Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can't delete virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can't delete virus

Unread postby silverspeed55 » March 15th, 2009, 2:52 pm

I tried deleting the virus using Hijackthis and killbox, but it shows up again in a split second.
This virus seem to cause a lot of pop ups when i open internet explorer and it also made my computer a lot slower. So can any one help me out? Thanks.
Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:42 AM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
E:\Program Files\Microsoft Windows OneCare Live\winss.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
E:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
E:\Program Files\OpenOffice.org 3\program\swriter.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\explorer.exe
e:\program files\aim toolbar\aimtbServer.exe
E:\Program Files\Internet Explorer\iexplore.exe

O2 - BHO: (no name) - {7b89d16f-010a-462d-8ba1-a7522a578521} - E:\WINDOWS\system32\hoginumi.dll (file missing)
O4 - HKLM\..\Run: [kusajevani] Rundll32.exe "E:\WINDOWS\system32\bajumaja.dll",s
O4 - HKLM\..\Run: [CPMebbe543c] Rundll32.exe "e:\windows\system32\wedupiga.dll",a
O4 - HKUS\S-1-5-20\..\Run: [kusajevani] Rundll32.exe "E:\WINDOWS\system32\bajumaja.dll",s (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: E:\WINDOWS\system32\jeyuvepe.dll e:\windows\system32\wedupiga.dll e:\windows\system32\wekavube.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - e:\windows\system32\wedupiga.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - e:\windows\system32\wedupiga.dll
silverspeed55
Active Member
 
Posts: 5
Joined: March 15th, 2009, 2:40 pm
Advertisement
Register to Remove

Re: Can't delete virus

Unread postby Bv202 » March 16th, 2009, 1:17 pm

Welcome to Malware Removal!
My name is Bjorn, known as Bv202 on this forum and I'll be happy to assist you with all your malware problems you have on your computer.

Before we start fixing your computer, there are a few points you need to know:
  • Please don't start a new topic, but reply on this one.
  • If you don't understand something, please ask!
  • If you find any new problems and/or details, please post them!
  • Please always try to reply within 5 days. If you know you won't be able to reply for any reason, please tell me so we don't close your thread.
  • As I'm still in training here at Malware Removal, all my posts needs to be checked by an expert first.

Remember: absence of symptoms does not mean your computer is clean!!
Please reply to this topic until I say your computer is clean.

I'm now researching your log. Once it's done, I'll be back to you.

In the meantime, please do this:
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Can't delete virus

Unread postby silverspeed55 » March 16th, 2009, 11:20 pm

Hey Bjorn,
Thanks for replying
Here is my uninstall_list.txt.:

µTorrent
3Deep
7-Zip 4.60 beta
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Adobe Reader 9
AI Direct Link
AI Suite
AIM 6
AIM Search
AIM Toolbar
AIMTunes
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
AVS DVD Authoring
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bonjour
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Chinese (Traditional) Language Support
Command & Conquer™ Red Alert™ 3 Demo
Corel Snapfire Plus
Crysis WARHEAD(R)
Crysis WARHEAD(R)
Crysis Wars(R)
Crysis Wars(R)
Crysis Wars(R) Patch
Crysis Wars(R) Patch
DAEMON Tools Toolbar
Download Manager 2.3.7
Download Updater (AOL LLC)
DualCoreCenter
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
EA Download Manager
E-Color Indicator
F.E.A.R. 2 SP Demo
Fallout 3
Far Cry 2
GameSpy Arcade
Gears of War
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Grand Theft Auto IV
GRID
GTOneCare
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
ImTOO DVD Copy Express
Internet Speed Monitor
InterVideo DVDCopy5
InterVideo MediaOne Gallery
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Kaspersky Anti-Virus 6.0
Kaspersky Anti-Virus 6.0
Leaf
LightScribe System Software 1.14.17.1
LockBox
Magic DVD Ripper V5.4
Magic ISO Maker v5.5 (build 0272)
Marvell CPA
Marvell Miniport Driver
Mercenaries 2: World in Flames™ (DEMO)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Protection Service
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 6.0 Standard Edition
Microsoft Windows Live OneCare Resources v2.5.2900.20
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v2.5.2900.20
Microsoft Windows OneCare Live v2.5.2900.20 Idcrl Install
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Multi-screen Remote Desktop 3.2.0.53
Natural Mod
Nero 8 Essentials
neroxml
NJStar Chinese WP
NVIDIA Drivers
NVIDIA PhysX Particle Fluid Demo
NVIDIA PhysX v8.10.13
OCR Software by I.R.I.S 7.0
OpenAL
OpenOffice.org 3.0
PC Probe II
Prince of Persia
PunkBuster Services
PX Engine
QuickTime
Rise of the Argonauts
Rise of the Argonauts
Rockstar Games Social Club
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
SoundMAX
SQL Server System CLR Types
Steam
System Requirements Lab
The Lord of the Rings - Conquest™
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
Virtual Cable Tester
VLC media player 0.9.8a
Warmonger
Windows Imaging Component
Windows Live OneCare
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XP Codec Pack
XviD 1.1 final uninstall
silverspeed55
Active Member
 
Posts: 5
Joined: March 15th, 2009, 2:40 pm

Re: Can't delete virus

Unread postby Bv202 » March 17th, 2009, 3:13 pm

Hi Silverspeed55

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

µTorrent

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs. Please do so.


Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Can't delete virus

Unread postby silverspeed55 » March 18th, 2009, 3:27 am

Hey, thanks again. I just removed utorrent after the scan.

