Hi all! Please help to clean my system; it seems to be infected. The main symptom is that applications (principally, installers) seem unable to unpack their temporal files into well-known accessible locations like a user's temporal dir, the my documents folder or even the desktop.
For instance, when I try to open/save .ZIP attachments form Outlook messages in my "sent messages" folder (that is, messages and attachments that I have sent, and which I am certain are clean), the application is unable to open or save them irrespective of the location in which I try to save them. When I try to unzip files other files manually (for instance, from the windows explorer), though, I am able to unpack to the aforementioned locations, as normally.
Another example is that I tried to install some drivers that I downloaded from the laptop manufacturer (ASUS), and the installer complains that it is not able to unpack the required installation files. I have tried running the installer from several locations, even from a USB memory, and nothing, it is unable to unpack the installation temp files. Other applications, however, have been able to install themselves, like for instance Adobe Acrobat, which I installed yesterday.
I should point out that these problems existed since I inherited the laptop some weeks ago, and that since then I have installed Spybot and AVG and ran the online free scan from Kaspersky. Neither Spybot nor Kaspersky detected anything, and AVG eventually detected these viruses:
"Virus identified EICAR_Test"
C:\DOCUME~1\lagos\LOCALS~1\Temp\Av-test.txt
"Infected" "23/09/2008, 9.55.43"
"file" "C:\WINDOWS\system32\CF4598.exe"
"Virus identified Worm/VB.AIV"
"E:\System Volume Information\_restore{115CC607-5458-4830-B8AC-9534E132E5FE}\RP3\A0000087.exe"
"Moved to Virus Vault" "09/09/2008, 20.11.25"
"file" "C:\WINDOWS\System32\svchost.exe
but unfortunately it seems to fail to clean & remove them for good. I am including the logs from Hijackthis and Combofix in the following posts; I hope somebody can give me a hand with this.
Thanks in advance for any help!
Cheers,
Jorge.