Help pls: stuck cant install any antivirus, wont let them run

Running Windows Xp SP3.
Seem to have a lot of trojan infections in my zip files (when scanned from another machine, shows them to be SHeur2.BBJY).
Cant install any new Antivirus software or run any existing ones (AVG ceased working). Cant run hijack this, get a "not a valid win32 app" message for all of the above.
I have combofix on the the desktop and it runs I think then disappears, but not sure what it is or what it does (updates c:\bug.txt and folder c:\32788R22FWJFW). And oh yes, cant boot to safe mode, get the BSOD! I am at your command if anyone can suggest steps to proceed! PLEASE!

Hi

Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on [color:1040=#4169E1"LOG[/color]. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on [color=#4169E1]LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

Thanks: downloaded icesword, but it wont run, freezes on launch, tried renaming it and launching but get fail to initialize error code 1073741660

Hi

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

• Please download RootRepeal.zip from [color:03ac="blue"]here.
  
• Extract the program file to your Desktop.
  
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the Desktop.
  
• Please copy/paste the contents of the report in your next reply.
  

NOTE! Please remove any e-mail address in the RootRepeal report (if present).

Thanks: cant get rootrepeal.zip from that location (bandwidth exceeded) but can get it elsewhere via google, hope thats OK. I have a confession to make though, before I read your response I saw your other response on a similar problem (sorry, I am sure this is annoying for you) and so I ran combofix. This seems to have worked a treat, at least it has allowed me to install avg again and I am doing a full scan now. can I post a log of combofix here for you (very long) or would you still advise me to run rootrepeal?

this is abbreviated combofix log
ComboFix 09-09-13.04 - Owner 13/09/2009 20:11.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2338 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Custom Settings\TaskBarCmd v1.1.exe
c:\documents and settings\Owner\Application Data\drivers\111wfs1intwq.sys
c:\documents and settings\Owner\Application Data\Drivers\11s11ro1s1a2.sys
c:\documents and settings\Owner\Application Data\drivers\downld
c:\documents and settings\Owner\Application Data\drivers\downld\1004140.exe
c:\documents and settings\Owner\Application Data\drivers\downld\1005218.exe

