winupgro.exe virus

Acer / ASPIRE5612
December 25, 2008 at 13:55:41
Specs: Windows XP Media Center E, T2250/0.99 GB
Hello! I got a virus which i think is related with the winupgro.exe process. It came from a exe I downloaded and executed. I ran Combofix and below is the log. Can you help with tne next step? Thanks!

ComboFix 08-12-24.01 - João Pedro Barros 2008-12-25 21:23:27.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.692 [GMT 0:00]
Executando de: c:\documents and settings\João Pedro Barros\Desktop\Combo-Fix.exe
* Criado um novo ponto de restauro

[COLOR=RED][B]ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !![/B][/COLOR]
.
[color=purple]Os seguintes arquivos/ficheiros foram desabilitados durante a execução:[/color]
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\João Pedro Barros\Application Data\drivers\downld
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\252718.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\253390.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\2630328.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\2631218.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\301515.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\302906.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\303359.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4039468.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\448500.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\449921.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\457421.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4849562.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4850500.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4873921.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4875687.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4876296.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4877359.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4878406.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\4879046.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5496609.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5498218.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5498671.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5511531.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5513656.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5514218.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5516750.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5517578.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\5517750.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\6429156.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\6446718.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\6447921.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\downld\6448078.exe
c:\documents and settings\João Pedro Barros\Application Data\drivers\srosa.sys
c:\documents and settings\João Pedro Barros\Application Data\drivers\srosa2.sys
c:\documents and settings\João Pedro Barros\Application Data\drivers\winupgro.exe
c:\documents and settings\João Pedro Barros\Application Data\m
c:\documents and settings\João Pedro Barros\Application Data\m\data.oct
c:\documents and settings\João Pedro Barros\Application Data\m\flec006.exe
c:\documents and settings\João Pedro Barros\Application Data\m\list.oct
c:\documents and settings\João Pedro Barros\Application Data\m\shared\[0] EFS (Explorateur Mobile) pour rentrer les thèmes pour LG KU990 VIEWTY by boss'jo.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\3D Horizontal Bar Chart 1.6.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\70.NSeries.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\ABC Calendar Maker 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Active Sound Studio Personal 2008.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Albion CrossLinks 1.5.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\AllConcentrations 1.0a.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Almonte 3.000.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Alteros Viewer 2.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\AMWidget 1.5.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\ArchView 0.7.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Artemis Explorer 1.5.0.3 Beta.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\AudioMove 1.15.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\AY Spy 1.4.0.001.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\AzDGDatingLite 2.1.2.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Background Changer 7.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Backup Rescue 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Baker 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Bangarsoft SlideShow 4.6.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Blade Cursors 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\BluesWeb toolbar for IE 4.5.132.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\BMW Mini Screensaver 1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Budgetizer 3.0.1.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\BuildersPal 1.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\ByteRun Website Compiler 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Check 'Em! 4.5.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Chronometer 1.0.4.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Clarion to Text convert 1.22.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Colour Spy 1.5.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Cover Letter Creator 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\CrashDetective 1.0.0.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\CTAddress Extractor 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Desktop Security Rx 4.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\DExposE2 2.0.0.31.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Dexpot 1.4.1 Build 554.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\DirectVobSub 2.39.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Disc Broom 0.71.25.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\DVD Ripper Wizard 2.30.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\EarthLink SIPshare 0.14.9a.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Easiestutils Video to Audio Converter 2.9.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Easy DVD Clone 3.0.16.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Easy Expense Tracker 1.7.9.9.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\EditTools 3.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Email Marketing for Newbies and Professionals 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Ewido.Anti-Spyware.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Excel Utility 6.3.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Exposure Contrast 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\F-Secure.Antivirus.2005.Multilenguaje.+.Crack.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\FaJo File Renamer 1.2 Rev 0 Build 18.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Fast Cleaner 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\FastSMS III 3.3.13.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\File Explorer Component 1.4.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Fireware Web Browser 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Flasher Suite 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\FlashFolder 1.9.180 Beta.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\FormMagnet 2.2.4.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Fuscia Fusion Screensaver 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Gameloft T-Mobile Games (s40v2 128x160).zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\GoTo Shared 1.00.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\iLead DVD to iPhone Converter 4.1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Interactive Desktop Wallpaper Changer 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\IpMessage caster 1.00.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\IRC Logger 1.70.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\iSyncTunes 1.2.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Leshiy Wallpaper Organizer 1.20.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\LGSL 1.0.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Linux Kernel 2.6.10.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\LittleFTP Free FTP Client For Windows 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Lotto Creo Professional 5.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Mediafile Assistant 1.02.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\MFRasterizer 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\MiniHost 1.64.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\mIRC LogReader 2.01.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Mobile Basic 2.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Mobile WebCam (www.nokia-symbian.tk).zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Model Analyzer for Excel 1.3.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Morpheus Photo Morpher 3.10.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\MS SQL Server Import Multiple Text Files Software 7.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\MSGTAG 1.4.4.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\MST3K News Gadget 1.0.0.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Multiple Database Query Analyzer 2.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\myBase Networking Edition 2.2.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\NConstruct Lite 1.9.4.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\NFL Wager Simulator 2.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Nico's Commander 5.62.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Nordic.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Panda.TruPrevent.Personal.2005.2.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Paper Shredder 1.4.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Partners Federal Credit Union Mortgage Rates 1.6.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Password Form Builder 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\PFCEx 1.10.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Pierre-Auguste Renoir Screensaver 1.0.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Pointer Cast Distortion 1910.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Poly 1.1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Power MP4 iPod PSP 3GP AVI MPG WMV Video Converter 8.6.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\PowerPoint Password 11.0 (build 8051).zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\PPL 1.04.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\ProLingo Chinese Japanese Dictionary 1.4.8.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\ProLingo English Japanese Dictionary 1.4.7.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Pronto Survey 1.1.10.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\QuickMathFacts Math Facts Teacher 5.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Resize Pictures Plus 3.22.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\SCAI MAS 1.0.2.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Server Monitor 1.2.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Smart Fat Recovery 3.7.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Spyware Medic 1 build 624.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Symantec Mail Security License 1165464.7 Slf(3).zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Symantec.Norton.Antivirus.2007.Full.+.Symantec.Norton.Internet.Security.2007.Full.part1.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\taksi 0.7.5.7 beta.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Temperature Conversion 1.0.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Test Tone Generator 4.32.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Timewise Desktop.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\TreePie 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Triangle Side and Angle Solver 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\UNC Tar Heels Widget 2.1.7.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Vivid Report for C++ Builder 5 3.0 Std.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Where 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\WinCleaner AntiSpyware 5.58.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Windowpaper XP 1.01.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Windows Live Writer 14.0.5025.904 Beta (Wave 3).zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\WinStep 1.0.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\WinSubMux 0.2.0.2.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\WizFlow Flowcharter 6.07 Build 2024.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\X'SqueezeMe 5.04.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\XK Codec Pack 041014.zip
c:\documents and settings\João Pedro Barros\Application Data\m\shared\Zero Assumption Recovery 8.2.zip
c:\documents and settings\João Pedro Barros\Application Data\m\srvlist.oct
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\mdelk.exe
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wintems.exe
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_NPF
-------\Legacy_SK9OU0S
-------\Service_NPF
-------\Service_sK9Ou0s


