Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus Infection - Help Please [CLOSED]


  • This topic is locked This topic is locked

#1
repulsion

repulsion

    New Member

  • Member
  • Pip
  • 1 posts
Hey, everyone. I found the site while trying to research similar problems to the one I've been having, and the message board has been very helpful so far. I don't know if I was a little presumptuous by running all these tests but figured it couldn't help (so, below you will find the following files: combofix.txt and kaspersky.txt, none of which look particularly good to me). The short of the problem: Yesterday, my screen went blue while I was working, and the text on the screen said something was corrupt; since then, Norton's stopped working, I couldn't log on to most sites that demand a log in (like Yahoo Mail), and I started getting "not a valid Win32 application" when clicking on some programs, like SpyBot and Avast!, which I installed this morning after uninstalling Norton). I would provide a HijackThis log file but that's one of the programs that won't open. Any help how to fix my old horse of a computer without needing to reformat would be great. Thanks.

ComboFix 08-05-15.3 - Owner 2008-05-16 13:18:18.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.639 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\m
C:\Documents and Settings\Owner\Application Data\m\data.oct
C:\Documents and Settings\Owner\Application Data\m\list.oct
C:\Documents and Settings\Owner\Application Data\m\shared
C:\Documents and Settings\Owner\Application Data\m\shared\3DM_Export_for_Solid_Edge_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\5star_freeTunes_1.2.1.927.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Abexo_Defragmenter_Pro_5.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Able_MPEG2_Editor_2.5_Key+Serial.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Abstract_Icons_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Access_Lock_3.2.zip
C:\Documents and Settings\Owner\Application Data\m\shared\AccessPatrol_1.0_(Key).zip
C:\Documents and Settings\Owner\Application Data\m\shared\AdBlaster_2.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Adsense_Ready_Web_Site_#8_1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Aimersoft_Pocket_PC_Converter_Suite_1.0.22_Crack.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Alarm_Clock_1.0.66_(Key).zip
C:\Documents and Settings\Owner\Application Data\m\shared\AlphaPlugins_RedEyes_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\AnimateIT_Screen_Saver_Toolkit_2.75.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Ashampoo_Magical_Defrag_2_2.08_(Crack).zip
C:\Documents and Settings\Owner\Application Data\m\shared\Assorted_2.2.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Audio_Editor_Pro_2.80.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Auto_Web_View_Screensaver_4.00.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Avg.Anti.Spyware.v7.5.0.50.Keygen.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Basketball_Jones_0.9.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Battlefield_Vietnam_Operation_Deny_Flight_map.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Belltech_Business_Card_Designer_Pro_4.7_(Key).zip
C:\Documents and Settings\Owner\Application Data\m\shared\Caladesi_Island_1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Clean_&_Clear_0.99_[Crack].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Countdown_Screensaver_2.0.2b_(Key).zip
C:\Documents and Settings\Owner\Application Data\m\shared\Crammer_4.1.7.5.zip
C:\Documents and Settings\Owner\Application Data\m\shared\DataSafe_(32-bit)_4.3.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Digest2005_2.1.23.zip
C:\Documents and Settings\Owner\Application Data\m\shared\DIPLink_1.2.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Documents_To_Go_Premium_Edition_(German)_5.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Drag-N-Fly_2.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Dupe_Eliminator_for_iTunes_3.71.zip
C:\Documents and Settings\Owner\Application Data\m\shared\DVdriver_1.0_Key+Serial.zip
C:\Documents and Settings\Owner\Application Data\m\shared\EBgo_Sniper_1.4.6.zip
C:\Documents and Settings\Owner\Application Data\m\shared\eMapZone_4.3.0.21.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Enter_the_Internet_Registr_3.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\FatB_DeskMate_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Fine_Arts_Toolbox_6.3.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Finger_Server_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Framy_Car_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Freakstein_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Fresh_Start_Professional_Edition_2.41.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Generic_Game_Engine_1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Giant_Dogs_1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Girafa_2.12.06.zip