---
THOUSANDS OF THESE
---

c:\documents and settings\Owner\Application Data\drivers\downld\980759921.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980761046.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980761531.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980770734.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980771562.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980780906.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980781812.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980782171.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980815921.exe
c:\documents and settings\Owner\Application Data\drivers\downld\980837828.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981006906.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981007140.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981007156.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981093625.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981094078.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981094109.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981094437.exe
c:\documents and settings\Owner\Application Data\drivers\downld\981095250.exe
c:\documents and settings\Owner\Application Data\drivers\downld\985953.exe
c:\documents and settings\Owner\Application Data\drivers\downld\986359.exe
c:\documents and settings\Owner\Application Data\drivers\downld\986375.exe
c:\documents and settings\Owner\Application Data\drivers\downld\989343.exe
c:\documents and settings\Owner\Application Data\drivers\downld\990546.exe
c:\documents and settings\Owner\Application Data\drivers\downld\991015.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99253859.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99276000.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99279671.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99387031.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99387703.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99388140.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99421125.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99422046.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99476921.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99476968.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99537265.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99538312.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99538828.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99545062.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99545078.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99545359.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995496281.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99549640.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99550375.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99550734.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995526640.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995633484.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995634000.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995634437.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995672390.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995673171.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995721906.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995729375.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995729406.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995729468.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99573578.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995791140.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995793109.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995793859.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995801828.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995909296.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995910250.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995910625.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995911234.exe
c:\documents and settings\Owner\Application Data\drivers\downld\995931750.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996304453.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996304468.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996408093.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996411812.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996412062.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996412109.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996412437.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996412453.exe
c:\documents and settings\Owner\Application Data\drivers\downld\996412468.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99737156.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99737187.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99737468.exe
c:\documents and settings\Owner\Application Data\drivers\downld\998343.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99864562.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99866718.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99867109.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99881656.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99884109.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99884281.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99884312.exe
c:\documents and settings\Owner\Application Data\drivers\downld\99884640.exe
c:\documents and settings\Owner\Application Data\drivers\downld\999156.exe
c:\documents and settings\Owner\Application Data\drivers\winupgro.exe
c:\documents and settings\Owner\Application Data\m
c:\documents and settings\Owner\Application Data\m\data.oct
c:\documents and settings\Owner\Application Data\m\flec006.exe
c:\documents and settings\Owner\Application Data\m\list.oct
c:\documents and settings\Owner\Application Data\m\shared\#1_Evidence_Killer_2.0.zip
c:\documents and settings\Owner\Application Data\m\shared\1-More PhotoManager 1.20.zip
c:\documents and settings\Owner\Application Data\m\shared\3-D Box Icons.zip
c:\documents and settings\Owner\Application Data\m\shared\3D GIF Designer 2.21.zip
c:\documents and settings\Owner\Application Data\m\shared\3D_Christmas_Cookies_2.3.zip
c:\documents and settings\Owner\Application Data\m\shared\Abandoned_Well_1.15.zip
c:\documents and settings\Owner\Application Data\m\shared\Aberration 1.02.zip
c:\documents and settings\Owner\Application Data\m\shared\Address_Magic_Personal_Edition_4.0.372.zip