ComboFix log:
ComboFix 09-03-15.01 - Administrator 2009-03-18 0:05:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2692 [GMT -7:00]
Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Outdated)
FW: Windows Live OneCare Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\docume~1\ADMINI~1\LOCALS~1\Temp\install_flash_player.exe
e:\documents and settings\Administrator\Application Data\gadcom
e:\documents and settings\Administrator\Application Data\GetModule
e:\documents and settings\Administrator\Application Data\inst.exe
e:\program files\GetModule
e:\program files\iCheck
e:\program files\iCheck\Uninstall.exe
e:\windows\IE4 Error Log.txt
e:\windows\system32\ahihetig.ini
e:\windows\system32\alibozor.ini
e:\windows\system32\apohavig.ini
e:\windows\system32\asatatob.ini
e:\windows\system32\bajumaja.dll
e:\windows\system32\bevukeyo.dll
e:\windows\system32\beyisege.dll
e:\windows\system32\biwenufo.dll
e:\windows\system32\botatasa.dll
e:\windows\system32\boupny.dll
e:\windows\system32\cenfva.dll
e:\windows\system32\ebfshh.dll
e:\windows\system32\ekiridum.ini
e:\windows\system32\elirpc.dll
e:\windows\system32\emayodop.ini
e:\windows\system32\epokozog.ini
e:\windows\system32\ffhqho.dll
e:\windows\system32\fifelada.dll
e:\windows\system32\fijukiha.dll
e:\windows\system32\fiyoluhi.dll
e:\windows\system32\furobebo.dll
e:\windows\system32\garmvi.dll
e:\windows\system32\gitehiha.dll
e:\windows\system32\givahopa.dll
e:\windows\system32\gogirawi.dll
e:\windows\system32\gonamuyu.dll
e:\windows\system32\goyiyiyi.dll
e:\windows\system32\gozokope.dll
e:\windows\system32\gudumayu.dll
e:\windows\system32\hupikilu.dll
e:\windows\system32\idoginuv.ini
e:\windows\system32\ijeminus.ini
e:\windows\system32\ipavokuv.ini
e:\windows\system32\jeyuvepe.dll
e:\windows\system32\jilanege.dll
e:\windows\system32\jiwitunu.dll
e:\windows\system32\jvgbck.dll
e:\windows\system32\kejupojo.dll
e:\windows\system32\kiropevu.dll
e:\windows\system32\klogon.dll
e:\windows\system32\kugukimu.dll
e:\windows\system32\lqxbqm.dll
e:\windows\system32\lrnqla.dll
e:\windows\system32\lwpctv.dll
e:\windows\system32\mbsayo.dll
e:\windows\system32\mofowire.dll
e:\windows\system32\mowefida.dll
e:\windows\system32\mudirike.dll
e:\windows\system32\mupiwipu.dll
e:\windows\system32\muzuzewo.dll
e:\windows\system32\nbmgtr.dll
e:\windows\system32\nizipr.dll
e:\windows\system32\NnmTBJlm.ini
e:\windows\system32\NnmTBJlm.ini2
e:\windows\system32\nodikoti.dll
e:\windows\system32\nojetime.dll
e:\windows\system32\omasodoz.ini
e:\windows\system32\onezokik.ini
e:\windows\system32\opazazuw.ini
e:\windows\system32\opufures.ini
e:\windows\system32\ososarip.ini
e:\windows\system32\pdhkfm.dll
e:\windows\system32\pewevate.dll
e:\windows\system32\pirasoso.dll
e:\windows\system32\podoyame.dll
e:\windows\system32\punizepu.dll
e:\windows\system32\pusarayu.dll
e:\windows\system32\radcaolo.ini
e:\windows\system32\rakulela.dll
e:\windows\system32\rkxkds.dll
e:\windows\system32\rojofowi.dll
e:\windows\system32\rozobila.dll
e:\windows\system32\sekipizu.dll
e:\windows\system32\serufupo.dll
e:\windows\system32\shpnluqs.ini
e:\windows\system32\sinasuma.dll
e:\windows\system32\sunimeji.dll
e:\windows\system32\suweneka.dll
e:\windows\system32\tadehota.dll
e:\windows\system32\tapumido.dll
e:\windows\system32\tesebufu.dll
e:\windows\system32\tivupeba.dll
e:\windows\system32\tmp80.tmp
e:\windows\system32\tmp81.tmp
e:\windows\system32\tmp82.tmp
e:\windows\system32\tmp83.tmp
e:\windows\system32\torehosu.dll
e:\windows\system32\trdemh.dll
e:\windows\system32\ulikipuh.ini
e:\windows\system32\ulkvpe.dll
e:\windows\system32\utogizeh.ini
e:\windows\system32\uyarasup.ini
e:\windows\system32\vfdpea.dll
e:\windows\system32\vifilipu.dll
e:\windows\system32\vimolame.dll
e:\windows\system32\volopamo.dll
e:\windows\system32\vonowiya.dll
e:\windows\system32\vukovapi.dll
e:\windows\system32\vunigodi.dll
e:\windows\system32\vwfrjf.dll
e:\windows\system32\wedupiga.dll
e:\windows\system32\wekavube.dll
e:\windows\system32\wemiwiyu.dll
e:\windows\system32\windows.exe
e:\windows\system32\wowehozu.dll
e:\windows\system32\wukojeyi.dll
e:\windows\system32\wuzazapo.dll
e:\windows\system32\wvDNnnnn.ini
e:\windows\system32\wvDNnnnn.ini2
e:\windows\system32\xbgtgx.dll
e:\windows\system32\yahebisa.dll
e:\windows\system32\yinonude.dll
e:\windows\system32\yipavera.dll
e:\windows\system32\yqwyxhxl.ini
e:\windows\system32\ysxcux.dll
e:\windows\system32\ytzlcv.dll
e:\windows\system32\zodosamo.dll
e:\windows\system32\zpymgd.dll
e:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 00:12 . 2009-03-18 00:12 <DIR> d-------- e:\windows\LastGood
2009-03-15 11:26 . 2009-03-15 11:21 92,672 --a------ e:\windows\system32\KillBox.exe
2009-03-15 11:21 . 2009-03-15 11:29 <DIR> d-------- E:\!KillBox
2009-03-14 14:38 . 2009-03-14 14:38 10,240 --a------ e:\windows\instsp2.exe
2009-03-09 14:36 . 2009-03-10 14:36 10,240 --a------ e:\windows\instsp1.exe
2009-02-26 01:26 . 2009-02-28 18:05 <DIR> d-------- e:\program files\F.E.A.R. 2
2009-02-25 19:51 . 2009-02-25 19:51 <DIR> d-------- e:\documents and settings\Administrator\Application Data\dvdcss
2009-02-24 02:26 . 2009-02-24 02:40 <DIR> d-------- e:\documents and settings\Administrator\Application Data\vlc
2009-02-24 02:25 . 2009-02-24 02:25 <DIR> d-------- e:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 07:15 21,263,904 --sha-w e:\windows\system32\drivers\fidbox.dat
2009-03-18 07:14 888,096 --sha-w e:\windows\system32\drivers\fidbox2.dat
2009-03-18 07:09 87,128 --sha-w e:\windows\system32\drivers\fidbox2.idx
2009-03-18 07:09 289,652 --sha-w e:\windows\system32\drivers\fidbox.idx
2009-03-18 06:55 --------- d-----w e:\program files\Download Manager
2009-03-18 06:55 --------- d-----w e:\documents and settings\Administrator\Application Data\IGN_DLM
2009-03-14 21:39 --------- d-----w e:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-14 21:37 --------- d-----w e:\program files\Microsoft Windows OneCare Live
2009-03-12 10:20 --------- d-----w e:\documents and settings\Administrator\Application Data\U3
2009-03-11 07:16 --------- d-----w e:\documents and settings\Administrator\Application Data\uTorrent
2009-02-27 23:15 --------- d-----w e:\program files\Steam
2009-02-11 03:33 --------- d--h--w e:\program files\InstallShield Installation Information
2009-02-11 03:33 --------- d-----w e:\program files\EA Games
2009-02-10 22:55 --------- d-----w e:\documents and settings\All Users\Application Data\TDK
2009-02-08 06:37 --------- d-----w e:\program files\WBGames
2009-02-04 05:17 89,601 ----a-w e:\windows\system32\drivers\klick.dat
2009-02-04 05:17 101,287 ----a-w e:\windows\system32\drivers\klin.dat
2009-02-01 23:30 --------- d-----w e:\documents and settings\Administrator\Application Data\Red Alert 3 Demo
2009-02-01 02:37 --------- d-----w e:\program files\Electronic Arts
2009-01-31 06:27 --------- d-----w e:\program files\Bethesda Softworks
2009-01-30 05:07 --------- d-----w e:\documents and settings\Administrator\Application Data\Corel
2009-01-26 04:00 --------- d-----w e:\program files\NJStar Chinese WP
2009-01-25 23:38 --------- d-----w e:\program files\AVS4YOU
2009-01-25 20:38 47,360 ----a-w e:\windows\system32\drivers\pcouffin.sys
2009-01-25 20:38 47,360 ----a-w e:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-01-25 20:38 --------- d-----w e:\documents and settings\Administrator\Application Data\Vso
2009-01-25 20:37 --------- d-----w e:\program files\DVDFab 5
2009-01-25 20:36 --------- d-----w e:\documents and settings\Administrator\Application Data\RipIt4Me
2009-01-25 20:30 --------- d-----w e:\documents and settings\Administrator\Application Data\NeroDigital™
2009-01-24 21:28 --------- d-----w e:\program files\Saints Row 2
2009-01-24 05:05 --------- d-----w e:\program files\Valve
2009-01-24 05:04 --------- d-----w e:\program files\Activision
2009-01-18 01:40 --------- d-----w e:\program files\ImTOO
2009-01-18 01:29 --------- d-----w e:\documents and settings\Administrator\Application Data\AVS4YOU
2009-01-18 01:28 --------- d-----w e:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-18 01:27 --------- d-----w e:\program files\Common Files\AVSMedia
2009-01-18 01:17 --------- d-----w e:\program files\MagicDVDRipper
2008-12-29 23:29 0 ----a-w e:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-12-25 01:50 103,736 ----a-w e:\documents and settings\Administrator\Application Data\PnkBstrB.exe
2002-01-05 07:31 22,328 ----a-w e:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-11-28 04:19 8 --sha-r e:\windows\system32\293C71C220.sys
2008-11-28 04:21 6,890 --sha-w e:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="e:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"Aim6"="e:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Google Update"="e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-01 133104]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPU Power Monitor"="e:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="e:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - e:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-27 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^hamachi.lnk]
path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk
backup=e:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=e:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^E-Color.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\E-Color.lnk
backup=e:\windows\pss\E-Color.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=e:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2008-01-28 13:55 1413120 e:\program files\ASUS\Ai Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 10:09 50472 e:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving]
--a------ 2008-01-28 11:42 1352704 e:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-03-09 21:50 200768 e:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-11-19 18:49 36864 e:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-02-06 12:20 478800 e:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 05:11 490952 e:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]
--a------ 2008-05-13 20:26 196608 e:\program files\MSI\DualCoreCenter\DelReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 13:34 2772992 e:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 e:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner]
--a------ 2007-04-11 18:34 376832 e:\program files\ASUS\AI Direct Link\AsCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link]
--a------ 2007-08-20 12:42 1209856 e:\program files\ASUS\AI Direct Link\AsShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
--a------ 2008-04-26 11:34 554896 e:\program files\Leaf Networks\Leaf\bin\Leaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-06-09 11:16 2363392 e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-10 10:45 2221352 e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-03-25 15:33 570664 e:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-11-12 15:54 13672448 e:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-11-12 15:54 86016 e:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneCareUI]
--a------ 2008-11-05 14:18 64880 e:\program files\Microsoft Windows OneCare Live\winssnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-13 23:39 306088 e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2007-10-08 13:02 1036288 e:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srserver]
--a------ 2008-03-27 00:47 1211392 e:\program files\Multi-screen Remote Desktop\Server\srserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-29 01:16 1410296 e:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"SCardSvr"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"e:\\Program Files\\uTorrent\\utorrent.exe"=
"e:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"e:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"e:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\WBGames\\Monolith Productions\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"=
"e:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=