C:\Documents and Settings\Owner\Application Data\m\shared\GMail_Bookmark_1.0.2105.28462.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Grade_Tracker_Pro_3.5.zip
C:\Documents and Settings\Owner\Application Data\m\shared\GSA_Image_Analyser_2.8.9.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Hair_Pro_2006_Light.zip
C:\Documents and Settings\Owner\Application Data\m\shared\HALLOWEEN_NIGHT_OF_THE_LIVING_DREAD_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Halloween_Screensaver_1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Holidays_Screensaver_Maker_3.8_Serial.zip
C:\Documents and Settings\Owner\Application Data\m\shared\IAS_Log_Viewer_2.28_[Key].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Internet_Explorer_Toolbar_Maker_3_[With_Crack].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Internet_Trail_Remover_1.4.zip
C:\Documents and Settings\Owner\Application Data\m\shared\IrfanView_ShellExtension_1.01.zip
C:\Documents and Settings\Owner\Application Data\m\shared\J-Flash_1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\JDJ_0.3.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Joseph_-_The_Flavius_Josephus_Permutation_Problems_1.10.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Just_Ship_IT_1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Kaspersky_Antivirus_anti-haker_KEY.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Kronen-Design_1.36.zip
C:\Documents and Settings\Owner\Application Data\m\shared\KSP_2006_FINAL_With_Crack.zip
C:\Documents and Settings\Owner\Application Data\m\shared\LectriCalc_for_Windows_2.1.2_(Key+Serial).zip
C:\Documents and Settings\Owner\Application Data\m\shared\Live_Motion_5.07.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Living_Globe_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\LOVEPAKISTAN_toolbar_for_Firefox_1.0.1.30.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Luxurious_1.02.000_KeyGen.zip
C:\Documents and Settings\Owner\Application Data\m\shared\M4Cams_(Wales)_1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\MailCOPA_8.01_(With_Crack).zip
C:\Documents and Settings\Owner\Application Data\m\shared\McAfee_VirusScan_v10.0.25_Professional-CYGNUS.updated-fixed.Release.01-2007.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Message_Level_Authentication_for_WebMail_0.7.5.2.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Metal_on_metal_Screensaver_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Micro_C_68HC08_Development_System_2.16l.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Microspot_DWG_Viewer_1.6.5.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Miles_Sound_Tools_7.0t.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Mindjet_MindManager_6_Serial.zip
C:\Documents and Settings\Owner\Application Data\m\shared\MP3_CD_Extractor_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Mp3_Frame_Remover_3.02.zip
C:\Documents and Settings\Owner\Application Data\m\shared\MP3_WAV_Converter_2.2.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\MP3Ext_3.4.23.zip
C:\Documents and Settings\Owner\Application Data\m\shared\MultiContacts_2.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\MyBusinessCatalog_Pro_4.6.4.13.zip
C:\Documents and Settings\Owner\Application Data\m\shared\NetNote_5.3_build_325.zip
C:\Documents and Settings\Owner\Application Data\m\shared\NOD32.Windows.95.98.ME.ITA.zip
C:\Documents and Settings\Owner\Application Data\m\shared\OpenGL_Development_Kit_1.0b1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\OsaSync_PRO_5.7.6_(Crack).zip
C:\Documents and Settings\Owner\Application Data\m\shared\PC_Protect_2.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\PC_Tools_AntiVirus_3.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Pocket_PC_Creations_3.3.zip
C:\Documents and Settings\Owner\Application Data\m\shared\PodPlus_1.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Power_Email_Extractor_.NET_4.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\PSTCompress_3.0.25.zip
C:\Documents and Settings\Owner\Application Data\m\shared\QQSoft_Multi-screen_Spy_2.2.zip
C:\Documents and Settings\Owner\Application Data\m\shared\RingtonEditor_1_build_20070320.zip
C:\Documents and Settings\Owner\Application Data\m\shared\River_Past_PlayDV_5.5_(With_Crack).zip
C:\Documents and Settings\Owner\Application Data\m\shared\RM_To_Zune_Converter_1.10.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Rune_Tree_map.zip