c:\documents and settings\Owner\Application Data\m\shared\Advanced Renamer Portable 2.57.zip
c:\documents and settings\Owner\Application Data\m\shared\Al's_RSS_Ticker_1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Alkatraz_1.08.zip
c:\documents and settings\Owner\Application Data\m\shared\AlterDesk_0.0.6a.zip
c:\documents and settings\Owner\Application Data\m\shared\Antares_PasSafe_Password_Manager_2.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Any media To Sony Erricsson 5.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Aspose.Pdf For Java 2.2.2.0.zip
c:\documents and settings\Owner\Application Data\m\shared\avast!.Home.4.6.exe.zip
c:\documents and settings\Owner\Application Data\m\shared\Bangarsoft FoxFix 1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Bass Masters Classic Tournament Edition.zip
c:\documents and settings\Owner\Application Data\m\shared\Battlefield_1942_Desert_Combat_Mission_Angel_of_Death_map.zip
c:\documents and settings\Owner\Application Data\m\shared\BlogBridge_3.0.1.zip
c:\documents and settings\Owner\Application Data\m\shared\CeledyDraw_2.zip
c:\documents and settings\Owner\Application Data\m\shared\CeSync_Activex_1.2.zip
c:\documents and settings\Owner\Application Data\m\shared\Compact AutoRunner 1.0.1 Build 100.zip
c:\documents and settings\Owner\Application Data\m\shared\CoverMe! 1.2.zip
c:\documents and settings\Owner\Application Data\m\shared\CPXCoding_Process_Xlerator_5.3.5.zip
c:\documents and settings\Owner\Application Data\m\shared\CrossFont_4.1.zip
c:\documents and settings\Owner\Application Data\m\shared\CyberSieve 2.7.3.zip
c:\documents and settings\Owner\Application Data\m\shared\Danzania_-_Land_of_Wonder_Screensaver_1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Data_Entry_Test_2004_5.0_(Patch).zip
c:\documents and settings\Owner\Application Data\m\shared\Data_Protection_Software_1.46.zip
c:\documents and settings\Owner\Application Data\m\shared\Diamond_Calculator_3.0.zip
c:\documents and settings\Owner\Application Data\m\shared\DIRECTORS_SCRIPT_1.0_(Key).zip
c:\documents and settings\Owner\Application Data\m\shared\Duchess_ESML_Librarian_1.0.6.1_(With_Crack).zip
c:\documents and settings\Owner\Application Data\m\shared\DVDConvert_Professional_3.0.45.zip
c:\documents and settings\Owner\Application Data\m\shared\EarMaster Pro 5.0 build 601P.zip
c:\documents and settings\Owner\Application Data\m\shared\Elterm 24 Emulator 1.01.zip
c:\documents and settings\Owner\Application Data\m\shared\Email Audit 3.2.zip
c:\documents and settings\Owner\Application Data\m\shared\EMS_Data_Comparer_for_PostgreSQL_2.0.0.1_Patch.zip
c:\documents and settings\Owner\Application Data\m\shared\Feedreader_3.10_Final.zip
c:\documents and settings\Owner\Application Data\m\shared\FileBackup 1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\FolderSecure_6.0_Crack.zip
c:\documents and settings\Owner\Application Data\m\shared\Free_ProxyWay_anonymous_surfing_2.6.zip
c:\documents and settings\Owner\Application Data\m\shared\FreeVoice_1.2_Beta.zip
c:\documents and settings\Owner\Application Data\m\shared\Google_Maps_With_GPS_Tracker_5.0_Crack.zip
c:\documents and settings\Owner\Application Data\m\shared\Iman_Random_Password_Generator_1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Immedirate_1.0.0.0.zip
c:\documents and settings\Owner\Application Data\m\shared\ImplantViewer_1.901B.zip
c:\documents and settings\Owner\Application Data\m\shared\Inzomia_Image_Encrypt_1.02.zip
c:\documents and settings\Owner\Application Data\m\shared\Jaguar Calc add-in 1.0.2.zip
c:\documents and settings\Owner\Application Data\m\shared\Java_DeObfuscator_1.6b.zip
c:\documents and settings\Owner\Application Data\m\shared\Jlint 1.20.zip
c:\documents and settings\Owner\Application Data\m\shared\JMesa 2.4.1.zip
c:\documents and settings\Owner\Application Data\m\shared\Joost.zip
c:\documents and settings\Owner\Application Data\m\shared\Kalvyn_Workgroup_Software_Access_Edition_2006_1.0_Key.zip
c:\documents and settings\Owner\Application Data\m\shared\Klick-N-View_Business_Cards_4.5.2.1.zip
c:\documents and settings\Owner\Application Data\m\shared\Klonsoft_MP3_to_WAV_Converter_2.5_[Crack].zip
c:\documents and settings\Owner\Application Data\m\shared\LuxRiot DVR 1.6.12.zip
c:\documents and settings\Owner\Application Data\m\shared\Magic Blog 1.00.zip
c:\documents and settings\Owner\Application Data\m\shared\Marbles+ - The Cross Puzzle 1.1.zip
c:\documents and settings\Owner\Application Data\m\shared\MB3-214_-_Great_Plains_8.0_Installations_&_Configuration_Practice_Exam_Questions_1.0_(KeyGen).zip
c:\documents and settings\Owner\Application Data\m\shared\Metronome HistoryMaker 1.5a.zip
c:\documents and settings\Owner\Application Data\m\shared\MHT Quick Saver 3.23.zip
c:\documents and settings\Owner\Application Data\m\shared\Microsoft Semblio SDK 1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\MP3 Filename Formatter 5.112.zip
c:\documents and settings\Owner\Application Data\m\shared\MP3DVU 1.02.zip
c:\documents and settings\Owner\Application Data\m\shared\MS_Word_Extract_Phone_Numbers_From_Multiple_Documents_Software_7.0.zip
c:\documents and settings\Owner\Application Data\m\shared\My Properties 1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\MY_ENCRYPTED_DISK_1.10_Key.zip
c:\documents and settings\Owner\Application Data\m\shared\My3DEngine 1.0.18.zip
c:\documents and settings\Owner\Application Data\m\shared\Nero_7_Premium_7.10.1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\NetWalk_2.2.zip
c:\documents and settings\Owner\Application Data\m\shared\Newsgroup_Image_Collector_1.6_[Serial].zip
c:\documents and settings\Owner\Application Data\m\shared\NOD32.2.51.20.Ita.Windows.NT2000XP2003x64.zip
c:\documents and settings\Owner\Application Data\m\shared\Norton.Antivirus.2006.BR.-.por.bard666.F!N4LShare.zip
c:\documents and settings\Owner\Application Data\m\shared\Note_2.12_(Cracked).zip
c:\documents and settings\Owner\Application Data\m\shared\OrgCalendar (WEB) 1.3.zip
c:\documents and settings\Owner\Application Data\m\shared\Origramy 1.12.zip
c:\documents and settings\Owner\Application Data\m\shared\OSS_Audio_Converter_Pro_5.6.0.5_Key.zip
c:\documents and settings\Owner\Application Data\m\shared\PC_Countdown_1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\PDFreactor 1.0.800.zip
c:\documents and settings\Owner\Application Data\m\shared\PetraSell_Scheduler_2004.zip
c:\documents and settings\Owner\Application Data\m\shared\Photoinstrument 2.5 Build 219.zip