R2 OcHealthMon;Windows Live OneCare Health Monitor;e:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [2002-01-01 24652]
S3 DualCoreCenter;DualCoreCenter;e:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-11-27 28160]
S3 FwHookDrv;FwHookDrv;e:\windows\system32\drivers\FwHookDrv.sys [2006-09-06 6016]
S3 leafnets;Leaf Networks Adapter;e:\windows\system32\drivers\leafnets.sys [2007-05-02 55296]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;e:\windows\system32\DRIVERS\yk51lagg.sys --> e:\windows\system32\DRIVERS\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;e:\windows\system32\drivers\skvlan.sys [2006-05-17 19328]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);e:\windows\system32\drivers\WPRO_40_1123.sys --> e:\windows\system32\drivers\WPRO_40_1123.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b0e63c-0188-11d6-a059-00235445ec15}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"e:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-18 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1383384898-725345543-500.job
- e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-01 03:40]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{7b89d16f-010a-462d-8ba1-a7522a578521} - e:\windows\system32\hoginumi.dll
Toolbar-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
ShellExecuteHooks-{A63E645F-13BD-45ED-B15F-6E8C1BD57279} - (no file)
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
MSConfigStartUp-GetModule32 - e:\program files\GetModule\GetModule32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 00:14:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


e:\windows\TEMP\cch~46772e6a.htp 8192 bytes
e:\windows\TEMP\cch~469b3f43.htp 8192 bytes
e:\windows\TEMP\cch~469b4294.htp 8192 bytes
e:\windows\TEMP\cch~41fedcdf.htp 8192 bytes
e:\windows\TEMP\cch~4202ba2d.htp 8192 bytes
e:\windows\TEMP\cch~421e45d5.htp 8192 bytes
e:\windows\TEMP\cch~42203390.htp 8192 bytes
e:\windows\TEMP\cch~4558d4f5.htp 8192 bytes
e:\windows\TEMP\cch~4559ac00.htp 8192 bytes
e:\windows\TEMP\cch~4565e855.htp 8192 bytes
e:\windows\TEMP\cch~45660d9a.htp 8192 bytes
e:\windows\TEMP\cch~46772af6.htp 8192 bytes

scan completed successfully
hidden files: 12

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1383384898-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d2,85,c4,d1,b6,49,7f,06,e3,21,a5,e3,a9,a4,61,9a,c5,d9,05,b5,ee,36,b3,
11,d9,eb,01,7e,57,9b,49,5d,04,34,a0,75,e9,f4,e6,ea,95,01,b5,94,85,5c,a7,84,\
"??"=hex:b8,dc,c1,ce,64,9d,76,12,ba,7d,75,79,94,fb,12,9b

[HKEY_USERS\S-1-5-21-1123561945-1383384898-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:47,0f,63,9b,76,b6,c8,a4,25,21,f1,18,08,18,93,66,5e,2d,2c,a0,eb,
6b,11,0a,ed,0e,66,17,d8,ec,2b,e8,85,e3,ad,a0,96,41,b8,d1,10,6b,cb,33,82,ee,\
"rkeysecu"=hex:16,27,15,1d,fc,29,36,86,9f,ea,3b,de,9c,1f,52,af
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
e:\windows\system32\ginamsi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Java\jre6\bin\jqs.exe
e:\program files\Common Files\LightScribe\LSSrvc.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\HPZipm12.exe
e:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
e:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
e:\program files\Microsoft Windows OneCare Live\winss.exe
e:\windows\system32\wscntfy.exe
e:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
e:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2009-03-18 0:18:11 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2009-03-18 07:18:07

Pre-Run: 10,175,303,680 bytes free
Post-Run: 24,152,174,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

442 --- E O F --- 2008-12-26 09:39:36


hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:22 AM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
E:\Program Files\Microsoft Windows OneCare Live\winss.exe
E:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Internet Explorer\iexplore.exe
e:\program files\aim toolbar\aimtbServer.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab

--
End of file - 2047 bytes
silverspeed55
Active Member
 
Posts: 5
Joined: March 15th, 2009, 2:40 pm

Re: Can't delete virus

Unread postby Bv202 » March 18th, 2009, 10:47 am

Hi silverspeed55

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=40861
    
    Collect::
    e:\windows\instsp2.exe
    e:\windows\instsp1.exe
    
    File::
    e:\windows\system32\KillBox.exe
    
    Folder::
    e:\!KillBox
    e:\Program Files\uTorrent
    e:\documents and settings\Administrator\Application Data\uTorrent
    
    Registry:: 
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "e:\\Program Files\\uTorrent\\utorrent.exe"=-
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


GMER
  • Download GMER by GMER from one of the links below:
    Link1
    Link2
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic


Question: Did you use the ignore-option in HijackThis?
Please make sure HijackThis is finished running :)

In your next reply, please post:
1) The combofix log
2) The GMER logs
3) A new HijackThis log
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Can't delete virus

Unread postby silverspeed55 » March 19th, 2009, 6:55 pm

Hi, my pc seems to fuction much better now. Thanks

ComboFix Log:
ComboFix 09-03-15.01 - Administrator 2009-03-19 0:51:35.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2717 [GMT -7:00]
Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
* Resident AV is active


FILE ::
e:\windows\system32\KillBox.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.