C:\Documents and Settings\Owner\Application Data\m\shared\SpeedTec_2.1.203.zip
C:\Documents and Settings\Owner\Application Data\m\shared\SSHPro_2.5.zip
C:\Documents and Settings\Owner\Application Data\m\shared\StrongSearch_1.3.2_[KeyGen].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Symantec.Norton.Internet.Security.2007.Full.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Symbolink_1.01.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Synttari_1.3.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Todo.en.Uno_SYMANTEC_En.EspaƱol_2006.zip
C:\Documents and Settings\Owner\Application Data\m\shared\ToggleMOUSE_4.5.14_[Serial].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Tranquility_5.05.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Tropical_Waters_Wallpaper_1_[With_Crack].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Ultimate_Cutting_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Ultra_Video_Joiner_4.4.0723_[Key].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Ultralingua_Grammatica_Spelling_and_Grammar_Checker_-_English_6.1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Unreal_Tournament_2003_-_Super_Jump_mod.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Unreal_Tournament_2004_BR_Thorns_2k4_Map.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Unused_Account_Ferret_2.11.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Vampire_The_Masquerade_-_Bloodlines_v1.2_patch.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Video_MP3_Extractor_PRO_3.0.0.135.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Virtual_sMs_Handset_4.2.1_Key.zip
C:\Documents and Settings\Owner\Application Data\m\shared\VisiFly_1.zip
C:\Documents and Settings\Owner\Application Data\m\shared\VP_Tools_1.7.1_[Patch].zip
C:\Documents and Settings\Owner\Application Data\m\shared\Warcraft_III_The_Frozen_Throne_The_Exodous_of_Pandera_map.zip
C:\Documents and Settings\Owner\Application Data\m\shared\WebCab_Portfolio_for_.NET_4.2.zip
C:\Documents and Settings\Owner\Application Data\m\shared\Winnipeg_Toolbar_1.0.zip
C:\Documents and Settings\Owner\Application Data\m\shared\WordFix_4.19.zip
C:\Documents and Settings\Owner\Application Data\m\shared\WS_FTP_Password_Recoverer_2.5_Patch.zip
C:\Documents and Settings\Owner\Application Data\m\shared\ZG_Words_1.7.zip
C:\Documents and Settings\Owner\Application Data\m\srvlist.oct
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_bg_popup.gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AlxRes_dll_IMAGE_window_sliver.gif
C:\Program Files\alexa toolbar
C:\Program Files\alexa toolbar\uninstall.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\AlxTB1.dll
C:\WINDOWS\system32\AlxTB2.dll
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\105421.exe
C:\WINDOWS\system32\drivers\downld\105437.exe
C:\WINDOWS\system32\drivers\downld\109296.exe
C:\WINDOWS\system32\drivers\downld\119750.exe
C:\WINDOWS\system32\drivers\downld\120046.exe
C:\WINDOWS\system32\drivers\downld\128828.exe
C:\WINDOWS\system32\drivers\downld\129125.exe
C:\WINDOWS\system32\drivers\downld\132953.exe
C:\WINDOWS\system32\drivers\downld\133984.exe
C:\WINDOWS\system32\drivers\downld\134484.exe
C:\WINDOWS\system32\drivers\downld\141078.exe
C:\WINDOWS\system32\drivers\downld\199781.exe
C:\WINDOWS\system32\drivers\downld\208937.exe
C:\WINDOWS\system32\drivers\downld\227046.exe
C:\WINDOWS\system32\drivers\downld\385625.exe
C:\WINDOWS\system32\drivers\downld\421015.exe
C:\WINDOWS\system32\drivers\downld\445093.exe
C:\WINDOWS\system32\drivers\downld\671218.exe
C:\WINDOWS\system32\drivers\downld\687421.exe
C:\WINDOWS\system32\drivers\downld\694984.exe
C:\WINDOWS\system32\drivers\downld\701781.exe
C:\WINDOWS\system32\drivers\downld\739281.exe
C:\WINDOWS\system32\drivers\downld\745406.exe
C:\WINDOWS\system32\drivers\downld\752750.exe
C:\WINDOWS\system32\drivers\downld\769734.exe
C:\WINDOWS\system32\drivers\downld\773546.exe
C:\WINDOWS\system32\drivers\downld\85781.exe
C:\WINDOWS\system32\drivers\downld\87859.exe
C:\WINDOWS\system32\drivers\downld\87968.exe
C:\WINDOWS\system32\drivers\downld\89953.exe
C:\WINDOWS\system32\drivers\downld\90515.exe
C:\WINDOWS\system32\drivers\downld\91125.exe
C:\WINDOWS\system32\drivers\downld\91234.exe
C:\WINDOWS\system32\drivers\downld\91781.exe
C:\WINDOWS\system32\drivers\downld\92281.exe
C:\WINDOWS\system32\drivers\downld\926906.exe
C:\WINDOWS\system32\drivers\downld\934000.exe
C:\WINDOWS\system32\drivers\downld\93578.exe
C:\WINDOWS\system32\drivers\downld\937281.exe
C:\WINDOWS\system32\drivers\downld\95203.exe
C:\WINDOWS\system32\drivers\downld\97328.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ADSERVER
-------\Legacy_SROSA
-------\Service_AdServer


