Have I got a virus????

aliEnRIK

Create another notepad file called CFScript

Copy the text in RED

File::
c:\4a4aa847c3d18c57dab6fc\$shtdwn$.req
c:\4a4aa847c3d18c57dab6fc\mrt.exe._p
c:\4a4aa847c3d18c57dab6fc\mrtstub.exe

Dir::
c:\documents and settings\All Users\Application Data\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\documents and settings\All Users\Application Data\!!7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
C:\4a4aa847c3d18c57dab6fc

Then drag into COMBOFIX etc

Steve1982

ComboFix 09-03-27.02 - Steve m 2009-03-31 18:52:04.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.579 [GMT 1:00]
Running from: c:\documents and settings\Steve m\Desktop\CF.exe.exe
Command switches used :: c:\documents and settings\Steve m\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\4a4aa847c3d18c57dab6fc\$shtdwn$.req
c:\4a4aa847c3d18c57dab6fc\mrt.exe._p
c:\4a4aa847c3d18c57dab6fc\mrtstub.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\4a4aa847c3d18c57dab6fc\$shtdwn$.req
c:\4a4aa847c3d18c57dab6fc\mrt.exe._p
c:\4a4aa847c3d18c57dab6fc\mrtstub.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-29 21:36 . 2009-03-29 21:36 <DIR> d

---

c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-29 21:25 . 2009-03-29 21:25 <DIR> d

---

c:\documents and settings\Steve m\Application Data\Malwarebytes
2009-03-29 19:48 . 2009-03-29 19:48 <DIR> d

---

c:\program files\SUPERAntiSpyware
2009-03-29 19:48 . 2009-03-29 19:48 <DIR> d

---

c:\documents and settings\Steve m\Application Data\SUPERAntiSpyware.com
2009-03-28 16:36 . 2009-03-28 16:36 <DIR> d

---

c:\program files\Trend Micro
2009-03-27 14:03 . 2009-03-26 16:49 38,496 --a

---

c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 14:03 . 2009-03-26 16:49 15,504 --a

---

c:\windows\system32\drivers\mbam.sys
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d

---

c:\program files\CCleaner
2009-03-27 14:01 . 2009-03-27 14:01 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\!!7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-27 13:58 . 2009-03-27 13:58 <DIR> d

---

c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 13:53 . 2004-11-03 00:00 <DIR> d

---

c:\documents and settings\Administrator\WINDOWS
2009-03-27 13:53 . 2004-11-03 00:00 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-03-27 13:53 . 2009-03-27 14:02 <DIR> d

---

c:\documents and settings\Administrator
2009-03-27 13:13 . 2009-03-29 22:12 <DIR> d

---

c:\program files\Malwarebytes' Anti-Malware
2009-03-26 04:01 . 2009-03-26 04:01 18 --a

---

C:\SYSREST
2009-03-10 20:24 . 2008-04-17 14:12 107,368 --a

---

c:\windows\system32\GEARAspi.dll
2009-03-10 20:24 . 2008-04-17 14:12 15,464 --a

---

c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-10 20:23 . 2009-03-10 20:24 <DIR> d

---

c:\program files\iTunes
2009-03-10 20:23 . 2009-03-10 20:23 <DIR> d

---

c:\program files\iPod
2009-03-10 20:23 . 2009-03-10 20:23 <DIR> d

---

c:\program files\Bonjour
2009-03-10 20:23 . 2009-03-10 20:24 <DIR> d

---

c:\documents and settings\All Users\Application Data\!!3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-10 20:22 . 2009-03-10 20:22 54,156 --ah

---

c:\windows\QTFont.qfn
2009-03-10 20:22 . 2009-03-10 20:22 1,409 --a

---

c:\windows\QTFont.for
2009-03-10 20:21 . 2009-03-10 20:23 <DIR> d

---

c:\program files\Common Files\Apple
2009-03-10 20:21 . 2009-03-10 20:21 <DIR> d

---

c:\program files\Apple Software Update
2009-03-10 20:21 . 2009-03-10 20:21 <DIR> d

---

c:\documents and settings\All Users\Application Data\Apple
2009-03-09 22:44 . 2008-11-13 16:18 1,221,008 --a

---

c:\windows\system32\zpeng25.dll
2009-02-24 21:21 . 2009-01-09 20:19 1,089,593

---

c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-13 19:24 . 2009-03-31 18:52 <DIR> d

---

C:\4a4aa847c3d18c57dab6fc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 22:05 13,594,753 -c--a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-29 19:04 3,231,744 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-03-29 19:04 22,016 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-03-29 18:51

---

d

---

w c:\documents and settings\All Users\Application Data\avg8
2009-03-29 18:02 3,231,232 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-03-29 18:02 13,824 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-03-28 19:00 13,824 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-03-28 18:32

---

d

---

w c:\documents and settings\Steve m\Application Data\Free Download Manager
2009-03-28 18:22 3,230,720 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-03-28 18:22 14,336 ----a-w c:\windows\Internet Logs\xDBA.tmp
2009-03-28 16:58 3,230,720 ----a-w c:\windows\Internet Logs\xDB9.tmp
2009-03-28 16:58 14,336 ----a-w c:\windows\Internet Logs\xDB8.tmp
2009-03-28 15:39 3,230,720 ----a-w c:\windows\Internet Logs\xDB7.tmp
2009-03-28 15:39 17,920 ----a-w c:\windows\Internet Logs\xDB5.tmp
2009-03-28 15:34

