Infected with Virtob, please help

Does your AV say where this virus is located?
Lets go even deeper.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (avast!)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

My antivirus does show where the virus is found

here is a log of what my AV found in the past two days, when the virus started breaking out on my computer.
3/19/2009 10:32:15 PM SYSTEM 1328 Sign of "Win32:Bifrose-CKD [Trj]" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\OHZAYNQA\cnt[1].exe\[Armadillo]" file.
3/19/2009 10:39:01 PM SYSTEM 1328 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite (C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite) returning error, 0000001E.
3/19/2009 10:39:07 PM SYSTEM 1328 Sign of "Win32:Bifrose-CKD [Trj]" has been found in "C:\WINDOWS\system32\18.scr\[Armadillo]" file.
3/19/2009 10:40:15 PM SYSTEM 1328 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\S7EZ4D8Z\unc[1].exe" file.
3/19/2009 10:55:46 PM SYSTEM 1352 Sign of "Win32:Virtob" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UMDZYNR0\x[1]" file.
3/19/2009 11:00:45 PM SYSTEM 1352 Sign of "Win32:Virtob" has been found in "C:\WINDOWS\system32\x.exe" file.
3/19/2009 11:02:13 PM SYSTEM 1352 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite (C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite) returning error, 0000001E.
3/19/2009 11:02:57 PM SYSTEM 1352 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite (C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite) returning error, 0000001E.
3/19/2009 11:04:55 PM SYSTEM 1352 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite (C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite) returning error, 0000001E.
3/19/2009 11:21:28 PM SYSTEM 1316 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UMDZYNR0\x[3]" file.
3/19/2009 11:21:43 PM SYSTEM 1316 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\x.exe" file.
3/20/2009 1:15:11 AM SYSTEM 1316 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2D6D0P0N\unc[1].exe" file.
3/20/2009 1:17:09 AM SYSTEM 1316 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\x.exe" file.
3/20/2009 1:23:58 AM SYSTEM 1316 Sign of "Win32:Virtob" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3HN1G8DN\x[1]" file.
3/20/2009 1:24:07 AM SYSTEM 1316 Sign of "Win32:Virtob" has been found in "C:\WINDOWS\system32\x.exe" file.
3/20/2009 1:24:24 AM SYSTEM 1316 Sign of "Win32:Virtob" has been found in "C:\WINDOWS\System32\x.exe" file.
3/20/2009 1:49:19 AM SYSTEM 1316 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite (C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite) returning error, 0000001E.
3/20/2009 12:55:38 PM SYSTEM 1452 Sign of "Win32:Virtob" has been found in "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UMDZYNR0\x[3]" file.
3/20/2009 12:55:59 PM SYSTEM 1452 Sign of "Win32:Virtob" has been found in "C:\WINDOWS\system32\x.exe" file.
3/20/2009 12:56:01 PM SYSTEM 1452 Sign of "Win32:Virtob" has been found in "C:\WINDOWS\System32\x.exe" file.
3/20/2009 2:08:34 PM SYSTEM 1452 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite (C:\Documents and Settings\Jimmy.VALUED-20606295\Local Settings\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\urlclassifier3.sqlite) returning error, 0000001E.

I am about to do the combofix part right now, I'll post it up right after it finishes

My combofix log:

ComboFix 09-03-19.02 - Jimmy 2009-03-20 15:47:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.768.465 [GMT -7:00]
Running from: c:\documents and settings\Jimmy.VALUED-20606295\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090320-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jimmy.VALUED-20606295\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\PS TO USB CONVERTOR\CnsMin5.ico
C:\test.txt
c:\windows\system\svhost.exe
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\pac.txt
c:\windows\system32\SrchSTS.exe
c:\windows\system32\x.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