2009-03-18 00:12 . 2009-01-09 12:19 1,089,593 -----c--- e:\windows\system32\dllcache\ntprint.cat
2009-02-26 01:26 . 2009-02-28 18:05 <DIR> d-------- e:\program files\F.E.A.R. 2
2009-02-25 19:51 . 2009-02-25 19:51 <DIR> d-------- e:\documents and settings\Administrator\Application Data\dvdcss
2009-02-24 02:26 . 2009-02-24 02:40 <DIR> d-------- e:\documents and settings\Administrator\Application Data\vlc
2009-02-24 02:25 . 2009-02-24 02:25 <DIR> d-------- e:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 07:44 21,724,448 --sha-w e:\windows\system32\drivers\fidbox.dat
2009-03-19 07:26 908,576 --sha-w e:\windows\system32\drivers\fidbox2.dat
2009-03-19 04:55 --------- d-----w e:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-19 04:54 --------- d-----w e:\program files\Microsoft Silverlight
2009-03-18 12:00 88,376 --sha-w e:\windows\system32\drivers\fidbox2.idx
2009-03-18 12:00 293,324 --sha-w e:\windows\system32\drivers\fidbox.idx
2009-03-18 06:55 --------- d-----w e:\program files\Download Manager
2009-03-18 06:55 --------- d-----w e:\documents and settings\Administrator\Application Data\IGN_DLM
2009-03-14 21:38 102,912 --sha-w e:\windows\system32\funesabo.dll
2009-03-12 10:20 --------- d-----w e:\documents and settings\Administrator\Application Data\U3
2009-03-10 21:36 102,400 --sha-w e:\windows\system32\padomizi.dll
2009-03-09 21:36 100,352 --sha-w e:\windows\system32\hanasoyo.dll
2009-02-27 23:15 --------- d-----w e:\program files\Steam
2009-02-11 03:33 --------- d--h--w e:\program files\InstallShield Installation Information
2009-02-11 03:33 --------- d-----w e:\program files\EA Games
2009-02-10 22:55 --------- d-----w e:\documents and settings\All Users\Application Data\TDK
2009-02-09 11:13 1,846,784 ----a-w e:\windows\system32\win32k.sys
2009-02-08 06:37 --------- d-----w e:\program files\WBGames
2009-02-04 05:17 89,601 ----a-w e:\windows\system32\drivers\klick.dat
2009-02-04 05:17 101,287 ----a-w e:\windows\system32\drivers\klin.dat
2009-02-01 23:30 --------- d-----w e:\documents and settings\Administrator\Application Data\Red Alert 3 Demo
2009-02-01 02:37 --------- d-----w e:\program files\Electronic Arts
2009-01-31 06:27 --------- d-----w e:\program files\Bethesda Softworks
2009-01-30 05:07 --------- d-----w e:\documents and settings\Administrator\Application Data\Corel
2009-01-26 04:00 --------- d-----w e:\program files\NJStar Chinese WP
2009-01-25 23:38 --------- d-----w e:\program files\AVS4YOU
2009-01-25 20:38 47,360 ----a-w e:\windows\system32\drivers\pcouffin.sys
2009-01-25 20:38 47,360 ----a-w e:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-01-25 20:38 --------- d-----w e:\documents and settings\Administrator\Application Data\Vso
2009-01-25 20:37 --------- d-----w e:\program files\DVDFab 5
2009-01-25 20:36 --------- d-----w e:\documents and settings\Administrator\Application Data\RipIt4Me
2009-01-25 20:30 --------- d-----w e:\documents and settings\Administrator\Application Data\NeroDigital™
2009-01-24 21:28 --------- d-----w e:\program files\Saints Row 2
2009-01-24 05:05 --------- d-----w e:\program files\Valve
2009-01-24 05:04 --------- d-----w e:\program files\Activision
2009-01-24 03:50 66,872 ----a-w e:\windows\system32\PnkBstrA.exe
2008-12-29 23:29 0 ----a-w e:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-12-26 03:04 183,152 ----a-w e:\windows\system32\PnkBstrB.exe
2008-12-25 01:50 669,184 ----a-w e:\windows\system32\pbsvc.exe
2008-12-25 01:50 103,736 ----a-w e:\documents and settings\Administrator\Application Data\PnkBstrB.exe
2006-06-23 06:48 32,768 ----a-r e:\windows\inf\UpdateUSB.exe
2002-01-05 07:31 22,328 ----a-w e:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-11-28 04:19 8 --sha-r e:\windows\system32\293C71C220.sys
2008-11-28 04:21 6,890 --sha-w e:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-03-19_ 0.24.16.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 07:46:31 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_22c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="e:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"Aim6"="e:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Google Update"="e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-01 133104]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPU Power Monitor"="e:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="e:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - e:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-27 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^hamachi.lnk]
path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk
backup=e:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=e:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^E-Color.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\E-Color.lnk
backup=e:\windows\pss\E-Color.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=e:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2008-01-28 13:55 1413120 e:\program files\ASUS\Ai Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 10:09 50472 e:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving]
--a------ 2008-01-28 11:42 1352704 e:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-03-09 21:50 200768 e:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-11-19 18:49 36864 e:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-02-06 12:20 478800 e:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 05:11 490952 e:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]
--a------ 2008-05-13 20:26 196608 e:\program files\MSI\DualCoreCenter\DelReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 13:34 2772992 e:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 e:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner]
--a------ 2007-04-11 18:34 376832 e:\program files\ASUS\AI Direct Link\AsCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link]
--a------ 2007-08-20 12:42 1209856 e:\program files\ASUS\AI Direct Link\AsShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
--a------ 2008-04-26 11:34 554896 e:\program files\Leaf Networks\Leaf\bin\Leaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-06-09 11:16 2363392 e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-10 10:45 2221352 e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-03-25 15:33 570664 e:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-11-12 15:54 13672448 e:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-11-12 15:54 86016 e:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-13 23:39 306088 e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2007-10-08 13:02 1036288 e:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srserver]
--a------ 2008-03-27 00:47 1211392 e:\program files\Multi-screen Remote Desktop\Server\srserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-29 01:16 1410296 e:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"SCardSvr"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"e:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"e:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"e:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\WBGames\\Monolith Productions\\F.E.A.R. 2 SP Demo\\FEAR2SPDemo.exe"=
"e:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [2002-01-01 24652]
R3 DualCoreCenter;DualCoreCenter;e:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-11-27 28160]
S3 FwHookDrv;FwHookDrv;e:\windows\system32\drivers\FwHookDrv.sys [2006-09-06 6016]
S3 leafnets;Leaf Networks Adapter;e:\windows\system32\drivers\leafnets.sys [2007-05-02 55296]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;e:\windows\system32\DRIVERS\yk51lagg.sys --> e:\windows\system32\DRIVERS\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;e:\windows\system32\drivers\skvlan.sys [2006-05-17 19328]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);e:\windows\system32\drivers\WPRO_40_1123.sys --> e:\windows\system32\drivers\WPRO_40_1123.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUALCORECENTER
*Deregistered* - aujasnkj