c:\documents and settings\Owner\Application Data\m\shared\PhotoPulse 1.3.1.zip
c:\documents and settings\Owner\Application Data\m\shared\Phutboyslim 1.2.zip
c:\documents and settings\Owner\Application Data\m\shared\PolyEdit 5.2.zip
c:\documents and settings\Owner\Application Data\m\shared\Power_Video_Converter_1.5.26.zip
c:\documents and settings\Owner\Application Data\m\shared\PowerTOC_1.2_With_Crack.zip
c:\documents and settings\Owner\Application Data\m\shared\Prefling_2.0.zip
c:\documents and settings\Owner\Application Data\m\shared\PutAFile 2.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Quick_Run_1.4.zip
c:\documents and settings\Owner\Application Data\m\shared\RailwayStation Art Gallery 1 1.0.6.2634.zip
c:\documents and settings\Owner\Application Data\m\shared\Replay_Screencast_1.21.zip
c:\documents and settings\Owner\Application Data\m\shared\RSS_To_Speech_1.1_(Key).zip
c:\documents and settings\Owner\Application Data\m\shared\sendSMS 0.3.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Server Spy 0.1.6.zip
c:\documents and settings\Owner\Application Data\m\shared\Shutdown_Utility_1.03.zip
c:\documents and settings\Owner\Application Data\m\shared\Smart MP3 Renamer 1.4.1.1.zip
c:\documents and settings\Owner\Application Data\m\shared\SmartPlugin Professional 2.2.05-rc1.zip
c:\documents and settings\Owner\Application Data\m\shared\Snotra Tech Oracle Data Components 2.3.zip
c:\documents and settings\Owner\Application Data\m\shared\Sokoban 1.2.zip
c:\documents and settings\Owner\Application Data\m\shared\SuperPro Client Manager 5.0.zip
c:\documents and settings\Owner\Application Data\m\shared\SwisSQL - Sybase to Oracle Migration Tool 3.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Synesthesia_IR_library_WAV_1.1.3.zip
c:\documents and settings\Owner\Application Data\m\shared\SystemInfo_1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Targa to Extended BMP.zip
c:\documents and settings\Owner\Application Data\m\shared\TechFeeder_1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Terminal Server Console TSCon 2.7.zip
c:\documents and settings\Owner\Application Data\m\shared\Thunderbird Backup4all Plugin.zip
c:\documents and settings\Owner\Application Data\m\shared\Twilight Utilities Address Monitor 2.1.2.zip
c:\documents and settings\Owner\Application Data\m\shared\UFO_Light_1.zip
c:\documents and settings\Owner\Application Data\m\shared\USB_Modem_1.50.zip
c:\documents and settings\Owner\Application Data\m\shared\VBAcodePrint_6.13.98.zip
c:\documents and settings\Owner\Application Data\m\shared\Vikrant's PC Glossary 3 Build 555.zip
c:\documents and settings\Owner\Application Data\m\shared\visKeeper_3.0.2.zip
c:\documents and settings\Owner\Application Data\m\shared\Vista Live Shell Pack - Grey 2.5.1.zip
c:\documents and settings\Owner\Application Data\m\shared\Warcraft_III_The_Frozen_Throne_v1.15_patch.zip
c:\documents and settings\Owner\Application Data\m\shared\WAV to MP3 Plus 1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\Web_Chart_Creator_3.0_(KeyGen).zip
c:\documents and settings\Owner\Application Data\m\shared\Web_Weaver_EZ_Plus_2.06.zip
c:\documents and settings\Owner\Application Data\m\shared\wList 2.0.0.2.zip
c:\documents and settings\Owner\Application Data\m\shared\WordConverterExe.zip
c:\documents and settings\Owner\Application Data\m\shared\World Geography Games 1.0.zip
c:\documents and settings\Owner\Application Data\m\shared\YFakeMusicStatus_1.0.zip
c:\documents and settings\Owner\Application Data\m\srvlist.oct
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\1098578.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\mdelk.exe
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_111111S1RO1S1A
-------\Legacy_111111S1RO1S1A
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\windows\system32\xircom
2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\windows\system32\oobe
2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\program files\microsoft frontpage
2009-09-13 18:42 . 2009-09-13 18:42 211893 ----a-w- c:\windows\system32\drivers\ynogwbzj.sys
2009-09-13 18:41 . 2009-09-13 18:41 -------- d---a-w- C:\Ice
2009-09-13 03:18 . 2009-09-13 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 03:18 . 2009-09-13 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-09-13 02:55 . 2009-09-13 02:55 -------- d-----w- c:\program files\Panda Security
2009-09-13 02:24 . 2009-09-13 02:24 -------- d-----w- C:\rsit
2009-09-13 01:58 . 2009-09-13 01:58 -------- d-----w- c:\program files\ESET
2009-09-13 01:12 . 2009-09-13 11:40 -------- d-----w- c:\program files\Trend Micro
2009-09-13 00:52 . 2009-09-13 00:52 -------- d-----w- c:\program files\Alwil Software
2009-09-12 21:47 . 2008-04-25 18:41 218624 ----a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-09-12 07:17 . 2009-09-12 07:17 -------- d--h--w- c:\windows\PIF
2009-09-12 07:14 . 2009-09-12 07:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2009-09-06 22:26 . 2009-09-06 22:26 -------- d-----w- c:\program files\Acoustica MP3 Audio Mixer
2009-09-03 21:25 . 2009-09-03 21:42 -------- d-----w- c:\program files\Easy h10
2009-08-19 01:55 . 2009-08-19 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Sibelius Software
2009-08-19 01:50 . 2009-08-19 01:50 -------- d-----w- c:\program files\Sibelius Software
2009-08-17 00:27 . 2009-08-17 00:27 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 19:49 . 2009-08-05 16:00 -------- d--h--w- c:\documents and settings\Owner\Application Data\drivers
2009-09-13 03:18 . 2009-07-29 01:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 01:29 . 2009-07-29 01:24 -------- d-----w- c:\program files\Java
2009-09-10 09:52 . 2009-09-10 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-10 01:44 . 2009-07-29 05:19 -------- d-----w- c:\program files\SPSSEval
2009-09-07 08:10 . 2009-08-04 11:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-08-20 12:26 . 2009-07-29 04:46 -------- d-----w- c:\program files\Question Writer - Publisher Edition
2009-08-19 01:55 . 2009-07-29 01:33 112224 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 19:39 . 2009-07-29 01:24 -------- d-----w- c:\program files\Unlocker
2009-08-07 23:55 . 2009-08-07 23:55 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-08-06 18:04 . 2009-08-06 18:04 -------- d-----w- c:\program files\eBay
2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Blue Onion Software
2009-08-05 16:12 . 2009-08-04 11:15 -------- d-----w- c:\program files\eMule
2009-08-05 16:03 . 2009-08-05 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\GlobalSCAPE