((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 13:05 . 2008-05-16 13:06 <DIR> d-------- C:\BFU
2008-05-16 11:13 . 2008-05-16 11:13 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-15 23:09 . 2008-05-16 12:01 <DIR> d-------- C:\Program Files\Logo Design Studio
2008-05-15 23:03 . 2008-05-15 23:03 <DIR> d-------- C:\WINDOWS\Logo Design Studio
2008-05-15 23:03 . 2008-05-15 23:03 <DIR> d-------- C:\Program Files\Summitsoft
2008-05-15 22:47 . 2008-05-15 23:00 <DIR> d-------- C:\Program Files\Logo Creator
2008-05-09 09:59 . 2008-05-09 09:59 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-08 21:35 . 2008-05-16 10:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\skypePM
2008-05-08 21:35 . 2008-05-08 21:35 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-08 21:33 . 2008-05-08 21:33 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-08 21:33 . 2008-05-16 13:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Skype
2008-05-08 21:32 . 2008-05-08 21:32 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-08 21:30 . 2008-05-08 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-08 21:29 . 2007-10-11 21:55 1,279,000 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-05-08 21:29 . 2007-10-11 22:00 490,008 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-05-08 21:29 . 2007-10-11 22:00 465,432 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-05-08 21:29 . 2007-10-11 21:57 416,280 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-05-08 21:29 . 2004-08-03 23:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-05-08 21:29 . 2004-08-03 23:56 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-05-08 21:28 . 2008-05-08 21:33 <DIR> d-------- C:\Program Files\Skype
2008-05-08 21:28 . 2007-10-11 21:57 195,096 -ra------ C:\WINDOWS\system32\lvci1150.dll
2008-05-08 21:28 . 2007-10-11 21:11 59,500 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-05-08 21:28 . 2007-10-11 22:00 41,752 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-05-08 21:28 . 2007-10-11 21:18 21,138 -ra------ C:\WINDOWS\system32\Repository.reg
2008-05-08 21:28 . 2007-10-11 21:55 13,848 -ra------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-05-08 21:20 . 2008-05-08 21:32 <DIR> d-------- C:\Program Files\Logitech
2008-05-08 21:20 . 2008-05-08 21:29 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-05-08 21:20 . 2008-05-08 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-05-08 21:19 . 2004-08-03 22:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-08 21:19 . 2004-08-03 22:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-08 21:17 . 2004-08-03 22:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-08 21:17 . 2004-08-03 22:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-08 16:32 . 2008-05-08 16:32 <DIR> d-------- C:\Program Files\iPod
2008-04-29 14:49 . 2008-04-29 14:55 <DIR> d-------- C:\Program Files\Absolute Banner
2008-04-26 09:58 . 2008-04-26 09:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2008-04-24 17:06 . 2008-04-24 17:06 1,455 --a------ C:\WINDOWS\cuteftppro.INI
2008-04-19 13:14 . 2008-04-19 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-17 12:30 . 2008-05-16 13:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 12:30 . 2008-04-17 12:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 09:10 . 2008-05-16 09:55 <DIR> d-------- C:\Program Files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 15:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 14:53 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-16 14:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-05-16 14:48 --------- d-----w C:\Program Files\eMule
2008-05-16 13:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 04:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\SharpReader
2008-05-14 17:15 --------- d-----w C:\Program Files\Zoom Search
2008-05-11 21:10 --------- d-----w C:\Program Files\iTunes
2008-05-09 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 13:58 --------- d-----w C:\Program Files\Winamp
2008-04-19 04:57 --------- d-----w C:\Program Files\Blocklist Manager
2008-04-16 16:51 --------- d-----w C:\Program Files\Azureus
2008-04-16 13:10 --------- d-----w C:\Program Files\QuickTime
2008-04-07 14:16 245,767 --sha-w C:\WINDOWS\Cursors\lsass.exe
2008-04-02 13:27 --------- d-----w C:\Program Files\Spyware Stoppers
2008-04-02 13:23 --------- d-----w C:\Program Files\InterMute
2008-04-02 13:18 --------- d-----w C:\Program Files\Screen Print
2008-03-29 04:37 --------- d-----w C:\Program Files\WiFiConnector
2008-03-23 19:03 --------- d-----w C:\Program Files\Dell
2008-03-23 19:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2007-04-03 14:10 0 -c--a-w C:\Documents and Settings\Owner\test16.exe
2006-08-27 16:24 530,336 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-20 09:10 715888]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 13:35 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 13:32 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 13:36 114688]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 20:39 147456]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 18:30 86016]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 14:55 32768]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 05:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 05:01 155648]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 18:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 16:44 185896]
"RemoteControl"="C:\Program Files\PowerDVD\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="C:\Program Files\PowerDVD\Language\Language.exe" [2006-04-13 12:09 49152]
"PMX Daemon"="ICO.EXE" [2006-11-08 15:01 49152 C:\WINDOWS\system32\ico.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"RegistryMechanic"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 11:54 79224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-08 21:32:17 66864]
Microsoft Office.lnk - C:\Program Files\Microsoft Office XP\Office10\OSA.EXE [2001-02-13 05:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-03-29 00:37:31 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]
ldr64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIVX"= divxdec.ax
"vidc.ffds"= ffdshow.ax
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1143694826\\ee\\aolsoftware.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\OpenWebScope\\OpenWebScope.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Zoom Search\\ZoomIndexer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\CuteFTP\\ftpte.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 19:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-15 19:16]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 18:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 17:31:12 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1289FE3-97E6-498B-B967-D5ABF877C2C3}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 13:26:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-05-16 13:44:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 17:43:15