(((((((((((((((( Arquivos/Ficheiros criados de 2008-11-25 to 2008-12-25 ))))))))))))))))))))))))))))
.

2008-12-24 23:10 . 2008-12-24 23:10 <DIR> d--h----- c:\documents and settings\João Pedro Barros\Application Data\drivers

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 20:46 14,848 ----a-w c:\windows\system32\dllcache\register.exe
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-24 17:59 --------- d-----w c:\program files\Quick To-Do Light
2008-10-27 15:47 --------- d-----w c:\program files\MeadCo Neptune
2008-10-25 03:05 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-25 02:59 --------- d-----w c:\program files\Bonjour
2008-10-25 02:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 17:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-01 03:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090120080902\index.dat
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pxador.exe"="c:\windows\wdfmgr\pxador.exe" [2008-06-08 471040]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 c:\windows\system32\narrator.exe]

c:\documents and settings\JoÆo Pedro Barros\Start Menu\Programs\Startup\
BWMeter.lnk - c:\program files\BWMeter\BWMeter.exe [2008-05-14 752128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-21 113664]
tmn.lnk - c:\program files\tmn\tmn\tmn.exe [2007-12-27 786432]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\wdfmgr\\pxador.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2007-06-02 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2007-06-02 78208]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
R3 dsnpfd;DeskSoft Service;c:\windows\system32\DRIVERS\dsnpfd.sys [2008-05-14 26920]
R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2007-07-09 95744]
R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2007-06-26 51968]
R3 GTPTSER;GT PT SER;c:\windows\system32\DRIVERS\gtptser.sys [2005-09-01 8064]
R3 GTSCSER;GT SC SER;c:\windows\system32\DRIVERS\gtscser.sys [2005-08-29 21376]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-06-19 1097728]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S3 GTF32BUS;GT F32 BUS;c:\windows\system32\DRIVERS\gtf32bus.sys [2005-09-01 32000]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\windows\system32\DRIVERS\ewusbmdm.sys [2007-07-14 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\windows\system32\DRIVERS\ewusbapp.sys [2007-07-14 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\windows\system32\DRIVERS\ewusbser.sys [2007-07-14 65152]
S3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2005-09-13 4392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9023777a-3a1e-11dd-a247-0016d4654fa3}]
\Shell\AutoRun\command - G:\setup.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6962530-34a3-11dc-9f6b-0016d4654fa3}]
\Shell\auto\command - G:\Knight.exe open
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - G:\Knight.exe open
\Shell\find\command - G:\Knight.exe open
\Shell\install\command - G:\Knight.exe open
\Shell\open\command - G:\Knight.exe open
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-H/PC Connection Agent - c:\program files\Microsoft ActiveSync\Wcescomm.exe
HKLM-Run-wdfmgr.exe - c:\windows\wdfmgr\wdfmgr.exe
MSConfigStartUp-Netcount - c:\program files\Netcount\Netcount.exe


.
------- Scan Suplementar -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://br.rd.yahoo.com/customize/ycomp/defaults/su/*http://br.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 21:27:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************
.
os Processos em Execu�
.
c:\program files\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\program files\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\program files\COMMON FILES\LOGITECH\LVMVFM\LVPRCSRV.EXE
c:\acer\EMPOWERING TECHNOLOGY\ADMSERV.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\SYSTEM32\CRYPSERV.EXE
c:\windows\EHOME\EHRECVR.EXE
c:\windows\EHOME\EHSCHED.EXE
c:\program files\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\windows\EHOME\MCRDSVC.EXE
c:\windows\SYSTEM32\DLLHOST.EXE
c:\program files\LAUNCH MANAGER\LMANAGER.EXE
c:\windows\SYSTEM32\IGFXEXT.EXE
c:\windows\SYSTEM32\IGFXSRVC.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\program files\OPERA\OPERA.EXE
.
**************************************************************************
.
Tempo para conclusão: 2008-12-25 21:31:33 - Máquina reiniciou
ComboFix-quarantined-files.txt 2008-12-25 21:31:32

Pré-execução: 3,547,791,360 bytes free
Pós execução: 4,992,466,944 bytes livres

372 --- E O F --- 2008-12-19 11:06:25


See More: winupgro.exe virus

Report •


#1
December 25, 2008 at 17:40:51
Just a reminder to other posters, do not run the tools recommended for other posters as they can render your computer useless in a single click, especially Combofix, SDFix, Hijack This and others. Also we need the info from the scans to determine what version of the baddies you have so we will know what procedure to use to remove them. We just need to know what problems you are having.

Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6962530-34a3-11dc-9f6b-0016d4654fa3}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#2
December 25, 2008 at 20:38:38
Here is the report of the scan. Thanks in advance!