2009-08-05 16:02 . 2009-08-05 16:02 -------- d-----w- c:\program files\GlobalSCAPE
2009-08-05 16:02 . 2009-07-29 01:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 16:01 . 2009-07-29 01:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-05 11:48 . 2009-07-29 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-04 11:29 . 2009-08-04 11:24 -------- d-----w- c:\program files\Xobni
2009-08-04 11:24 . 2009-08-04 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-08-04 11:23 . 2009-08-04 11:23 -------- d-----w- c:\program files\Vuze
2009-08-04 10:44 . 2009-08-04 10:44 -------- d-----w- c:\program files\tools
2009-08-04 10:18 . 2009-08-04 10:18 -------- d-----w- c:\program files\MSECache
2009-08-04 09:36 . 2009-07-29 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-31 09:47 . 2009-07-31 09:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-07-31 09:15 . 2009-07-31 09:15 -------- d-----w- c:\program files\Canon
2009-07-31 09:06 . 2009-07-29 01:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 06:48 . 2009-07-30 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-30 06:35 . 2009-07-29 05:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-30 06:35 . 2009-07-30 06:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-30 06:32 . 2009-07-30 06:32 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-30 06:32 . 2009-07-30 06:32 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-30 05:57 . 2009-07-30 05:35 -------- d-----w- c:\program files\DVBT
2009-07-30 05:54 . 2009-07-30 05:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech
2009-07-30 05:53 . 2009-07-30 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-07-30 05:53 . 2009-07-30 05:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-30 05:53 . 2009-07-30 05:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-30 05:52 . 2009-07-30 05:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-30 05:52 . 2009-07-30 05:52 -------- d-----w- c:\program files\Common Files\Logishrd
2009-07-30 05:52 . 2009-07-30 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-30 05:52 . 2009-07-30 05:52 -------- d-----w- c:\program files\Logitech
2009-07-30 05:04 . 2009-07-30 05:04 -------- d-----w- c:\program files\Microsoft Money
2009-07-30 04:58 . 2009-07-30 04:58 -------- d-----w- c:\program files\Belkin
2009-07-30 02:08 . 2009-07-29 04:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-29 13:56 . 2009-07-29 13:53 -------- d-----w- c:\program files\Microsoft Bootvis
2009-07-29 13:52 . 2009-07-29 04:33 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-29 13:48 . 2009-07-29 01:57 -------- d-----w- c:\program files\Microsoft Works
2009-07-29 07:23 . 2009-07-29 07:23 -------- d-----w- c:\program files\CCleaner
2009-07-29 07:22 . 2009-07-29 07:22 -------- d-----w- c:\program files\CDex_150
2009-07-29 06:12 . 2009-07-29 06:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Spotify
2009-07-29 06:07 . 2009-07-29 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-07-29 06:07 . 2009-07-29 04:39 -------- d-----w- c:\program files\iTunes
2009-07-29 06:07 . 2009-07-29 06:07 -------- d-----w- c:\program files\Spotify
2009-07-29 06:06 . 2009-07-29 06:06 -------- d-----w- c:\program files\Last.fm
2009-07-29 05:22 . 2009-07-29 05:22 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-07-29 05:20 . 2009-07-29 05:20 1024 ----a-w- c:\windows\system32\clauth2.dll
2009-07-29 05:20 . 2009-07-29 05:20 1024 ----a-w- c:\windows\system32\clauth1.dll
2009-07-29 05:11 . 2009-07-29 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Forte
2009-07-29 05:11 . 2009-07-29 05:10 -------- d-----w- c:\program files\Agent
2009-07-29 05:06 . 2009-07-29 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-29 05:06 . 2009-07-29 04:58 -------- d-----w- c:\program files\NOS
2009-07-29 05:00 . 2009-07-29 04:59 -------- d-----w- c:\program files\Ultra Tag Editor
2009-07-29 04:59 . 2009-07-29 04:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-29 04:50 . 2009-07-29 04:50 -------- d-----w- c:\program files\Ahead
2009-07-29 04:50 . 2009-07-29 04:50 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-29 04:48 . 2009-07-29 04:48 -------- d-----w- c:\program files\Smart Projects
2009-07-29 04:46 . 2009-07-29 04:46 -------- d-----w- c:\program files\Common Files\Xheo
2009-07-29 04:43 . 2009-07-29 04:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2009-07-29 04:42 . 2009-07-29 04:42 -------- d-----w- c:\program files\Winamp
2009-07-29 04:39 . 2009-07-29 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-29 04:39 . 2009-07-29 04:39 -------- d-----w- c:\program files\iPod
2009-07-29 04:39 . 2009-07-29 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-29 04:39 . 2009-07-29 04:39 -------- d-----w- c:\program files\Bonjour
2009-07-29 04:39 . 2009-07-29 01:25 -------- d-----w- c:\program files\QuickTime Alternative
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\program files\Apple Software Update
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-29 04:29 . 2009-07-29 04:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 02:11 . 2009-07-29 02:11 -------- d-----w- c:\program files\AVG
2009-07-29 01:57 . 2009-07-29 01:57 -------- d-----w- c:\program files\Microsoft.NET
2009-07-29 01:51 . 2009-07-29 01:51 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-07-29 01:51 . 2009-07-29 01:51 -------- d-----w- c:\program files\Pro Imaging Powertoys
2009-07-29 01:51 . 2009-07-29 01:51 -------- d-----w- c:\program files\Common Files\Nikon
2009-07-29 01:42 . 2009-07-29 01:42 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-29 01:42 . 2009-07-29 01:42 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-29 01:42 . 2009-07-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-29 01:40 . 2009-07-29 01:40 -------- d-----w- c:\program files\Intel
2009-07-29 01:38 . 2009-07-29 01:38 -------- d-----w- c:\program files\Dell
2009-07-29 01:34 . 2009-07-29 01:34 -------- d-----w- c:\program files\SigmaTel
2009-07-29 01:25 . 2009-07-29 01:25 -------- d-----w- c:\program files\MediaLooks
2009-07-29 01:25 . 2009-07-29 01:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\7-Zip
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\Foxit Software
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\UPHClean
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-29 01:24 . 2009-07-29 01:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 01:22 . 2009-07-29 01:22 94248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-29 01:22 . 2009-07-29 01:22 -------- d-----w- c:\program files\MSBuild
.