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b0e63c-0188-11d6-a059-00235445ec15}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"e:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-19 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1383384898-725345543-500.job
- e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-01 03:40]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 00:54:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1383384898-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d2,85,c4,d1,b6,49,7f,06,e3,21,a5,e3,a9,a4,61,9a,c5,d9,05,b5,ee,36,b3,
11,d9,eb,01,7e,57,9b,49,5d,04,34,a0,75,e9,f4,e6,ea,95,01,b5,94,85,5c,a7,84,\
"??"=hex:b8,dc,c1,ce,64,9d,76,12,ba,7d,75,79,94,fb,12,9b

[HKEY_USERS\S-1-5-21-1123561945-1383384898-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:47,0f,63,9b,76,b6,c8,a4,25,21,f1,18,08,18,93,66,5e,2d,2c,a0,eb,
6b,11,0a,ed,0e,66,17,d8,ec,2b,e8,85,e3,ad,a0,96,41,b8,d1,10,6b,cb,33,82,ee,\
"rkeysecu"=hex:16,27,15,1d,fc,29,36,86,9f,ea,3b,de,9c,1f,52,af
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
e:\windows\system32\ginamsi.dll
.
Completion time: 2009-03-19 0:56:54
ComboFix-quarantined-files.txt 2009-03-19 07:55:35
ComboFix2.txt 2009-03-19 07:24:51
ComboFix3.txt 2009-03-18 07:18:41

Pre-Run: 24,185,253,888 bytes free
Post-Run: 24,165,621,760 bytes free

271 --- E O F --- 2009-03-18 10:02:50


Gmerrk:
GMER 1.0.15.14939 - http://www.gmer.net
Autostart scan 2009-03-19 07:28:36
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitE:\WINDOWS\system32\userinit.exe, = E:\WINDOWS\system32\userinit.exe,
@GinaDLLginamsi.dll = ginamsi.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
klogon@DLLName = E:\WINDOWS\system32\klogon.dll /*file not found*/
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP@ = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r
JavaQuickStarterService@ = "E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LightScribeService@ = "E:\Program Files\Common Files\LightScribe\LSSrvc.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
Pml Driver HPZ12@ = E:\WINDOWS\system32\HPZipm12.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
UleadBurningHelper@ = E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Viewpoint Manager Service@ = "E:\Program Files\Viewpoint\Common\ViewpointService.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CPU Power Monitor"E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" = "E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
@Cpu Level Up helpE:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe = E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
@SunJavaUpdateSched"E:\Program Files\Java\jre6\bin\jusched.exe" = "E:\Program Files\Java\jre6\bin\jusched.exe"
@NvCplDaemonRUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@igndlm.exeE:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork /*file not found*/ = E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork /*file not found*/
@Aim6"E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp = "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
@Google Update"E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c = "E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
@RGSCE:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent /*file not found*/ = E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent /*file not found*/
@DAEMON Tools Lite"E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun = "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = E:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/E:\WINDOWS\system32\extmgr.dll = E:\WINDOWS\system32\extmgr.dll
@{23170F69-40C1-278A-1000-000100020000} /*7-Zip Shell Extension*/E:\Program Files\7-Zip\7-zip.dll = E:\Program Files\7-Zip\7-zip.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/E:\Program Files\WinRAR\rarext.dll = E:\Program Files\WinRAR\rarext.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/E:\WINDOWS\system32\dfshim.dll = E:\WINDOWS\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/E:\WINDOWS\system32\dfshim.dll = E:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/E:\Program Files\iTunes\iTunesMiniPlayer.dll = E:\Program Files\iTunes\iTunesMiniPlayer.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/E:\WINDOWS\system32\nvcpl.dll = E:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/E:\WINDOWS\system32\nvshell.dll = E:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/E:\WINDOWS\system32\nvshell.dll = E:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/E:\WINDOWS\system32\nvshell.dll = E:\WINDOWS\system32\nvshell.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus statistics*/E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
@{8e9d6600-f84a-11ce-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{e3f2bac0-099f-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{52c68510-09a0-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/E:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll = E:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/E:\WINDOWS\system32\nvcpl.dll = E:\WINDOWS\system32\nvcpl.dll
@{6230EF55-8E71-4F40-861A-DBA282584FF5} /*AVS VideoConverter 6*/E:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL = E:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
@{6B19FEC2-A45B-11CF-9045-00A0C9039735} /*Registered ActiveX Controls*/E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL
@{D545EBD1-BD92-11CF-8772-00A0C9039735} /*Developer Studio Components*/E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = E:\Program Files\7-Zip\7-zip.dll
AVSVideoConverter6@{6230EF55-8E71-4F40-861A-DBA282584FF5} = E:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = E:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{100BD527-7304-4b7f-BEE2-26D97B04EBA4} = E:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = E:\Program Files\7-Zip\7-zip.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
NetWareUNCMenu@{e3f2bac0-099f-11cf-8daa-00aa004a5691} = nwprovau.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{100BD527-7304-4b7f-BEE2-26D97B04EBA4} = E:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}E:\Program Files\Java\jre6\bin\ssv.dll = E:\Program Files\Java\jre6\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}e:\program files\google\googletoolbar1.dll = e:\program files\google\googletoolbar1.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}E:\Program Files\Java\jre6\bin\jp2ssv.dll = E:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageE:\WINDOWS\system32\blank.htm = E:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = E:\WINDOWS\system32\msvidctl.dll
its@CLSID = E:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = E:\WINDOWS\system32\itss.dll
tv@CLSID = E:\WINDOWS\system32\msvidctl.dll
wia@CLSID = E:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6313FE9A-16E1-4A17-9E0B-987848B64217} /*Leaf Networks Adapter*/ >>>
@IPAddress5.0.0.3 = 5.0.0.3
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = E:\Program Files\Bonjour\mdnsNSP.dll

E:\Documents and Settings\All Users\Start Menu\Programs\Startup = DualCoreCenter.lnk