----------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 25, 2008 21:58:56
Records in database: 1515110
----------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 99321
Threat name: 11
Infected objects: 146
Suspicious objects: 0
Duration of the scan: 01:56:45


File name / Threat name / Threats count
C:\WINDOWS\wdfmgr\pxador.exe Infected: Trojan-Downloader.Win32.Banload.ojl 1
C:\WINDOWS\wdfmgr\out.exe Infected: Trojan.Win32.Delf.ag 1
C:\WINDOWS\wdfmgr\out.exe Infected: Trojan-Spy.Win32.Banker.ohb 1
C:\WINDOWS\packs.exe Infected: Trojan.Win32.Delf.ag 1
C:\Program Files\HomeKeylogger\KeyLogger.Dll Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\drivers\_srosa_.sys.zip Infected: Trojan-Downloader.Win32.Bagle.afl 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\drivers\downld\4039468.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\drivers\downld\457421.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\drivers\downld\6429156.exe.vir Infected: Email-Worm.Win32.Bagle.majc 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ahp 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\[0] EFS (Explorateur Mobile) pour rentrer les thèmes pour LG KU990 VIEWTY by boss'jo.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\3D Horizontal Bar Chart 1.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\70.NSeries.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\ABC Calendar Maker 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Active Sound Studio Personal 2008.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Albion CrossLinks 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\AllConcentrations 1.0a.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Almonte 3.000.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Alteros Viewer 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\AMWidget 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\ArchView 0.7.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Artemis Explorer 1.5.0.3 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\AudioMove 1.15.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\AY Spy 1.4.0.001.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\AzDGDatingLite 2.1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Background Changer 7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Backup Rescue 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Baker 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Bangarsoft SlideShow 4.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Blade Cursors 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\BluesWeb toolbar for IE 4.5.132.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\BMW Mini Screensaver 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Budgetizer 3.0.1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\BuildersPal 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\ByteRun Website Compiler 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Check 'Em! 4.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Chronometer 1.0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Clarion to Text convert 1.22.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Colour Spy 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Cover Letter Creator 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\CrashDetective 1.0.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\CTAddress Extractor 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Desktop Security Rx 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\DExposE2 2.0.0.31.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Dexpot 1.4.1 Build 554.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\DirectVobSub 2.39.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Disc Broom 0.71.25.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\DVD Ripper Wizard 2.30.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\EarthLink SIPshare 0.14.9a.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Easiestutils Video to Audio Converter 2.9.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Easy DVD Clone 3.0.16.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Easy Expense Tracker 1.7.9.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\EditTools 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Email Marketing for Newbies and Professionals 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Ewido.Anti-Spyware.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Excel Utility 6.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Exposure Contrast 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\F-Secure.Antivirus.2005.Multilenguaje.+.Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\FaJo File Renamer 1.2 Rev 0 Build 18.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Fast Cleaner 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\FastSMS III 3.3.13.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\File Explorer Component 1.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Fireware Web Browser 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Flasher Suite 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\FlashFolder 1.9.180 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\FormMagnet 2.2.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Fuscia Fusion Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Gameloft T-Mobile Games (s40v2 128x160).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\GoTo Shared 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\iLead DVD to iPhone Converter 4.1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Interactive Desktop Wallpaper Changer 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\IpMessage caster 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\IRC Logger 1.70.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\iSyncTunes 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Leshiy Wallpaper Organizer 1.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\LGSL 1.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Linux Kernel 2.6.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\LittleFTP Free FTP Client For Windows 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Lotto Creo Professional 5.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Mediafile Assistant 1.02.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\MFRasterizer 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\MiniHost 1.64.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\mIRC LogReader 2.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Mobile Basic 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Mobile WebCam (www.nokia-symbian.tk).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Model Analyzer for Excel 1.3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Morpheus Photo Morpher 3.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\MS SQL Server Import Multiple Text Files Software 7.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\MSGTAG 1.4.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\MST3K News Gadget 1.0.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Multiple Database Query Analyzer 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\myBase Networking Edition 2.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\NConstruct Lite 1.9.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\NFL Wager Simulator 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Nico's Commander 5.62.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Nordic.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Panda.TruPrevent.Personal.2005.2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Paper Shredder 1.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Partners Federal Credit Union Mortgage Rates 1.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Password Form Builder 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\PFCEx 1.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Pierre-Auguste Renoir Screensaver 1.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Pointer Cast Distortion 1910.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Poly 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Power MP4 iPod PSP 3GP AVI MPG WMV Video Converter 8.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\PowerPoint Password 11.0 (build 8051).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\PPL 1.04.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\ProLingo Chinese Japanese Dictionary 1.4.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\ProLingo English Japanese Dictionary 1.4.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Pronto Survey 1.1.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\QuickMathFacts Math Facts Teacher 5.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Resize Pictures Plus 3.22.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\SCAI MAS 1.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Server Monitor 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Smart Fat Recovery 3.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Spyware Medic 1 build 624.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Symantec Mail Security License 1165464.7 Slf(3).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Symantec.Norton.Antivirus.2007.Full.+.Symantec.Norton.Internet.Security.2007.Full.part1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\taksi 0.7.5.7 beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Temperature Conversion 1.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Test Tone Generator 4.32.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Timewise Desktop.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\TreePie 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Triangle Side and Angle Solver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\UNC Tar Heels Widget 2.1.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Vivid Report for C++ Builder 5 3.0 Std.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Where 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\WinCleaner AntiSpyware 5.58.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Windowpaper XP 1.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Windows Live Writer 14.0.5025.904 Beta (Wave 3).zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\WinStep 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\WinSubMux 0.2.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\WizFlow Flowcharter 6.07 Build 2024.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\X'SqueezeMe 5.04.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\XK Codec Pack 041014.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\Documents and Settings\João Pedro Barros\Application Data\m\shared\Zero Assumption Recovery 8.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.aio 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Program Files\Microsoft ActiveSync\wcescomm.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ahp 1
C:\Downloads\Programas\SpyKeylogger-install.exe Infected: not-a-virus:Monitor.Win32.SpyKeyLogger.130 4
C:\Downloads\Incoming\Alarm_Master_4.13.zip Infected: Trojan-Downloader.Win32.Bagle.abq 1