Pre-Run: 4,860,088,320 bytes free
Post-Run: 5,163,126,784 bytes free

378 --- E O F --- 2008-05-15 07:03:21

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 16, 2008 3:49:42 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/05/2008
Kaspersky Anti-Virus database records: 778500
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 133359
Number of viruses found: 17
Number of infected objects: 489
Number of suspicious objects: 0
Duration of the scan process: 01:26:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Slant Magazine\misc\misc\~WRL2862.tmp Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Slant Magazine\misc\release schedule\dvd release schedule.doc Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008051620080517\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF2130.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF2141.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF5092.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF6F6E.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF7D8F.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DF96CC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~DFBF7E.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~WRD0002.doc Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\temp\~WRS0005.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Blocklist Manager\Tools\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Owner\Data\storydb.idx Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\3DM_Export_for_Solid_Edge_1.0.zip.vir/3DM_Export_for_Solid_Edge_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\3DM_Export_for_Solid_Edge_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\5star_freeTunes_1.2.1.927.zip.vir/5star_freeTunes_1.2.1.927.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\5star_freeTunes_1.2.1.927.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Abexo_Defragmenter_Pro_5.0.zip.vir/Abexo_Defragmenter_Pro_5.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Abexo_Defragmenter_Pro_5.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Able_MPEG2_Editor_2.5_Key+Serial.zip.vir/Able_MPEG2_Editor_2.5_Key+Serial.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Able_MPEG2_Editor_2.5_Key+Serial.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Abstract_Icons_1.0.zip.vir/Abstract_Icons_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Abstract_Icons_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AccessPatrol_1.0_(Key).zip.vir/AccessPatrol_1.0_(Key).exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AccessPatrol_1.0_(Key).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Access_Lock_3.2.zip.vir/Access_Lock_3.2.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Access_Lock_3.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AdBlaster_2.0.zip.vir/AdBlaster_2.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AdBlaster_2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Adsense_Ready_Web_Site_#8_1.zip.vir/Adsense_Ready_Web_Site_#8_1.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Adsense_Ready_Web_Site_#8_1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Aimersoft_Pocket_PC_Converter_Suite_1.0.22_Crack.zip.vir/Aimersoft_Pocket_PC_Converter_Suite_1.0.22_Crack.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Aimersoft_Pocket_PC_Converter_Suite_1.0.22_Crack.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Alarm_Clock_1.0.66_(Key).zip.vir/Alarm_Clock_1.0.66_(Key).exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Alarm_Clock_1.0.66_(Key).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AlphaPlugins_RedEyes_1.0.zip.vir/AlphaPlugins_RedEyes_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AlphaPlugins_RedEyes_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AnimateIT_Screen_Saver_Toolkit_2.75.zip.vir/AnimateIT_Screen_Saver_Toolkit_2.75.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\AnimateIT_Screen_Saver_Toolkit_2.75.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Ashampoo_Magical_Defrag_2_2.08_(Crack).zip.vir/Ashampoo_Magical_Defrag_2_2.08_(Crack).exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Ashampoo_Magical_Defrag_2_2.08_(Crack).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Assorted_2.2.zip.vir/Assorted_2.2.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Assorted_2.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Audio_Editor_Pro_2.80.zip.vir/Audio_Editor_Pro_2.80.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Audio_Editor_Pro_2.80.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Auto_Web_View_Screensaver_4.00.zip.vir/Auto_Web_View_Screensaver_4.00.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Auto_Web_View_Screensaver_4.00.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Avg.Anti.Spyware.v7.5.0.50.Keygen.zip.vir/Avg.Anti.Spyware.v7.5.0.50.Keygen.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Avg.Anti.Spyware.v7.5.0.50.Keygen.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Basketball_Jones_0.9.zip.vir/Basketball_Jones_0.9.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Basketball_Jones_0.9.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Battlefield_Vietnam_Operation_Deny_Flight_map.zip.vir/Battlefield_Vietnam_Operation_Deny_Flight_map.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Battlefield_Vietnam_Operation_Deny_Flight_map.