------- Sigcheck -------

[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-20 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FreeSnap.lnk - c:\windows\Installer\{93A5E75B-4E28-4F0F-9006-D19522776993}\_5C685E6D2772ED439F4846.exe [2009-8-6 1078]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-30 809488]
Rupsmon Daemon.lnk - c:\program files\Belkin\Belkin Power Management Software\Monw32.exe [2009-7-30 32768]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30/07/2009 06:53 10384]
R3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [11/09/2007 14:20 87296]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\FP backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]

2009-09-12 c:\windows\Tasks\mydocs backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]

2009-09-10 c:\windows\Tasks\Outlook Backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]

2009-09-07 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2009-07-29 20:31]

2009-09-13 c:\windows\Tasks\User_Feed_Synchronization-{9C9DF633-BCA1-4280-B27E-51FA64BA62DF}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]

2009-09-13 c:\windows\Tasks\weekly home backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {53D8FB9F-E3EA-4313-94FB-49868EC4D01B} = 192.168.0.1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 20:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3079_x-ww_b811a94e\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Belkin Power Management Software\RupsMon.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Blue Onion Software\FreeSnap\FreeSnap.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Logitech\SetPoint\LU\LuLnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\windows\system32\searchfilterhost.exe
c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\Download\{BE462510-1DBC-4D81-9CB9-74F373596630}\chrome_installer.exe
c:\documents and settings\Owner\Local Settings\temp\CR_19.tmp\setup.exe
.
**************************************************************************
.
Completion time: 2009-09-13 20:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-13 19:56

Pre-Run: 344,095,006,720 bytes free
Post-Run: 344,018,919,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

5427 --- E O F --- 2009-07-31 08:58

Hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\sysprs7.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\clauth1.dll

Driver::
111111S1RO1S1A
SK9OU0S

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

thanks: combofix.txt
ComboFix 09-09-13.04 - Owner 13/09/2009 22:27.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2286 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\cfscript.txt