The selected area was scanned.


Report •

#3
December 25, 2008 at 22:16:34
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
C:\WINDOWS\wdfmgr\pxador.exe
C:\WINDOWS\wdfmgr\out.exe
C:\WINDOWS\packs.exe
C:\Program Files\HomeKeylogger\KeyLogger.Dll
C:\Downloads\Programas\SpyKeylogger-install.exe
C:\Downloads\Incoming\Alarm_Master_4.13.zip

Folder::
C:\Qoobox

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pxador.exe"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

You computer appears to be clean

Empty the recycle bin.

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes
Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

Related Solutions

#4
December 26, 2008 at 17:20:47
I believe there is still something wrong withmy pc, as I cannot run my antivirus (avast!), for instance. When I try to run it, I get the "is not a valid win32 application" message. This only occurs since the moment when my pc got the virus. Thanks!

Report •

#5
December 26, 2008 at 17:39:22
Try uninstalling/reinstalling the antivirus, it may have been damaged/changed by the virus.

Report •

#6
December 26, 2008 at 18:47:08
I reinstalled the antivirus and everything seems to be normal with my computer again. Thanks a lot!

Report •

#7
December 26, 2008 at 19:12:40
Glad we could help.

Report •

#8
March 9, 2009 at 22:06:35
Hi, I am having the same problem with winupgro.exe as well as NIS warnings of hack.rootkit being blocked. Once it said hack.rootkit was removed, but but since has warned that it was blocked again. Here is the log from combofix. Please help.