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Belltech_Business_Card_Designer_Pro_4.7_(Key).zip.vir/Belltech_Business_Card_Designer_Pro_4.7_(Key).exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Belltech_Business_Card_Designer_Pro_4.7_(Key).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Caladesi_Island_1.1.zip.vir/Caladesi_Island_1.1.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Caladesi_Island_1.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Clean_&_Clear_0.99_[Crack].zip.vir/Clean_&_Clear_0.99_[Crack].exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Clean_&_Clear_0.99_[Crack].zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Countdown_Screensaver_2.0.2b_(Key).zip.vir/Countdown_Screensaver_2.0.2b_(Key).exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Countdown_Screensaver_2.0.2b_(Key).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Crammer_4.1.7.5.zip.vir/Crammer_4.1.7.5.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Crammer_4.1.7.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\DataSafe_(32-bit)_4.3.zip.vir/DataSafe_(32-bit)_4.3.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\DataSafe_(32-bit)_4.3.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Digest2005_2.1.23.zip.vir/Digest2005_2.1.23.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Digest2005_2.1.23.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\DIPLink_1.2.zip.vir/DIPLink_1.2.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\DIPLink_1.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Documents_To_Go_Premium_Edition_(German)_5.0.zip.vir/Documents_To_Go_Premium_Edition_(German)_5.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Documents_To_Go_Premium_Edition_(German)_5.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Drag-N-Fly_2.0.zip.vir/Drag-N-Fly_2.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Drag-N-Fly_2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Dupe_Eliminator_for_iTunes_3.71.zip.vir/Dupe_Eliminator_for_iTunes_3.71.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Dupe_Eliminator_for_iTunes_3.71.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\DVdriver_1.0_Key+Serial.zip.vir/DVdriver_1.0_Key+Serial.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\DVdriver_1.0_Key+Serial.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\EBgo_Sniper_1.4.6.zip.vir/EBgo_Sniper_1.4.6.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\EBgo_Sniper_1.4.6.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\eMapZone_4.3.0.21.zip.vir/eMapZone_4.3.0.21.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\eMapZone_4.3.0.21.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Enter_the_Internet_Registr_3.0.zip.vir/Enter_the_Internet_Registr_3.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Enter_the_Internet_Registr_3.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\FatB_DeskMate_1.0.zip.vir/FatB_DeskMate_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\FatB_DeskMate_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Fine_Arts_Toolbox_6.3.zip.vir/Fine_Arts_Toolbox_6.3.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Fine_Arts_Toolbox_6.3.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Finger_Server_1.0.zip.vir/Finger_Server_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Finger_Server_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Framy_Car_1.0.zip.vir/Framy_Car_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Framy_Car_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Freakstein_1.0.zip.vir/Freakstein_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Freakstein_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Fresh_Start_Professional_Edition_2.41.zip.vir/Fresh_Start_Professional_Edition_2.41.exe Infected: Trojan-Downloader.Win32.Bagle.pk skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\m\shared\Fresh_Start_Professional_Edition_2.41.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Owner\A
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you did have bagel but combofix appears to have cleared that :)

I only noticed one or two elements to remove

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\Cursors\lsass.exe
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\system32\ldr64.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ldr64]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

ON COMPLETION

Can you run a boot scan with Avast ?

You will need to Schedule Boot-Time Scan with avast! Click on the little button placed up in the left corner, and select Schedule Boot-Time Scan. Read also this tutorial HERE it may make it easier to you to follow the steps.

Next, choose
  • Scan all local disks
  • scan archive files
  • click on Schedule
On the next dialog Operating system restart needed select Yes
Now avast! will restart your computer and start to scan before Windows fully loads.

IMPORTANT NOTE since your system has infections on it, avast! will give you dialog box with recommended actions, and options, please make sure if this happens, to click the Move to Chest button, and not to delete any reported files.

The boot log will be located here C:\Program Files\Alwil Software\Avast4\DATA\report\AswBoot.txt
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP