Please help me to remove Trojan Horse Downloader.delf.12.an from one computer on my network.

This is the log file i've receved from combofix setup.

oul'you please verify that and help me? Thank you in advance.

Regard.

Antonio.

LOG:
ComboFix 08-07-01.3 - cbargagn 2008-07-03 10:32:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.191 [GMT 2:00]
Eseguito da: C:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-03 al 2008-07-03 )))))))))))))))))))))))))))))))))))
.

2008-07-02 17:28 . 2008-07-02 17:29 2,168,192 --a------ C:\ComboFix.exe
2008-07-02 14:54 . 2008-07-02 14:57 25,230,635 --a------ C:\u7iavi1530p6.bin
2008-07-02 13:46 . 2008-07-02 12:43 51,221,523 --a------ C:\5329xdat.exe
2008-07-02 11:04 . 2008-07-02 11:04 <DIR> d-------- C:\dat-5328
2008-07-02 11:04 . 2008-07-01 18:18 30,139,904 --a------ C:\dat-5328.zip
2008-07-02 10:48 . 2008-07-02 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-07-01 16:51 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-01 15:25 . 2008-07-01 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\2BrightSparks
2008-06-30 05:20 . 2008-06-30 05:20 31,755,454 --a------ C:\scan.dat
2008-06-30 05:20 . 2008-06-30 05:20 1,726,389 --a------ C:\clean.dat
2008-06-30 05:20 . 2008-06-30 05:20 878,903 --a------ C:\names.dat
2008-06-30 05:20 . 2008-06-30 05:20 51,200 --a------ C:\validate.exe
2008-06-30 05:20 . 2008-06-30 05:20 839 --a------ C:\packing.lst
2008-06-30 05:20 . 2008-06-30 05:20 714 --a------ C:\pkgdesc.ini
2008-06-27 15:49 . 2008-06-27 15:49 122,502 --a------ C:\MamutuSetup.exe
2008-06-27 15:36 . 2008-06-27 15:37 6,416,408 --a------ C:\SUPERAntiSpywarePro.exe
2008-06-27 15:11 . 2008-06-27 15:11 2,460,160 --a------ C:\vnlt6301.exe
2008-06-27 14:21 . 2008-06-27 14:10 13,380,712 --a------ C:\sdsetup.exe
2008-06-26 17:50 . 2008-06-26 17:50 <DIR> d-------- C:\Documents and Settings\cbargagn\Dati applicazioni\SpywareRemover
2008-06-26 17:25 . 2008-06-26 18:07 <DIR> d-------- C:\Programmi\NoAdware5.0
2008-06-26 17:14 . 2008-06-26 18:05 <DIR> d-------- C:\Programmi\XoftSpySE
2008-06-26 15:07 . 2008-06-26 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-26 15:05 . 2008-06-27 18:00 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-06-26 15:05 . 2008-06-27 18:00 <DIR> d-------- C:\Documents and Settings\cbargagn\Dati applicazioni\SUPERAntiSpyware.com
2008-06-26 12:26 . 2008-06-27 16:12 <DIR> d-------- C:\Programmi\Google
2008-06-26 11:46 . 2008-06-27 17:04 <DIR> d-------- C:\VEXPLITE
2008-06-26 11:46 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-25 17:50 . 2008-06-26 12:58 <DIR> d-------- C:\Programmi\a-squared Free
2008-06-25 17:14 . 2008-06-27 18:00 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-25 14:25 . 2008-07-02 17:43 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-25 13:53 . 2008-07-02 16:08 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-25 13:53 . 2008-07-02 16:08 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-25 13:53 . 2008-07-02 16:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-25 13:52 . 2008-07-03 08:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-25 13:52 . 2008-06-25 13:52 <DIR> d-------- C:\Programmi\AVG
2008-06-25 13:52 . 2008-06-25 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-06-25 13:24 . 2008-06-25 13:38 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-25 13:15 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002298_.tmp
2008-06-25 13:14 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-25 12:50 . 2008-05-27 21:50 48,347,376 --a------ C:\avg_free_stf_all_8_100a1295.exe
2008-06-25 12:33 . 2008-02-20 11:29 188 --a------ C:\web_login.url
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\WINDOWS\Start Menu
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\WINDOWS\Favorites
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\Identities
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\Collegamenti
2008-06-25 11:45 . 2008-06-25 11:45 <DIR> d-------- C:\Documents and Settings\administrator.DOLE.IT.MIL\Dati applicazioni\PC Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 11:36 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-18 13:19 --------- d-----w C:\Documents and Settings\cbargagn\Dati applicazioni\AdobeUM
2008-06-06 07:01 --------- d-----w C:\Documents and Settings\cbargagn\Dati applicazioni\Nokia Multimedia Player
2007-03-19 13:46 17,408 ----a-w C:\Programmi\misura stanze.xls
2006-10-26 08:23 16,752 ----a-w C:\Documents and Settings\cbargagn\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7A0AB52-99D6-4EAD-99B4-C5817F4CAF35}]
2008-03-04 17:44 91904 --a------ C:\WINDOWS\System32\EqnClas.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"ShStatEXE"="C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 08:00 98304]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-12-10 11:09 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"McAfeeUpdaterUI"="C:\Programmi\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 16:06 136512]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 10:36 114688]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 10:32 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 16:08 1232152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-07-01 17:01 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-19 15:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= msmsgs
"2"= msmsgs.exe
"3"= msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-707402437-1915618803-922709458-1099\Scripts\Logon\0\0]
"Script"=\\milsrv11\NETLOGON\ITAexpl\ITAexpl.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-707402437-1915618803-922709458-1146\Scripts\Logon\0\0]
"Script"=\\milsrv11\NETLOGON\ITAexpl\ITAexpl.cmd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 utncqkcu;utncqkcu;C:\WINDOWS\system32\drivers\hubysnlu.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-02 16:08]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-02 16:08]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 16:08]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 16:08]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-03 01:00:00 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job"
- C:\Programmi\SpywareRemover\SpywareRemover.ex
- C:\Programmi\SpywareRemover
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 10:35:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\utncqkcu]
"ImagePath"="system32\drivers\hubysnlu.dat"
.
Ora fine scansione: 2008-07-03 10:35:55
ComboFix-quarantined-files.txt 2008-07-03 08:35:51
ComboFix2.txt 2008-07-02 15:45:28
ComboFix3.txt 2008-07-02 15:35:21

17 Directory 70,791,589,888 byte disponibili
21 Directory 70,799,298,560 byte disponibili

129

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

I will contact a moderator to have this topic closed.

dc3