ComboFix 09-03-06.02 - Chad 2009-03-10 0:34:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1452 [GMT -5:00]
Running from: c:\documents and settings\Chad\Desktop\Tool.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chad\Application Data\drivers\downld
c:\documents and settings\Chad\Application Data\drivers\downld\342187.exe
c:\documents and settings\Chad\Application Data\drivers\downld\342218.exe
c:\documents and settings\Chad\Application Data\drivers\downld\342562.exe
c:\documents and settings\Chad\Application Data\drivers\downld\342578.exe
c:\documents and settings\Chad\Application Data\drivers\downld\343000.exe
c:\documents and settings\Chad\Application Data\drivers\downld\355609.exe
c:\documents and settings\Chad\Application Data\drivers\downld\355671.exe
c:\documents and settings\Chad\Application Data\drivers\downld\357421.exe
c:\documents and settings\Chad\Application Data\drivers\downld\357687.exe
c:\documents and settings\Chad\Application Data\drivers\downld\358015.exe
c:\documents and settings\Chad\Application Data\drivers\downld\358203.exe
c:\documents and settings\Chad\Application Data\drivers\downld\358718.exe
c:\documents and settings\Chad\Application Data\drivers\downld\358921.exe
c:\documents and settings\Chad\Application Data\drivers\downld\362343.exe
c:\documents and settings\Chad\Application Data\drivers\downld\362375.exe
c:\documents and settings\Chad\Application Data\drivers\downld\362546.exe
c:\documents and settings\Chad\Application Data\drivers\downld\362640.exe
c:\documents and settings\Chad\Application Data\drivers\downld\417921.exe
c:\documents and settings\Chad\Application Data\drivers\downld\417937.exe
c:\documents and settings\Chad\Application Data\drivers\downld\418828.exe
c:\documents and settings\Chad\Application Data\drivers\downld\418843.exe
c:\documents and settings\Chad\Application Data\drivers\downld\419406.exe
c:\documents and settings\Chad\Application Data\drivers\downld\419687.exe
c:\documents and settings\Chad\Application Data\drivers\downld\529625.exe
c:\documents and settings\Chad\Application Data\drivers\downld\530000.exe
c:\documents and settings\Chad\Application Data\drivers\downld\537171.exe
c:\documents and settings\Chad\Application Data\drivers\downld\538078.exe
c:\documents and settings\Chad\Application Data\drivers\downld\538687.exe
c:\documents and settings\Chad\Application Data\drivers\downld\539468.exe
c:\documents and settings\Chad\Application Data\drivers\downld\540531.exe
c:\documents and settings\Chad\Application Data\drivers\downld\540718.exe
c:\documents and settings\Chad\Application Data\drivers\srosa2.sys
c:\documents and settings\Chad\Application Data\drivers\winupgro.exe
c:\documents and settings\Chad\Application Data\inst.exe
c:\program files\INSTALL.LOG
c:\program files\Messenger\msmsgs.exe
c:\program files\update.exe
c:\windows\IE4 Error Log.txt
c:\windows\spoolsv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s
-------\Service_srosa