---- EOF - GMER 1.0.15 ----


Gmerautos:
GMER 1.0.15.14939 - http://www.gmer.net
Autostart scan 2009-03-19 07:28:36
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitE:\WINDOWS\system32\userinit.exe, = E:\WINDOWS\system32\userinit.exe,
@GinaDLLginamsi.dll = ginamsi.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
klogon@DLLName = E:\WINDOWS\system32\klogon.dll /*file not found*/
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVP@ = "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r
JavaQuickStarterService@ = "E:\Program Files\Java\jre6\bin\jqs.exe" -service -config "E:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LightScribeService@ = "E:\Program Files\Common Files\LightScribe\LSSrvc.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
Pml Driver HPZ12@ = E:\WINDOWS\system32\HPZipm12.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
UleadBurningHelper@ = E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Viewpoint Manager Service@ = "E:\Program Files\Viewpoint\Common\ViewpointService.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CPU Power Monitor"E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" = "E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
@Cpu Level Up helpE:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe = E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
@SunJavaUpdateSched"E:\Program Files\Java\jre6\bin\jusched.exe" = "E:\Program Files\Java\jre6\bin\jusched.exe"
@NvCplDaemonRUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@igndlm.exeE:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork /*file not found*/ = E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork /*file not found*/
@Aim6"E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp = "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
@Google Update"E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c = "E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
@RGSCE:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent /*file not found*/ = E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent /*file not found*/
@DAEMON Tools Lite"E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun = "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = E:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/E:\WINDOWS\system32\twext.dll = E:\WINDOWS\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/E:\WINDOWS\system32\extmgr.dll = E:\WINDOWS\system32\extmgr.dll
@{23170F69-40C1-278A-1000-000100020000} /*7-Zip Shell Extension*/E:\Program Files\7-Zip\7-zip.dll = E:\Program Files\7-Zip\7-zip.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/E:\Program Files\WinRAR\rarext.dll = E:\Program Files\WinRAR\rarext.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/E:\WINDOWS\system32\dfshim.dll = E:\WINDOWS\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/E:\WINDOWS\system32\dfshim.dll = E:\WINDOWS\system32\dfshim.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/E:\Program Files\iTunes\iTunesMiniPlayer.dll = E:\Program Files\iTunes\iTunesMiniPlayer.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/E:\WINDOWS\system32\nvcpl.dll = E:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/E:\WINDOWS\system32\nvshell.dll = E:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/E:\WINDOWS\system32\nvshell.dll = E:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/E:\WINDOWS\system32\nvshell.dll = E:\WINDOWS\system32\nvshell.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus statistics*/E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
@{8e9d6600-f84a-11ce-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{e3f2bac0-099f-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{52c68510-09a0-11cf-8daa-00aa004a5691} /*Shell extensions for NetWare*/nwprovau.dll = nwprovau.dll
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/E:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll = E:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll = E:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" = "E:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/E:\WINDOWS\system32\nvcpl.dll = E:\WINDOWS\system32\nvcpl.dll
@{6230EF55-8E71-4F40-861A-DBA282584FF5} /*AVS VideoConverter 6*/E:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL = E:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
@{6B19FEC2-A45B-11CF-9045-00A0C9039735} /*Registered ActiveX Controls*/E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL
@{D545EBD1-BD92-11CF-8772-00A0C9039735} /*Developer Studio Components*/E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL = E:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = E:\Program Files\7-Zip\7-zip.dll
AVSVideoConverter6@{6230EF55-8E71-4F40-861A-DBA282584FF5} = E:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL
Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = E:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{100BD527-7304-4b7f-BEE2-26D97B04EBA4} = E:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
7-Zip@{23170F69-40C1-278A-1000-000100020000} = E:\Program Files\7-Zip\7-zip.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll
MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = E:\Program Files\MagicISO\misosh.dll
NetWareUNCMenu@{e3f2bac0-099f-11cf-8daa-00aa004a5691} = nwprovau.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = E:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{100BD527-7304-4b7f-BEE2-26D97B04EBA4} = E:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}E:\Program Files\Java\jre6\bin\ssv.dll = E:\Program Files\Java\jre6\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}e:\program files\google\googletoolbar1.dll = e:\program files\google\googletoolbar1.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}E:\Program Files\Java\jre6\bin\jp2ssv.dll = E:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageE:\WINDOWS\system32\blank.htm = E:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = E:\WINDOWS\system32\msvidctl.dll
its@CLSID = E:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = E:\WINDOWS\system32\itss.dll
tv@CLSID = E:\WINDOWS\system32\msvidctl.dll
wia@CLSID = E:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6313FE9A-16E1-4A17-9E0B-987848B64217} /*Leaf Networks Adapter*/ >>>
@IPAddress5.0.0.3 = 5.0.0.3
@NameServer =
@DefaultGateway =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = E:\Program Files\Bonjour\mdnsNSP.dll

E:\Documents and Settings\All Users\Start Menu\Programs\Startup = DualCoreCenter.lnk

---- EOF - GMER 1.0.15 ----


hijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:47 PM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\AIM6\aim6.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\WINDOWS\system32\notepad.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Internet Explorer\iexplore.exe
e:\program files\aim toolbar\aimtbServer.exe
E:\Documents and Settings\Administrator\Desktop\gamer\gmer.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\notepad.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - E:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [CPU Power Monitor] "E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: DualCoreCenter.lnk = E:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5869 bytes
silverspeed55
Active Member
 
Posts: 5
Joined: March 15th, 2009, 2:40 pm

Re: Can't delete virus

Unread postby Bv202 » March 22nd, 2009, 11:26 am

Hi Silverspeed55

Sorry for the delay.

Nice to hear the computer is running better already; I think we're almost there :)


COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    e:\windows\system32\hanasoyo.dll
    e:\windows\system32\padomizi.dll
    e:\windows\system32\funesabo.dll
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log.


REMOVE VIEWPOINT
You have Viewpoint, Viewpoint Manager, Viewpoint Media Player installed on your system. These programs are not malware but are considered as foistware instead of malware since they are installed without user's approval, and for this reason I recommend you remove them.

To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.


In your next reply, please post:
1) The ComboFix log
3) The Kaspersky report
3) A new HijackThis log
4) gmerrk.txt (it seems you've posted 2x the gmerautos.txt)
5) How is the computer running now?
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Can't delete virus

Unread postby silverspeed55 » March 24th, 2009, 10:52 pm

whats up, i'm sorry it took me a while to reply as well. Its AP Bio Finals week :(
Thanks for helping me though; i really appreciated it.

1) ComboFix log:
ComboFix 09-03-22.01 - Administrator 2009-03-24 1:51:11.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2856 [GMT -7:00]
Running from: e:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
e:\windows\system32\funesabo.dll
e:\windows\system32\hanasoyo.dll
e:\windows\system32\padomizi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\system32\funesabo.dll
e:\windows\system32\hanasoyo.dll
e:\windows\system32\padomizi.dll