FILE ::
"c:\windows\system32\clauth1.dll"
"c:\windows\system32\clauth2.dll"
"c:\windows\system32\sysprs7.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\clauth1.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\sysprs7.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 20:12 . 2009-09-13 20:44 -------- d-----w- C:\$AVG8.VAULT$
2009-09-13 20:03 . 2009-09-13 20:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-13 20:03 . 2009-09-13 20:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-13 20:03 . 2009-09-13 20:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-13 20:03 . 2009-09-13 20:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-13 20:03 . 2009-09-13 20:03 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-13 20:03 . 2009-09-13 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\windows\system32\xircom
2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\windows\system32\wbem\snmp
2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\windows\system32\oobe
2009-09-13 19:51 . 2009-09-13 19:51 -------- d-----w- c:\program files\microsoft frontpage
2009-09-13 18:42 . 2009-09-13 18:42 211893 ----a-w- c:\windows\system32\drivers\ynogwbzj.sys
2009-09-13 18:41 . 2009-09-13 18:41 -------- d---a-w- C:\Ice
2009-09-13 03:18 . 2009-09-13 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 03:18 . 2009-09-13 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-09-13 02:55 . 2009-09-13 02:55 -------- d-----w- c:\program files\Panda Security
2009-09-13 02:24 . 2009-09-13 02:24 -------- d-----w- C:\rsit
2009-09-13 01:58 . 2009-09-13 01:58 -------- d-----w- c:\program files\ESET
2009-09-13 01:12 . 2009-09-13 11:40 -------- d-----w- c:\program files\Trend Micro
2009-09-13 00:52 . 2009-09-13 00:52 -------- d-----w- c:\program files\Alwil Software
2009-09-12 21:47 . 2008-04-25 18:41 218624 ----a-w- c:\windows\system32\dllcache\uxtheme.dll
2009-09-12 07:17 . 2009-09-12 07:17 -------- d--h--w- c:\windows\PIF
2009-09-12 07:14 . 2009-09-12 07:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Search
2009-09-06 22:26 . 2009-09-06 22:26 -------- d-----w- c:\program files\Acoustica MP3 Audio Mixer
2009-09-03 21:25 . 2009-09-03 21:42 -------- d-----w- c:\program files\Easy h10
2009-08-19 01:55 . 2009-08-19 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Sibelius Software
2009-08-19 01:50 . 2009-08-19 01:50 -------- d-----w- c:\program files\Sibelius Software
2009-08-17 00:27 . 2009-08-17 00:27 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 20:42 . 2009-07-29 05:19 -------- d-----w- c:\program files\SPSSEval
2009-09-13 19:49 . 2009-08-05 16:00 -------- d--h--w- c:\documents and settings\Owner\Application Data\drivers
2009-09-13 03:18 . 2009-07-29 01:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-13 01:29 . 2009-07-29 01:24 -------- d-----w- c:\program files\Java
2009-09-10 09:52 . 2009-09-10 09:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-09-07 08:10 . 2009-08-04 11:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2009-08-20 12:26 . 2009-07-29 04:46 -------- d-----w- c:\program files\Question Writer - Publisher Edition
2009-08-19 01:55 . 2009-07-29 01:33 112224 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-18 19:39 . 2009-07-29 01:24 -------- d-----w- c:\program files\Unlocker
2009-08-07 23:55 . 2009-08-07 23:55 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-08-06 18:04 . 2009-08-06 18:04 -------- d-----w- c:\program files\eBay
2009-08-06 13:22 . 2009-08-06 13:22 -------- d-----w- c:\program files\Blue Onion Software
2009-08-05 16:12 . 2009-08-04 11:15 -------- d-----w- c:\program files\eMule
2009-08-05 16:03 . 2009-08-05 16:03 -------- d-----w- c:\documents and settings\Owner\Application Data\GlobalSCAPE
2009-08-05 16:02 . 2009-08-05 16:02 -------- d-----w- c:\program files\GlobalSCAPE
2009-08-05 16:02 . 2009-07-29 01:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 16:01 . 2009-07-29 01:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-05 11:48 . 2009-07-29 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-04 11:29 . 2009-08-04 11:24 -------- d-----w- c:\program files\Xobni
2009-08-04 11:24 . 2009-08-04 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-08-04 11:23 . 2009-08-04 11:23 -------- d-----w- c:\program files\Vuze
2009-08-04 10:44 . 2009-08-04 10:44 -------- d-----w- c:\program files\tools
2009-08-04 10:18 . 2009-08-04 10:18 -------- d-----w- c:\program files\MSECache
2009-08-04 09:36 . 2009-07-29 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-31 09:47 . 2009-07-31 09:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-07-31 09:15 . 2009-07-31 09:15 -------- d-----w- c:\program files\Canon
2009-07-31 09:06 . 2009-07-29 01:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 06:48 . 2009-07-30 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-30 06:35 . 2009-07-29 05:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-30 06:35 . 2009-07-30 06:35 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-30 06:32 . 2009-07-30 06:32 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-30 06:32 . 2009-07-30 06:32 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-30 05:57 . 2009-07-30 05:35 -------- d-----w- c:\program files\DVBT
2009-07-30 05:54 . 2009-07-30 05:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech
2009-07-30 05:53 . 2009-07-30 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-07-30 05:53 . 2009-07-30 05:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-07-30 05:53 . 2009-07-30 05:53 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-07-30 05:52 . 2009-07-30 05:52 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-30 05:52 . 2009-07-30 05:52 -------- d-----w- c:\program files\Common Files\Logishrd
2009-07-30 05:52 . 2009-07-30 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-30 05:52 . 2009-07-30 05:52 -------- d-----w- c:\program files\Logitech
2009-07-30 05:04 . 2009-07-30 05:04 -------- d-----w- c:\program files\Microsoft Money
2009-07-30 04:58 . 2009-07-30 04:58 -------- d-----w- c:\program files\Belkin
2009-07-30 02:08 . 2009-07-29 04:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-07-29 13:56 . 2009-07-29 13:53 -------- d-----w- c:\program files\Microsoft Bootvis
2009-07-29 13:52 . 2009-07-29 04:33 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-29 13:48 . 2009-07-29 01:57 -------- d-----w- c:\program files\Microsoft Works
2009-07-29 07:23 . 2009-07-29 07:23 -------- d-----w- c:\program files\CCleaner
2009-07-29 07:22 . 2009-07-29 07:22 -------- d-----w- c:\program files\CDex_150
2009-07-29 06:12 . 2009-07-29 06:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Spotify
2009-07-29 06:07 . 2009-07-29 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-07-29 06:07 . 2009-07-29 04:39 -------- d-----w- c:\program files\iTunes
2009-07-29 06:07 . 2009-07-29 06:07 -------- d-----w- c:\program files\Spotify
2009-07-29 06:06 . 2009-07-29 06:06 -------- d-----w- c:\program files\Last.fm
2009-07-29 05:11 . 2009-07-29 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Forte
2009-07-29 05:11 . 2009-07-29 05:10 -------- d-----w- c:\program files\Agent
2009-07-29 05:06 . 2009-07-29 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-29 05:06 . 2009-07-29 04:58 -------- d-----w- c:\program files\NOS
2009-07-29 05:00 . 2009-07-29 04:59 -------- d-----w- c:\program files\Ultra Tag Editor
2009-07-29 04:59 . 2009-07-29 04:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-29 04:50 . 2009-07-29 04:50 -------- d-----w- c:\program files\Ahead
2009-07-29 04:50 . 2009-07-29 04:50 -------- d-----w- c:\program files\Common Files\Ahead
2009-07-29 04:48 . 2009-07-29 04:48 -------- d-----w- c:\program files\Smart Projects
2009-07-29 04:46 . 2009-07-29 04:46 -------- d-----w- c:\program files\Common Files\Xheo
2009-07-29 04:43 . 2009-07-29 04:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2009-07-29 04:42 . 2009-07-29 04:42 -------- d-----w- c:\program files\Winamp
2009-07-29 04:39 . 2009-07-29 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-29 04:39 . 2009-07-29 04:39 -------- d-----w- c:\program files\iPod
2009-07-29 04:39 . 2009-07-29 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-29 04:39 . 2009-07-29 04:39 -------- d-----w- c:\program files\Bonjour
2009-07-29 04:39 . 2009-07-29 01:25 -------- d-----w- c:\program files\QuickTime Alternative
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\program files\Apple Software Update
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Windows Desktop Search
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\program files\Common Files\Apple
2009-07-29 04:38 . 2009-07-29 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-29 04:29 . 2009-07-29 04:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 02:11 . 2009-07-29 02:11 -------- d-----w- c:\program files\AVG
2009-07-29 01:57 . 2009-07-29 01:57 -------- d-----w- c:\program files\Microsoft.NET
2009-07-29 01:51 . 2009-07-29 01:51 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-07-29 01:51 . 2009-07-29 01:51 -------- d-----w- c:\program files\Pro Imaging Powertoys
2009-07-29 01:51 . 2009-07-29 01:51 -------- d-----w- c:\program files\Common Files\Nikon
2009-07-29 01:42 . 2009-07-29 01:42 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-29 01:42 . 2009-07-29 01:42 -------- d-----w- c:\program files\NVIDIA Corporation
2009-07-29 01:42 . 2009-07-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-07-29 01:40 . 2009-07-29 01:40 -------- d-----w- c:\program files\Intel
2009-07-29 01:38 . 2009-07-29 01:38 -------- d-----w- c:\program files\Dell
2009-07-29 01:34 . 2009-07-29 01:34 -------- d-----w- c:\program files\SigmaTel
2009-07-29 01:25 . 2009-07-29 01:25 -------- d-----w- c:\program files\MediaLooks
2009-07-29 01:25 . 2009-07-29 01:25 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\7-Zip
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\Foxit Software
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\UPHClean
2009-07-29 01:24 . 2009-07-29 01:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-29 01:24 . 2009-07-29 01:24 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 01:22 . 2009-07-29 01:22 94248 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-29 01:22 . 2009-07-29 01:22 -------- d-----w- c:\program files\MSBuild
2009-07-29 01:22 . 2009-07-29 01:22 -------- d-----w- c:\program files\Reference Assemblies
2009-07-29 01:16 . 2009-07-29 01:16 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-29 01:15 . 2009-07-29 01:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2009-04-20 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-09-13_19.54.05 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-13 2007832]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-18 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-20 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
FreeSnap.lnk - c:\windows\Installer\{93A5E75B-4E28-4F0F-9006-D19522776993}\_5C685E6D2772ED439F4846.exe [2009-8-6 1078]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-30 809488]
Rupsmon Daemon.lnk - c:\program files\Belkin\Belkin Power Management Software\Monw32.exe [2009-7-30 32768]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-13 20:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/09/2009 21:03 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/09/2009 21:03 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13/09/2009 21:03 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30/07/2009 06:53 10384]
R3 EC168BDA;EC168BDA service;c:\windows\system32\drivers\EC168BDA.sys [11/09/2007 14:20 87296]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AVG8WD
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\FP backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]