((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 00:24 . 2009-03-10 00:35 <DIR> d--h----- c:\documents and settings\Chad\Application Data\drivers
2009-03-07 14:20 . 2009-03-07 14:20 <DIR> d--hs---- c:\windows\ftpcache
2009-03-03 08:30 . 2009-03-03 08:30 <DIR> d-------- c:\documents and settings\Danny\Application Data\Lexmark Productivity Studio
2009-03-02 04:57 . 2004-12-18 20:32 38,229 --------- c:\windows\system32\drivers\StMp3Rec.sys
2009-03-02 04:17 . 2009-03-02 18:10 <DIR> d-------- c:\program files\iPod
2009-03-02 04:17 . 2009-03-02 04:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-02 04:16 . 2009-03-02 04:53 <DIR> d-------- c:\program files\QuickTime
2009-03-02 03:39 . 2009-03-02 03:39 <DIR> d--h----- c:\windows\msdownld.tmp
2009-03-02 01:31 . 2009-03-02 01:31 <DIR> d-------- c:\documents and settings\Johnny\Application Data\AdobeUM
2009-03-01 22:45 . 2009-03-02 00:14 <DIR> d-------- c:\documents and settings\Johnny\Application Data\Apple Computer
2009-03-01 22:23 . 2009-03-01 22:23 <DIR> d-------- c:\program files\AviSynth 2.5
2009-03-01 22:15 . 2009-03-01 23:50 <DIR> d-------- c:\documents and settings\Chad\Application Data\Apple Computer
2009-03-01 22:14 . 2009-03-02 04:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-27 21:26 . 2009-02-27 21:26 <DIR> d-------- c:\documents and settings\Quentin\Application Data\KingsIsle Entertainment
2009-02-27 21:26 . 2009-02-27 21:26 <DIR> d-------- c:\documents and settings\Quentin\Application Data\InstallShield Installation Information
2009-02-25 02:08 . 2009-03-09 19:48 69 --a------ c:\windows\NeroDigital.ini
2009-02-25 02:00 . 2009-02-25 02:00 <DIR> d-------- c:\documents and settings\Chad\Application Data\Nero
2009-02-25 01:56 . 2009-02-25 01:56 <DIR> d-------- c:\program files\Nero
2009-02-25 01:56 . 2009-02-25 01:58 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-25 01:56 . 2009-02-25 01:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-25 00:50 . 2009-01-09 14:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-11 12:02 . 2009-02-11 12:02 <DIR> d-------- C:\Binaries
2009-02-11 11:59 . 2009-02-11 11:59 164 --a------ C:\install.dat
2009-02-11 10:54 . 2009-02-11 14:04 <DIR> d-------- c:\program files\Lavasoft
2009-02-11 10:54 . 2009-02-11 14:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-11 10:21 . 2009-02-12 14:04 <DIR> d-------- c:\program files\NoAdware
2009-02-10 18:26 . 2009-02-10 18:26 <DIR> d-------- c:\program files\Western Digital
2009-02-10 15:58 . 2009-02-10 15:58 <DIR> d-------- C:\JINX
2009-02-10 14:55 . 2009-02-10 14:55 <DIR> d-------- c:\program files\DVD Decrypter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 10:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-02 08:39 --------- d-----w c:\program files\Windows Installer Clean Up
2009-03-02 08:27 --------- d-----w c:\program files\Google
2009-02-11 19:09 --------- d-----w c:\program files\Yahoo!
2009-02-11 19:09 --------- d-----w c:\documents and settings\Chad\Application Data\Yahoo!
2009-02-11 19:08 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-02-11 19:07 --------- d-----w c:\program files\Common Files\aolshare
2009-02-11 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-02-08 14:25 --------- d-----w c:\program files\vghd
2009-02-07 18:16 --------- d-----w c:\documents and settings\Danny\Application Data\Viewpoint
2009-02-06 06:42 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-02-06 04:09 --------- d-----w c:\program files\Trillian
2009-02-06 01:01 --------- d-----w c:\documents and settings\Quentin\Application Data\DivX
2009-02-03 13:06 --------- d-----w c:\program files\eMule
2009-02-02 02:32 --------- d-----w c:\documents and settings\Verna\Application Data\Lexmark Productivity Studio
2009-01-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-26 18:09 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-01-26 18:08 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-26 18:08 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-26 18:08 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-26 18:08 --------- d-----w c:\program files\Symantec
2009-01-26 18:08 --------- d-----w c:\program files\Norton Internet Security
2009-01-26 18:06 --------- d-----w c:\program files\Lexmark X5400 Series
2009-01-26 18:06 --------- d-----w c:\program files\Lexmark Toolbar