---

d

---

w c:\program files\Steam
2009-03-28 15:27 3,230,208 ----a-w c:\windows\Internet Logs\xDB6.tmp
2009-03-28 15:27 12,800 ----a-w c:\windows\Internet Logs\xDB4.tmp
2009-03-27 12:53 3,230,208 ----a-w c:\windows\Internet Logs\xDB3.tmp
2009-03-27 12:53 129,024 ----a-w c:\windows\Internet Logs\xDB2.tmp
2009-03-27 12:02 2,805,248 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-03-10 19:24

---

d

---

w c:\documents and settings\Steve m\Application Data\Apple Computer
2009-03-10 19:23

---

d

---

w c:\program files\QuickTime
2009-03-10 19:23

---

d

---

w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-03 18:16 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-03 18:16 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-03 18:16 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-02-22 19:02

---

d

---

w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-05 06:54 144,896 ----a-w c:\windows\system32\schannel.dll
2008-09-16 19:08 47,280 -c--a-w c:\documents and settings\Steve m\Application Data\GDIPFONTCACHEV1.DAT
2007-07-25 23:04 42,496 -csha-w c:\program files\Thumbs.db
2007-03-19 23:53 502 -c--a-w c:\documents and settings\Steve m\Application Data\wklnhst.dat
2006-05-03 03:48 181 -c--a-w c:\program files\hpsfx.ini
2008-09-14 15:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091420080915\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2000-10-16 32768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 118784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"!!5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-03 19:16 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

Steve1982

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a

---

2009-03-03 19:16 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]

---

2004-12-02 18:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a

---

2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a

---

2004-02-03 14:42 401491 c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWRTOOLBOX]
--a

---

2006-02-28 13:16 344064 c:\program files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a

---

2009-01-06 14:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a

---

2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a

---

2007-09-07 14:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a

---

2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
--a

---

2006-12-20 12:38 557056 c:\program files\iolo\System Mechanic 6\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a

---

2008-12-15 00:15 1410296 c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra

---

2007-10-14 19:09 103712 c:\program files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a

---

2008-04-06 13:48 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

---

2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a

---

2004-03-17 16:10 61952 c:\windows\system32\HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"usnjsvc"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"ServiceLayer"=3 (0x3)
"SamSs"=2 (0x2)
"RDSessMgr"=3 (0x3)
"ImapiService"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"AudioSrv"=2 (0x2)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-07-02 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-07-02 107272]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [2005-10-07 49152]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2005-10-07 140416]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-02 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 298264]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.bbc.co.uk/sport
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 18:52:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-31 18:54:21
ComboFix-quarantined-files.txt 2009-03-31 17:54:19
ComboFix2.txt 2009-03-31 17:14:27
ComboFix3.txt 2009-03-30 22:29:06
ComboFix4.txt 2009-03-29 20:23:50

Pre-Run: 176,937,250,816 bytes free
Post-Run: 176,922,247,168 bytes free

243 --- E O F --- 2009-03-29 22:03:32

Thanks so far!

aliEnRIK

Download DR WEBS CURE IT
http://www.freedrweb.com/

It will auto QUICK scan. Once its finished, change to a FULL scan

Steve1982

Hi sorry, havent been about to try this up until now.

I have now tried this, the quick scan works and says no problems but when I run the full scan it resets the PC about halfway through and then when I go into windows it says it has recovered from a serious error.

aliEnRIK

Please do a scan with Kaspersky Online Scanner
(Needs to be run in internet explorer)

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• Save the file to your desktop.
• Copy and paste that information in your next post.

Steve1982

Everytime I try it it comes up with an error message relating to being unable to intialise JAVA applet. I seem to be having problems with my internet on that PC am wondering if that is causing it

aliEnRIK

Download JAVA

Steve1982

---

KASPERSKY ONLINE SCANNER 7 REPORT
Monday, April 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, April 06, 2009 21:55:22
Records in database: 2019074

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
\
E:\
Scan statistics:
Files scanned: 111643
Threat name: 10
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 01:59:43

File name / Threat name / Threats count
C:\Documents and Settings\Steve M\Desktop\Software\mp3splitter.exe Infected: Trojan-Downloader.Win32.Hilldoor.at 1
C:\Documents and Settings\Steve M\Local Settings\Application Data\Identities\{2AAFC6F2-B2D7-4CE1-A689-B5550A7EA59A}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.UrlSpoof.e 1
C:\Documents and Settings\Steve M\Local Settings\Application Data\Identities\{2AAFC6F2-B2D7-4CE1-A689-B5550A7EA59A}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Paylap.bg 3
C:\Documents and Settings\Steve M\Local Settings\Application Data\Identities\{2AAFC6F2-B2D7-4CE1-A689-B5550A7EA59A}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.lk 1
C:\Documents and Settings\Steve M\Local Settings\Application Data\Identities\{2AAFC6F2-B2D7-4CE1-A689-B5550A7EA59A}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.HTML.Bayfraud.ev 1
C:\Documents and Settings\Steve M\My Documents\Old Stuff\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.CommonName.p 1
C:\Documents and Settings\Steve M\My Documents\Old Stuff\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\Documents and Settings\Steve M\My Documents\Old Stuff\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak 1
C:\Documents and Settings\Steve M\My Documents\Old Stuff\BSINSTALL.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACqpfwowfl_.sys.zip Infected: Rootkit.Win32.TDSS.gwh 1
The selected area was scanned.

aliEnRIK

Open notepad and copy/paste the text in RED below

File::

C:\Documents and Settings\Steve M\Desktop\Software\mp3splitter.exe
C:\Documents and Settings\Steve M\My Documents\Old Stuff\BSINSTALL.exe


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.


also ~
Your outlook express INBOX has 4 infections in but I honestly have no clue how to pinpoint them. I darent remove the whole thing as it might stop outlook from ever working again
So id suggest removing all suspicious emails that carry ATTACHMENTS