2009-09-12 c:\windows\Tasks\mydocs backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]

2009-09-10 c:\windows\Tasks\Outlook Backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]

2009-09-07 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2009-07-29 20:31]

2009-09-13 c:\windows\Tasks\User_Feed_Synchronization-{9C9DF633-BCA1-4280-B27E-51FA64BA62DF}.job
- c:\windows\system32\msfeedssync.exe [2009-04-20 18:22]

2009-09-13 c:\windows\Tasks\weekly home backup.job
- c:\windows\system32\ntbackup.exe [2008-04-14 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {53D8FB9F-E3EA-4313-94FB-49868EC4D01B} = 192.168.0.1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 22:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-09-13 22:37
ComboFix-quarantined-files.txt 2009-09-13 21:37
ComboFix2.txt 2009-09-13 19:56

Pre-Run: 343,914,930,176 bytes free
Post-Run: 344,046,804,992 bytes free

295 --- E O F --- 2009-07-31 08:58

Please download Malwarebytes Anti-Malware from here.
!! BEFORE SAVING IT: rename it to winInit.exe, and save it to your Desktop.

Double Click winInit.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

thanks, heres mbam log:
Malwarebytes' Anti-Malware 1.41
Database version: 2793
Windows 5.1.2600 Service Pack 3

13/09/2009 23:59:37
mbam-log-2009-09-13 (23-59-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 94832
Time elapsed: 47 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 608

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1007937.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1010813437.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1010835687.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1010838859.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.

LOADS MORE

C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1597246328.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1597250265.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1597410687.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\159775468.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\159798953.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\16000890.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\16026750.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1612060156.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1612082265.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1612091421.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1612244437.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1612248875.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1612410328.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1612430078.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\16169125.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1626993968.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1627016968.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1627021468.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\drivers\downld\1627187843.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\m\data.oct.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\m\flec006.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down\1098578.exe.vir (Trojan.Packed) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003101.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003899.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003900.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003901.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003235.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003236.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003237.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003238.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003242.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003243.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003256.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003257.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003270.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003271.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003272.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003276.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003289.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003299.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003303.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003304.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003308.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003309.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003320.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003321.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003331.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003332.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003333.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003337.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003356.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003357.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003358.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003362.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003363.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003376.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003386.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003387.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003391.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003398.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003399.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003400.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003404.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003405.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003417.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003428.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003429.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003433.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003446.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003447.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003464.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003465.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003473.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003474.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003475.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003479.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003491.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003492.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003506.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003507.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003508.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003512.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003513.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003525.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003526.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003535.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003536.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003537.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003541.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003542.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003561.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003563.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003567.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003568.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003480.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003552.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003582.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003584.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003585.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003589.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003590.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003601.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003602.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003627.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003628.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003629.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003630.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003634.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003646.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003647.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003657.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003658.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003659.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003663.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003664.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003677.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003688.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003689.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003690.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003694.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003695.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003708.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003716.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003717.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003721.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003733.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003749.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003751.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003755.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003756.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003767.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003775.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003776.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003777.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003782.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003794.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003795.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003805.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003806.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003807.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003811.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003824.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003835.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003836.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003837.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003841.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003842.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003860.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003869.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003870.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003871.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003876.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003877.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003678.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003732.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003750.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003768.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003917.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003918.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003924.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003925.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003929.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003930.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003942.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003943.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003954.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003955.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003959.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003960.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003972.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003973.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003975.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003979.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003980.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003993.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004011.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004012.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004016.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004017.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004036.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004037.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004038.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004042.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004043.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004056.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004057.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004069.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004073.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004086.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004087.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004095.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004096.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004110.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004119.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004120.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004124.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004137.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004138.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004145.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004146.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004147.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004151.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004164.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004165.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004175.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004176.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004177.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004181.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004182.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003974.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0003992.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004010.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004100.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004118.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004496.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004194.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004195.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004201.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004202.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004206.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004207.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004230.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004231.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004235.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004236.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004251.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004259.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004260.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004261.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004263.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004282.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004295.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004306.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004307.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004308.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004314.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004328.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004329.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004338.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004339.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004340.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004344.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004345.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004355.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004356.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004357.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004361.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004362.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004363.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004376.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004395.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004396.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004397.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004398.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A42F766B-742B-477D-A220-3501FFB128B2}\RP1\A0004402.exe (Worm.Bagle) -> Quarantined and deleted successfully.

Hi

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Remove selected, then post a log in your next reply.

mbam-log
Malwarebytes' Anti-Malware 1.41
Database version: 2793
Windows 5.1.2600 Service Pack 3

14/09/2009 01:45:31
mbam-log-2009-09-14 (01-45-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 178821
Time elapsed: 34 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Try to install Anti Virus Software

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Did it work? Are you now able to install antivirus?

==

Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

hi: yes AVG successfully installed
.
here is checkup.txt
Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 8.5


WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe

Owner Desktop Tools VIRUS & CLEANING\SecurityCheck.exe

``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

Hi

Are you currently connected to the network?

Please download DragonFix by DragonMaster Jay, and save it to your Desktop.

• Please disable realtime protection. (If any)
  
• Double-click RunFirst.vbs. Follow the prompts and make sure it completes. It will confirm the Restore Point was added.
  
• Double-click DragonFix.reg, and follow the prompt(s).
  
• Please reboot your computer.

==

Java is out of date.

Download the newest version from here http://www.java.com/en/download/manual.jsp.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to Start > Control Panel > Software and open Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
They will have this icon next to them:
Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

==

Please run Security Check again after you do the steps above, and post the log in your next reply.

done.
Results of screen317's Security Check version 0.98.9
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 8.5


WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe

Owner Desktop Tools VIRUS & CLEANING\SecurityCheck.exe

``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Hi

Your computer is clean.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?