2009-01-26 18:03 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-26 17:59 --------- d-----w c:\program files\NortonInstaller
2009-01-26 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\PCSettings
2009-01-26 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-26 16:57 --------- d-----w c:\documents and settings\Chad\Application Data\Lexmark Productivity Studio
2009-01-24 09:38 --------- d-----w c:\program files\Windows Sidebar
2009-01-24 08:00 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2009-01-24 07:35 --------- d-----w c:\program files\Norton SystemWorks
2009-01-20 01:37 --------- d-----w c:\program files\Reference Assemblies
2009-01-20 01:37 --------- d-----w c:\program files\MSBuild
2009-01-20 00:44 --------- d-----w c:\program files\MSECACHE
2009-01-19 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-01-19 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\Uninstall
2009-01-19 19:26 --------- d-----w c:\program files\Common Files\AOL
2009-01-19 01:14 901,120 ----a-w c:\windows\WD120COM.DLL
2009-01-19 01:14 856,064 ----a-w c:\windows\WD120IMG2.DLL
2009-01-19 01:14 675,840 ----a-w c:\windows\WD120IMG.DLL
2009-01-19 01:14 496,640 ----a-w c:\windows\WD120STD.DLL
2009-01-19 01:14 397,312 ----a-w c:\windows\WD120CPL.DLL
2009-01-19 01:14 116,224 ----a-w c:\windows\WD120TEST.DLL
2009-01-19 01:14 1,745,408 ----a-w c:\windows\WD120VM.DLL
2009-01-17 03:03 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-17 03:02 --------- d-----w c:\documents and settings\Johnny\Application Data\acccore
2009-01-17 02:50 --------- d-----w c:\program files\AIM6
2009-01-17 01:16 --------- d-----w c:\documents and settings\Chad\Application Data\IrfanView
2009-01-15 23:14 --------- d-----w c:\program files\Microsoft Works
2008-12-27 19:32 24,192 ----a-w c:\documents and settings\Chad\usbsermptxp.sys
2008-12-27 19:32 22,768 ----a-w c:\documents and settings\Chad\usbsermpt.sys
2008-12-11 05:52 5,498,323 ----a-w c:\windows\Virtuagirl_hd_29_full_shows_CRACK.exe
2008-11-19 19:09 47,360 ----a-w c:\documents and settings\Chad\Application Data\pcouffin.sys
2008-02-14 19:28 29 ----a-w c:\program files\version.ini
2008-02-14 19:23 231,944 ----a-w c:\program files\gwflash.exe
2007-09-22 00:42 19,008 ----a-w c:\program files\markfun.a64
2007-08-22 00:49 17,912 ----a-w c:\program files\markfun.w32
2007-08-22 00:49 125,504 ----a-w c:\program files\MarkFunDrv.dll
2007-04-04 23:35 207,680 ----a-w c:\program files\updateutility.exe
2007-03-30 09:36 301 ----a-w c:\program files\update.ini
2007-03-02 09:48 240,448 ----a-w c:\program files\gwf32.exe
2006-11-24 04:47 207,680 ----a-w c:\program files\BIOS_Run.exe
2006-11-24 04:40 60,224 ----a-w c:\program files\HUADRV.DLL
2006-11-03 23:09 528 ----a-w c:\program files\CONFIG.INI
2005-04-28 00:40 6,800 ----a-w c:\program files\W95_HUA.vxd
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-10-06 793712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2007-07-05 16380416]
"nwiz"="c:\windows\system32\nwiz.exe" [2006-10-31 1622016]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944]
"Norton Ghost 10.0"="c:\program files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 1537640]
"lxdvmon.exe"="c:\program files\Lexmark X5400 Series\lxdvmon.exe" [2008-08-05 455336]
"lxdvamon"="c:\program files\Lexmark X5400 Series\lxdvamon.exe" [2008-08-05 25256]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"HostManager"="c:\program files\Common Files\AOL\1225151825\ee\AOLSoftware.exe" [2008-06-24 41824]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 c:\windows\system32\nvmctray.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Norton GoBack.lnk - c:\program files\Norton SystemWorks\Norton GoBack\GBTray.exe [2005-10-03 857728]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Chad^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBHGui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
--a------ 2002-11-02 01:33 45056 c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 07:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-10-26 14:53 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1225151825\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\lxdvcoms.exe"=
"c:\\Program Files\\Lexmark X5400 Series\\lxdvmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvjswx.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=