2009-03-20 15:09 . 2009-03-20 15:09 59,904 --a------ c:\windows\system32\55.scr
2009-03-20 14:50 . 2009-03-20 14:50 d-------- C:\_OTMoveIt
2009-03-20 13:00 . 2009-03-20 13:00 d-------- c:\documents and settings\Jimmy.VALUED-20606295\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 22:50 --------- d-----w c:\program files\PS TO USB CONVERTOR
2009-03-20 05:50 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Azureus
2009-03-17 21:04 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\vlc
2009-01-31 01:51 --------- d-----w c:\program files\Java
2009-01-29 05:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 05:54 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-29 05:54 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield
2009-01-29 05:54 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-29 05:05 --------- d-----w c:\program files\Teamspeak2_RC2
2009-01-29 05:05 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\teamspeak2
2009-01-21 06:08 --------- d-----w c:\program files\LibUSB-Win32-0.1.10.1
2009-01-16 06:56 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl0.dat
2008-12-18 07:53 604 ---ha-w c:\program files\STLL Notifier
2008-08-18 07:56 784 ----a-w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\mpauth.dat
2008-02-18 20:25 35,184 ----a-w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\GDIPFONTCACHEV1.DAT
2006-10-21 18:38 147,456 ----a-w c:\program files\mozilla firefox\plugins\CDVDiso.dll
2006-01-15 13:38 231,064 ----a-w c:\program files\mozilla firefox\plugins\CDVDisoEFP.dll
2005-05-14 15:04 151,040 ----a-w c:\program files\mozilla firefox\plugins\CDVDisolinuz.dll
2006-01-15 13:38 54,289 ----a-w c:\program files\mozilla firefox\plugins\CDVDlinuz.dll
2005-05-14 15:04 6,656 ----a-w c:\program files\mozilla firefox\plugins\CDVDnull.dll
2005-04-20 08:21 86,016 ----a-w c:\program files\mozilla firefox\plugins\cdvdPeops.dll
2005-05-14 15:04 6,656 ----a-w c:\program files\mozilla firefox\plugins\DEV9null.dll
2005-05-16 08:41 21,732 ----a-w c:\program files\mozilla firefox\plugins\FWnull.dll
2006-03-13 09:34 565,248 ----a-w c:\program files\mozilla firefox\plugins\GSdx9 sse2.dll
2006-03-13 16:33 602,112 ----a-w c:\program files\mozilla firefox\plugins\GSdx9.dll
2006-09-04 00:08 18,944 ----a-w c:\program files\mozilla firefox\plugins\PadSSSPSX.dll
2005-05-14 15:04 372,892 ----a-w c:\program files\mozilla firefox\plugins\PADwin.dll
2006-11-04 09:20 94,208 ----a-w c:\program files\mozilla firefox\plugins\spu2PeopsSound.dll
2005-05-14 15:04 9,728 ----a-w c:\program files\mozilla firefox\plugins\USBnull.dll
2006-11-17 22:06 7,892,992 ----a-w c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 non sse2.dll
2006-11-18 14:50 7,892,992 ----a-w c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 sse2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-22 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"lxdimon.exe"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-24 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll
"vidc.ffds"= d:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WindowsTelephony]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"d:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\WINDOWS\\System32\\55.scr"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 114768]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-06 20560]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-04-24 175232]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2008-03-18 99248]
S2 WindowsTelephony;Windows Telephony;"c:\windows\system\svhost.exe" --> c:\windows\system\svhost.exe [?]
S3 HFXLowerFilter;HFXLowerFilter;c:\windows\system32\drivers\hfx_lfd.sys [2006-06-21 21632]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-08-19 33792]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-04-24 807917]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2002-04-24 594668]
S3 XDva008;XDva008;\??\c:\windows\System32\XDva008.sys --> c:\windows\System32\XDva008.sys [?]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NBKeyScan - d:\program files\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} - hxxp://www.dragongemworld.com/Active_X/ENetLauncher.cab
FF - ProfilePath - c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 15:54:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdicoms.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-20 16:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 23:01:53

Pre-Run: 6,270,242,816 bytes free
Post-Run: 6,306,021,376 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
177

Hello. The log shows more malware, so we have to use Combofix with additional directives.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
WindowsTelephony

File::
c:\windows\system32\55.scr

Folder::
C:\_OTMoveIt
c:\documents and settings\Jimmy.VALUED-20606295\DoctorWeb

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WindowsTelephony]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\55.scr"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Thanks for the help. Here is my new ComboFix log:

ComboFix 09-03-19.02 - Jimmy 2009-03-20 16:27:43.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.768.454 [GMT -7:00]
Running from: c:\documents and settings\Jimmy.VALUED-20606295\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jimmy.VALUED-20606295\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090320-0] *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\55.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
c:\_otmoveit\MovedFiles\03202009_145043.log
c:\_otmoveit\MovedFiles\03202009_145043.res
c:\documents and settings\Jimmy.VALUED-20606295\DoctorWeb
c:\documents and settings\Jimmy.VALUED-20606295\DoctorWeb\CureIt.log
c:\windows\system\svhost.exe
c:\windows\system32\55.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWSTELEPHONY
-------\Service_WindowsTelephony