.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-22 23:57 . 2009-03-23 00:09 <DIR> d-------- e:\program files\The Last Remnant
2009-03-22 16:58 . 2009-03-22 17:46 <DIR> d-------- e:\program files\Empire Total War
2009-03-21 16:48 . 2009-03-22 17:29 <DIR> d-------- e:\documents and settings\Administrator\Application Data\The Creative Assembly
2009-03-20 19:50 . 2009-03-22 23:52 <DIR> d-------- e:\documents and settings\Administrator\Application Data\uTorrent
2009-03-20 18:29 . 2009-03-20 19:36 <DIR> d-------- e:\program files\Crayon Physics Deluxe Demo
2009-03-20 18:29 . 2009-03-20 18:30 <DIR> d-------- e:\documents and settings\Administrator\Application Data\Crayon Physics Deluxe
2009-03-18 00:12 . 2009-01-09 12:19 1,089,593 -----c--- e:\windows\system32\dllcache\ntprint.cat
2009-02-26 01:26 . 2009-02-28 18:05 <DIR> d-------- e:\program files\F.E.A.R. 2
2009-02-25 19:51 . 2009-02-25 19:51 <DIR> d-------- e:\documents and settings\Administrator\Application Data\dvdcss
2009-02-24 02:26 . 2009-02-24 02:40 <DIR> d-------- e:\documents and settings\Administrator\Application Data\vlc
2009-02-24 02:25 . 2009-02-24 02:25 <DIR> d-------- e:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 08:52 982,816 --sha-w e:\windows\system32\drivers\fidbox2.dat
2009-03-24 08:52 23,749,408 --sha-w e:\windows\system32\drivers\fidbox.dat
2009-03-24 02:03 --------- d--h--w e:\program files\InstallShield Installation Information
2009-03-24 01:45 --------- d-----w e:\program files\Electronic Arts
2009-03-23 21:45 --------- d-----w e:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-23 08:39 93,824 --sha-w e:\windows\system32\drivers\fidbox2.idx
2009-03-23 08:39 318,356 --sha-w e:\windows\system32\drivers\fidbox.idx
2009-03-22 08:43 --------- d-----w e:\program files\Steam
2009-03-21 06:23 --------- d-----w e:\documents and settings\Administrator\Application Data\IGN_DLM
2009-03-21 01:18 107,888 ----a-w e:\windows\system32\CmdLineExt.dll
2009-03-19 04:54 --------- d-----w e:\program files\Microsoft Silverlight
2009-03-18 06:55 --------- d-----w e:\program files\Download Manager
2009-03-12 10:20 --------- d-----w e:\documents and settings\Administrator\Application Data\U3
2009-02-10 22:55 --------- d-----w e:\documents and settings\All Users\Application Data\TDK
2009-02-09 11:13 1,846,784 ----a-w e:\windows\system32\win32k.sys
2009-02-08 06:37 --------- d-----w e:\program files\WBGames
2009-02-04 05:17 89,601 ----a-w e:\windows\system32\drivers\klick.dat
2009-02-04 05:17 101,287 ----a-w e:\windows\system32\drivers\klin.dat
2009-02-01 23:30 --------- d-----w e:\documents and settings\Administrator\Application Data\Red Alert 3 Demo
2009-01-31 06:27 --------- d-----w e:\program files\Bethesda Softworks
2009-01-30 05:07 --------- d-----w e:\documents and settings\Administrator\Application Data\Corel
2009-01-26 04:00 --------- d-----w e:\program files\NJStar Chinese WP
2009-01-25 23:38 --------- d-----w e:\program files\AVS4YOU
2009-01-25 20:38 47,360 ----a-w e:\windows\system32\drivers\pcouffin.sys
2009-01-25 20:38 47,360 ----a-w e:\documents and settings\Administrator\Application Data\pcouffin.sys
2009-01-25 20:38 --------- d-----w e:\documents and settings\Administrator\Application Data\Vso
2009-01-25 20:37 --------- d-----w e:\program files\DVDFab 5
2009-01-25 20:36 --------- d-----w e:\documents and settings\Administrator\Application Data\RipIt4Me
2009-01-25 20:30 --------- d-----w e:\documents and settings\Administrator\Application Data\NeroDigital™
2009-01-24 21:28 --------- d-----w e:\program files\Saints Row 2
2009-01-24 05:05 --------- d-----w e:\program files\Valve
2009-01-24 05:04 --------- d-----w e:\program files\Activision
2009-01-24 03:50 66,872 ----a-w e:\windows\system32\PnkBstrA.exe
2008-12-29 23:29 0 ----a-w e:\documents and settings\Administrator\jagex_runescape_preferences.dat
2008-12-26 03:04 183,152 ----a-w e:\windows\system32\PnkBstrB.exe
2008-12-25 01:50 669,184 ----a-w e:\windows\system32\pbsvc.exe
2008-12-25 01:50 103,736 ----a-w e:\documents and settings\Administrator\Application Data\PnkBstrB.exe
2006-06-23 06:48 32,768 ----a-r e:\windows\inf\UpdateUSB.exe
2002-01-05 07:31 22,328 ----a-w e:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2008-11-28 04:19 8 --sha-r e:\windows\system32\293C71C220.sys
2008-11-28 04:21 6,890 --sha-w e:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-03-19_ 0.24.16.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-01 02:56:27 53,248 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-03-21 22:55:02 53,248 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-02-01 02:56:27 12,800 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-03-21 22:55:02 12,800 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-02-01 02:56:27 473,600 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-03-21 22:55:03 473,600 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-02-01 02:56:21 2,676,224 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:54:58 2,676,224 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:22 2,846,720 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:54:59 2,846,720 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:22 563,712 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:54:59 563,712 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:23 567,296 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:55:00 567,296 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:23 576,000 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:55:00 576,000 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:24 577,024 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:55:00 577,024 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:24 577,536 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:55:01 577,536 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:25 577,536 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:55:01 577,536 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:25 578,560 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:55:01 578,560 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:28 578,560 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-03-21 22:55:03 578,560 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-02-01 02:56:28 145,920 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-03-21 22:55:03 145,920 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-02-01 02:56:28 159,232 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-03-21 22:55:03 159,232 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-02-01 02:56:28 364,544 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-03-21 22:55:04 364,544 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-02-01 02:56:29 178,176 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-03-21 22:55:05 178,176 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-02-01 02:56:26 223,232 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-03-21 22:55:02 223,232 ----a-w e:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-03-19 04:54:34 16,384 ----a-w e:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-23 21:44:26 16,384 ----a-w e:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-19 04:54:34 32,768 ----a-w e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-23 21:44:26 32,768 ----a-w e:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-23 21:44:27 16,384 ----atw e:\windows\Temp\Perflib_Perfdata_634.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="e:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"Aim6"="e:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"Google Update"="e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2002-01-01 133104]
"RGSC"="e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-13 306088]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"AdobeUpdater"="e:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-28 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPU Power Monitor"="e:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="e:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"SunJavaUpdateSched"="e:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-11-12 86016]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - e:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-27 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^hamachi.lnk]
path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\hamachi.lnk
backup=e:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=e:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=e:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^E-Color.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\E-Color.lnk
backup=e:\windows\pss\E-Color.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=e:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=e:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=e:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 e:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2008-01-28 13:55 1413120 e:\program files\ASUS\Ai Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-21 10:09 50472 e:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Energy Saving]
--a------ 2008-01-28 11:42 1352704 e:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-03-09 21:50 200768 e:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-11-19 18:49 36864 e:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-02-06 12:20 478800 e:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 05:11 490952 e:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]
--a------ 2008-05-13 20:26 196608 e:\program files\MSI\DualCoreCenter\DelReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 13:34 2772992 e:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 e:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch As Cmd Runner]
--a------ 2007-04-11 18:34 376832 e:\program files\ASUS\AI Direct Link\AsCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Direct Link]
--a------ 2007-08-20 12:42 1209856 e:\program files\ASUS\AI Direct Link\AsShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Leaf]
--a------ 2008-04-26 11:34 554896 e:\program files\Leaf Networks\Leaf\bin\Leaf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-06-09 11:16 2363392 e:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-10 10:45 2221352 e:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-03-25 15:33 570664 e:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-11-12 15:54 13672448 e:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-11-12 15:54 86016 e:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 e:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-13 23:39 306088 e:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2007-10-08 13:02 1036288 e:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srserver]
--a------ 2008-03-27 00:47 1211392 e:\program files\Multi-screen Remote Desktop\Server\srserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-29 01:16 1410296 e:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"SCardSvr"=3 (0x3)
"PnkBstrA"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"e:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"e:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"e:\\Program Files\\Leaf Networks\\Leaf\\bin\\Leaf.exe"=
"e:\\Program Files\\Steam\\Steam.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx10.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"e:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"e:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"e:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"e:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"e:\\Program Files\\Steam\\SteamApps\\common\\empire total war demo\\Empire.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [2002-01-01 24652]
R3 DualCoreCenter;DualCoreCenter;e:\program files\MSI\DualCoreCenter\NTGLM7X.sys [2008-11-27 28160]
S3 FwHookDrv;FwHookDrv;e:\windows\system32\drivers\FwHookDrv.sys [2006-09-06 6016]
S3 leafnets;Leaf Networks Adapter;e:\windows\system32\drivers\leafnets.sys [2007-05-02 55296]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol (LAGG) Support;e:\windows\system32\DRIVERS\yk51lagg.sys --> e:\windows\system32\DRIVERS\yk51lagg.sys [?]
S3 SkVlanProtocol;Marvell Virtual LAN (VLAN) Support;e:\windows\system32\drivers\skvlan.sys [2006-05-17 19328]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);e:\windows\system32\drivers\WPRO_40_1123.sys --> e:\windows\system32\drivers\WPRO_40_1123.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DUALCORECENTER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b0e63c-0188-11d6-a059-00235445ec15}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"e:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-23 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1383384898-725345543-500.job
- e:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2002-01-01 03:40]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 01:52:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1383384898-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d2,85,c4,d1,b6,49,7f,06,e3,21,a5,e3,a9,a4,61,9a,c5,d9,05,b5,ee,36,b3,
11,d9,eb,01,7e,57,9b,49,5d,04,34,a0,75,e9,f4,e6,ea,95,01,b5,94,85,5c,a7,84,\
"??"=hex:b8,dc,c1,ce,64,9d,76,12,ba,7d,75,79,94,fb,12,9b