R0 ElbyVCD;ElbyVCD;c:\windows\system32\drivers\ElbyVCD.sys [2002-11-28 22016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-01-26 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-26 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-26 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090308.002\IDSxpx86.sys [2009-03-09 276344]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [2009-01-19 98984]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-26 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-02 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-07 101936]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; [x]
S4 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~3\NPROTECT.EXE [2005-10-03 95832]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8373cef9-f7c9-11dd-b680-001d7dbe12ce}]
\Shell\AutoRun\command - wdsync.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 00:45:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Norton SystemWorks\Norton GoBack\GBPoll.exe
c:\windows\system32\gearsec.exe
c:\windows\system32\lxdvcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2009-03-10 0:51:54 - machine was rebooted [Chad]
ComboFix-quarantined-files.txt 2009-03-10 05:51:52

Pre-Run: 48,667,893,760 bytes free
Post-Run: 51,584,430,080 bytes free

293 --- E O F --- 2009-02-25 05:52:06


Thanks is advance for your help! It is greatly appreciated!


Report •

#9
March 10, 2009 at 00:38:36
Here is my Kaspersky Report:

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 10, 2009 05:22:59
Records in database: 1884518
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 79444
Threat name: 4
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:33:10


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Chad\Application Data\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.aoq 1
C:\Qoobox\Quarantine\C\Program Files\Messenger\msmsgs.exe.vir Infected: Trojan-Downloader.Win32.Bagle.aoq 1
C:\Qoobox\Quarantine\C\WINDOWS\spoolsv.exe.vir Infected: Trojan-Downloader.Win32.Agent.bijt 1
C:\Qoobox\Quarantine\Registry_backups\Service_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1
C:\WINDOWS\shows.exe Infected: Trojan-Downloader.Win32.Agent.bdqg 1

The selected area was scanned.


Report •


Ask Question