45
ComboFix3.txt 2008-12-22 21:39:40
ComboFix4.txt 2008-12-18 23:26:53
Pre-Run: 42,823,573,504 bytes free
Post-Run: 42,821,468,160 bytes free
265 --- E O F --- 2008-12-23 19:09:35
Malwarebytes' Anti-Malware 1.31
Database version: 1542
Windows 5.1.2600 Service Pack 3
12/24/2008 3:29:43 PM
mbam-log-2008-12-24 (15-29-43).txt
Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 157416
Time elapsed: 1 hour(s), 46 minute(s), 9 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100802.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100807.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100808.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100824.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100830.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100832.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100833.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP640\A0100920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP642\A0101040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP642\A0101042.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP655\A0102688.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP655\A0102689.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{527CB35E-A860-439A-9A9D-FB3D3219BF94}\RP655\A0102690.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\giyesewu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mobahibe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\takavere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nafugizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\berateno.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bikuhagu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gifeleho.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gijoyeri.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gitoribo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jugusaja.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\letunupo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\muzomovi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\suwuwari.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tifupeva.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wotupogo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wuluvado.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yapadoyi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yetevato.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zumidiba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:50 PM, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Control Popups in Internet Explorer - {41353F8B-78CE-48A5-BE44-153ED293D192} - C:\PROGRA~1\POPUPP~1\PopLib.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: PopupPopper Control Panel - {3E94F358-9537-4BBA-8D12-D7F8A0136973} - C:\Program Files\PopupPopper\SiteList.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by101fd.bay101.hotmail.msn.com/r ... nPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 8947606953O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 5637086015O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/softwa ... Plugin.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8400 bytes