[HKEY_USERS\S-1-5-21-1123561945-1383384898-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:7f,6e,18,66,65,f2,32,56,3b,9c,82,d6,f6,23,98,76,36,38,79,47,81,
b5,7e,ed,ba,e4,a4,1f,e2,e3,e2,49,f4,98,0d,ce,70,79,5c,0e,68,85,dd,e5,06,4d,\
"rkeysecu"=hex:2c,ea,a3,50,ab,a0,22,2c,4d,5c,49,e4,db,d2,cc,ee
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1148)
e:\windows\system32\ginamsi.dll
.
Completion time: 2009-03-24 1:53:26
ComboFix-quarantined-files.txt 2009-03-24 08:53:24
ComboFix2.txt 2009-03-19 07:56:56
ComboFix3.txt 2009-03-19 07:24:51
ComboFix4.txt 2009-03-18 07:18:41

Pre-Run: 14,921,965,568 bytes free
Post-Run: 14,930,165,760 bytes free

326 --- E O F --- 2009-03-18 10:02:50



2) Kaspersky report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, March 24, 2009 09:59:08
Records in database: 1960715
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\
J:\

Scan statistics:
Files scanned: 146831
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:08:24


File name / Threat name / Threats count
E:\Program Files\Multi-screen Remote Desktop\Server\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.t 1
E:\Program Files\Multi-screen Remote Desktop\Server\srservice.exe Infected: not-a-virus:RemoteAdmin.Win32.MultiRemoteScreen.a 1
E:\Qoobox\Quarantine\E\WINDOWS\system32\nodikoti.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1
E:\Qoobox\Quarantine\E\WINDOWS\system32\vfdpea.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.mkx 1

The selected area was scanned.


3)
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:18 AM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Program Files\AIM6\aim6.exe
E:\Program Files\AIM6\aolsoftware.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Internet Explorer\iexplore.exe
e:\program files\aim toolbar\aimtbServer.exe
E:\Program Files\Java\jre6\bin\java.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - E:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [CPU Power Monitor] "E:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] E:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Aim6] "E:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdobeUpdater] "E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Global Startup: DualCoreCenter.lnk = E:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .8.110.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4866 bytes



4) gmerrk.txt(For realz this time)
GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-24 02:27:02
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----
SSDT \??\E:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB7086770]
SSDT \??\E:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB7086820]
SSDT \??\E:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB7093BC0]

Code \??\E:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\E:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B0971F8

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)

Device \FileSystem\Fastfat \Fat 8A8C2500

AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.15 ----

Thread System [4:128] 8ADE57A0
Thread System [4:132] 8ADE57A0
Thread System [4:136] 8ACE0A30
Thread System [4:140] 8ACE0A30
Thread System [4:144] 8ACE0A30
Thread System [4:524] 8ADE57A0
Thread System [4:668] 8ADE57A0
Thread System [4:944] 8ADE57A0

---- EOF - GMER 1.0.15 ----



5) The computer is running like it was originally. Theres seems to be no obvious tracks of virus, so i would say it significantly better. Seriously, thanks man. You really helped me out a lot. O btw, how could you tell if something is installed without my approval.
silverspeed55
Active Member
 
Posts: 5
Joined: March 15th, 2009, 2:40 pm

Re: Can't delete virus

Unread postby Bv202 » March 26th, 2009, 2:50 pm

Hi Silverspeed55

O btw, how could you tell if something is installed without my approval.

What do you mean with this? Are you reffering to malware or to something else?


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 13.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 13
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u13-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java(TM) 6 Update 7)
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer


Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.1.
You can download it from http://get.adobe.com/reader/
After installing the latest Adobe Reader, uninstall all previous versions (same instructions as uninstalling old Java versions - uninstall Adobe Reader 8.1.1).
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader, you can download Foxit PDF Reader from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.


FIREWALL
I can't see any firewall in your HijackThis log, so i assume you use windows firewall.
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly.
It's preferable to install one of the suggested firewalls.

FREE FIREWALLS
  • Comodo
    When installing, it will ask you to install Anti-Virus functionality. Please uncheck "install comodo antivirus (recommended)" unless you've uninstalled your AV. NEVER have 2 or more Anti-Virus programs on your computer; it will cause performance loss and/or other problems.
  • Online Armor
  • Sunbelt Kerio

Tutorial about Firewalls can be found here


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will uninstall ComboFix. It will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Congratulations, your machine appears to be clean! :)
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Make sure you enable Automatic Updates for your computer. You can set this in the control panel -> windows update.
An alternative way is to visit Microsoft often to get the latest updates for your computer:
http://www.update.microsoft.com
Note: From your log I can see you're still using Internet Explorer 6. It's recommended to upgrade to IE8 as it contains a lot of bug and security fixes.

Here are some free programs I recommend that could help you improve your computer's security.

Malwarebytes' Anti-Malware
Download it from here. Click "Download" and you'll get redirected to download.com, where you can download the product. You can also buy this program, which gives you real-time protection against common malware. However, you can use the free program to scan and remove any infections found.

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm


Read some information here how to prevent Malware.

Is your pc running slow?
Read What to do if your Computer is running slowly

Happy safe surfing!
Bv202
Regular Member
 
Posts: 1732
Joined: May 3rd, 2008, 10:46 am
Location: Belgium (GMT +1)

Re: Can't delete virus

Unread postby silver » March 30th, 2009, 9:47 pm

This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware