ok.
So last night I was trying to figure out why combofix wasn't working when it would restart my computer. I thought it might have to do with my spy-bot sd resident being on. I disabled it and ran combofix again with that cfscript thing you said. The computer restarted and when I put my internet on I wasn't receiving a bunch of virus alerts. I couldn't find the log though.
So right now when I was looking for the C:\Combofix-quarantined-files.txt I found the log to the one I ran last night.
here it is:
ComboFix 07-11-05.1 - good person 2007-11-08 21:46:37.7 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.72 [GMT -5:00]
Running from: C:\Documents and Settings\good person\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\good person\Desktop\CFScript_used_2007-11-07@17.58_used_2007-11-07@18.38_used_2007-11-08@21.22_used_2007-11-08@21.33.txt
* Created a new restore point
FILE::
C:\Documents and Settings\good person\33053.exe
C:\Documents and Settings\good person\63599.exe
C:\Documents and Settings\good person\957123844.exe
C:\Documents and Settings\good person\957123845.exe
C:\WINDOWS\{30502F77-AE96-4AA5-BDAC-BB82AF29F08F}.dat
C:\WINDOWS\{31306A0D-C229-4303-A2AA-8703C046FDB9}.dat
C:\WINDOWS\{43929E20-D227-48E2-95AB-5A94237F2307}.dat
C:\WINDOWS\{C1BFD2F3-2123-49A6-98BC-D46AE0F5AA6C}.dat
C:\WINDOWS\{D67A6E4B-E068-4DD0-9972-0FAB16F1776F}.dat
C:\WINDOWS\{FE013763-BDFB-415B-ADF2-786F69576C6A}.dat
C:\WINDOWS\SYSTEM32\{18968F8C-0AF8-44D8-B177-B53642E1EEEF}.dat
C:\WINDOWS\SYSTEM32\{36DDB8CA-07F2-42A4-BF71-50C6AFEF86C1}.dat
C:\WINDOWS\SYSTEM32\{591C05D3-B599-4FFD-AAFF-706720D12D0C}.dat
C:\WINDOWS\SYSTEM32\{67CE7592-DF08-4D89-8400-016671C253F4}.dat
C:\WINDOWS\SYSTEM32\{8C2BCAA7-5A95-4BE5-9018-DC4C87304B19}.dat
C:\WINDOWS\SYSTEM32\{EDF195EE-85B8-4B77-BAF2-496C3D7E7130}.dat
C:\WINDOWS\SYSTEM32\408753420.dat
C:\WINDOWS\SYSTEM32\savedump.dll
C:\WINDOWS\SYSTEM32\SQLSTRh.exe
.
I cannot find a Combofix-quarantined-files.txt, but what I do have is a ComboDel.txt:
Files to Move:
C:\WINDOWS\SYSTEM32\408753420.dat|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\408753420.dat.vir
C:\WINDOWS\SYSTEM32\SQLSTRh.exe|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SQLSTRh.exe.vir
C:\WINDOWS\SYSTEM32\408753420.dat|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\408753420.dat.vir
C:\WINDOWS\SYSTEM32\SQLSTRh.exe|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SQLSTRh.exe.vir
C:\WINDOWS\SYSTEM32\408753420.dat|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\408753420.dat.vir
C:\WINDOWS\SYSTEM32\SQLSTRh.exe|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SQLSTRh.exe.vir
C:\WINDOWS\SYSTEM32\408753420.dat|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\408753420.dat.vir
C:\WINDOWS\SYSTEM32\SQLSTRh.exe|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SQLSTRh.exe.vir
C:\WINDOWS\SYSTEM32\408753420.dat|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\408753420.dat.vir
C:\WINDOWS\SYSTEM32\SQLSTRh.exe|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SQLSTRh.exe.vir
C:\WINDOWS\SYSTEM32\408753420.dat|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\408753420.dat.vir
C:\WINDOWS\SYSTEM32\SQLSTRh.exe|C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\SQLSTRh.exe.vir
I disabled the IPSEC services and deleted combofix. I'm not sure if I am completely disinfected yet. I will download the new combofix and post a log.