((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-20 22:50 --------- d-----w c:\program files\PS TO USB CONVERTOR
2009-03-20 05:50 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Azureus
2009-03-17 21:04 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\vlc
2009-01-31 01:51 --------- d-----w c:\program files\Java
2009-01-29 05:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 05:54 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-29 05:54 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\InstallShield
2009-01-29 05:54 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-29 05:05 --------- d-----w c:\program files\Teamspeak2_RC2
2009-01-29 05:05 --------- d-----w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\teamspeak2
2009-01-21 06:08 --------- d-----w c:\program files\LibUSB-Win32-0.1.10.1
2009-01-16 06:56 4 --sh--r c:\documents and settings\All Users\Application Data\sysqcl0.dat
2008-12-18 07:53 604 ---ha-w c:\program files\STLL Notifier
2008-08-18 07:56 784 ----a-w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\mpauth.dat
2008-02-18 20:25 35,184 ----a-w c:\documents and settings\Jimmy.VALUED-20606295\Application Data\GDIPFONTCACHEV1.DAT
2006-10-21 18:38 147,456 ----a-w c:\program files\mozilla firefox\plugins\CDVDiso.dll
2006-01-15 13:38 231,064 ----a-w c:\program files\mozilla firefox\plugins\CDVDisoEFP.dll
2005-05-14 15:04 151,040 ----a-w c:\program files\mozilla firefox\plugins\CDVDisolinuz.dll
2006-01-15 13:38 54,289 ----a-w c:\program files\mozilla firefox\plugins\CDVDlinuz.dll
2005-05-14 15:04 6,656 ----a-w c:\program files\mozilla firefox\plugins\CDVDnull.dll
2005-04-20 08:21 86,016 ----a-w c:\program files\mozilla firefox\plugins\cdvdPeops.dll
2005-05-14 15:04 6,656 ----a-w c:\program files\mozilla firefox\plugins\DEV9null.dll
2005-05-16 08:41 21,732 ----a-w c:\program files\mozilla firefox\plugins\FWnull.dll
2006-03-13 09:34 565,248 ----a-w c:\program files\mozilla firefox\plugins\GSdx9 sse2.dll
2006-03-13 16:33 602,112 ----a-w c:\program files\mozilla firefox\plugins\GSdx9.dll
2006-09-04 00:08 18,944 ----a-w c:\program files\mozilla firefox\plugins\PadSSSPSX.dll
2005-05-14 15:04 372,892 ----a-w c:\program files\mozilla firefox\plugins\PADwin.dll
2006-11-04 09:20 94,208 ----a-w c:\program files\mozilla firefox\plugins\spu2PeopsSound.dll
2005-05-14 15:04 9,728 ----a-w c:\program files\mozilla firefox\plugins\USBnull.dll
2006-11-17 22:06 7,892,992 ----a-w c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 non sse2.dll
2006-11-18 14:50 7,892,992 ----a-w c:\program files\mozilla firefox\plugins\ZeroGS KOSMOS 0.96 sse2.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-20_15.59.32.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-20 23:31:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_52c.dat
+ 2009-03-20 23:32:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-22 203720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"lxdimon.exe"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="d:\program files\Lexmark 3500-4500 Series\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-24 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= sonymjpg.dll
"vidc.ffds"= d:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"d:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"d:\\Program Files\\Lexmark 3500-4500 Series\\Lexmark 3500-4500 Series\\App4R.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-07 114768]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-06 20560]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2002-04-24 175232]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2008-03-18 99248]
S3 HFXLowerFilter;HFXLowerFilter;c:\windows\system32\drivers\hfx_lfd.sys [2006-06-21 21632]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-08-19 33792]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [2002-04-24 807917]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2002-04-24 594668]
S3 XDva008;XDva008;\??\c:\windows\System32\XDva008.sys --> c:\windows\System32\XDva008.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} - hxxp://www.dragongemworld.com/Active_X/ENetLauncher.cab
FF - ProfilePath - c:\documents and settings\Jimmy.VALUED-20606295\Application Data\Mozilla\Firefox\Profiles\skwmol9v.default\
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 16:33:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdicoms.exe
c:\windows\system32\wscntfy.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-03-20 16:41:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 23:40:12
ComboFix2.txt 2009-03-20 23:03:15

Pre-Run: 6,294,315,008 bytes free
Post-Run: 6,283,218,944 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
165

Hello.
How is the machine now?

I haven't had a virus alert in 2 hours, so the computer seems to better. Thanks for helping.

Hello.
Glad to hear it.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.
Please enable avast! now.