VERY VERY VERY strange problem! HELP please

F

Felga

New member
Hi guys,

so here is the story. I downloaded from the internet "windows for gamers" what should be a lot faster then the normal one. I booted them from cd and installed. They haven't got printer support and some other stuff so i decided to go back on my normal windows.

Now the strange part. In task manager of "gaming windows" there was application called "kill.exe" running. I went to "go to process" and it was "svchost.exe". So when i decided to move back on normal windows as I said, I formated my disk and i installed normal windows. I realized that i can't see hidden icons. Every time i went to "show hidden icons and files" it will automatically go back to "do not show."
I reinstalled my normal windows FOUR TIMES and i still got the same problem.

I would be VERY GRATEFUL IF YOU CAN HELP ME!!!

35cf638a.bmp


here is the screenshot of that kill process.


HJT LOG of my FRESH installed windows!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:54 , on 8.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 4186 bytes
 
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
DDS (Ver_09-10-26.01) - NTFSx86
Run by hari at 15:06:13,54 on sri 11.11.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1650 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
d:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hari\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [ASocksrv] SocksA.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~1\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hari\applic~1\mozilla\firefox\profiles\mi4psrmw.default\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [2008-10-22 106496]

=============== Created Last 30 ================

2009-11-10 18:01:25 0 d-----w- c:\program files\ESET
2009-11-10 14:49:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-10 14:49:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 20:57:45 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-11-09 20:57:45 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-11-09 20:57:44 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-11-08 19:48:36 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-08 19:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\KONAMI
2009-11-08 18:07:26 0 d-----w- c:\windows\Logs
2009-11-08 17:37:16 0 d-----w- c:\docume~1\hari\applic~1\uTorrent
2009-11-08 17:25:58 0 d-----w- c:\documents and settings\hari\Tracing
2009-11-08 17:25:33 0 d-----w- c:\program files\Microsoft
2009-11-08 17:25:19 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-08 17:22:18 0 d-----w- c:\program files\common files\Windows Live
2009-11-08 16:45:15 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-11-08 15:59:47 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-08 15:57:00 0 d-----w- c:\windows\SHELLNEW
2009-11-08 15:52:50 0 d-----w- c:\docume~1\hari\applic~1\DAEMON Tools Lite
2009-11-08 15:52:48 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-11-08 14:09:26 215104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-11-08 13:03:19 22328 ----a-w- c:\docume~1\hari\applic~1\PnkBstrK.sys
2009-11-08 13:02:42 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 13:02:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-08 13:02:41 0 d-----w- c:\windows\system32\LogFiles
2009-11-08 13:02:40 287 ----a-w- c:\windows\game.ini
2009-11-08 12:56:04 0 d-sh--w- c:\windows\ftpcache
2009-11-08 12:49:25 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-11-08 12:44:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-08 12:44:25 0 d-----w- c:\docume~1\hari\applic~1\DAEMON Tools Pro
2009-11-08 12:35:01 99 --sh--w- C:\AUTORUN.INF
2009-11-08 12:35:01 99 ----a-w- c:\windows\BACKINF.TAB
2009-11-08 11:43:15 0 d-----w- c:\program files\common files\ODBC
2009-11-08 11:43:12 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-08 11:42:43 0 d-----r- c:\documents and settings\all users\Documents
2009-11-08 11:20:25 0 d-----w- c:\docume~1\hari\applic~1\Xfire
2009-11-08 11:20:22 0 d-----w- c:\program files\Xfire
2009-11-08 11:16:53 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-08 11:16:23 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-11-08 11:16:03 0 d-----w- c:\program files\NVIDIA Corporation
2009-11-08 11:02:05 0 d-----w- c:\program files\Realtek
2009-11-08 10:59:21 0 d-----w- c:\program files\Yahoo!
2009-11-08 10:53:29 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-08 10:53:16 0 d--h--w- c:\program files\WindowsUpdate
2009-11-08 10:52:14 0 d-----w- c:\program files\common files\MSSoap
2009-11-08 10:50:59 0 d-----w- c:\program files\Online Services
2009-11-08 10:50:54 0 d-----w- c:\program files\Messenger
2009-11-08 10:50:49 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-08 10:49:57 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-10 17:21:49 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-09 21:13:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SaiKCB03_01005.Wdf
2009-11-09 21:13:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-09 21:13:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-11-09 21:13:08 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-11-08 11:03:51 15600 ----a-w- c:\windows\gdrv.sys
2009-11-08 11:02:02 315392 ----a-w- c:\windows\HideWin.exe
2009-11-08 10:51:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-27 17:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 15:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2007-09-09 10:39:58 45056 --sh--w- c:\windows\svchost.exe

============= FINISH: 15:06:16,92 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8.11.2009 11:56:07
System Uptime: 11.11.2009 14:57:49 (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3P
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/333mhz
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 37,009 GiB free.
D: is FIXED (NTFS) - 249 GiB total, 180,189 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8.11.2009 11:58:24 - System Checkpoint
RP2: 8.11.2009 12:01:36 - Installed Windows XP KB888111WXPSP2.
RP3: 8.11.2009 12:02:04 - Installed Realtek High Definition Audio Driver
RP4: 8.11.2009 12:04:25 - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP5: 8.11.2009 12:04:51 - Installed Gigabyte Raid Configurer
RP6: 8.11.2009 12:16:41 - Installed Windows Installer KB893803v2.
RP7: 8.11.2009 13:44:29 - SPTD setup V1.60
RP8: 8.11.2009 13:56:27 - Installed Call of Duty(R) 4 - Modern Warfare(TM)
RP9: 8.11.2009 14:05:13 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
RP10: 8.11.2009 14:06:24 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
RP11: 8.11.2009 14:07:14 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
RP12: 8.11.2009 15:41:35 - Installed Call of Duty(R) 2
RP13: 8.11.2009 15:50:48 - Installed Call of Duty(R) 2 Patch 1.3
RP14: 8.11.2009 16:53:04 - SPTD setup V1.62
RP15: 8.11.2009 16:56:29 - Installed Microsoft Office Enterprise 2007
RP16: 8.11.2009 16:59:46 - Printer Driver Send To Microsoft OneNote Driver Installed
RP17: 8.11.2009 17:45:17 - Installed Ventrilo Client
RP18: 8.11.2009 19:08:29 - Installed DirectX
RP19: 8.11.2009 20:44:09 - Installed Pro Evolution Soccer 2010.
RP20: 9.11.2009 21:57:41 - Installed DirectX
RP21: 9.11.2009 22:13:05 - Installed Windows XP Wdf01001.
RP22: 9.11.2009 22:13:43 - Installed Windows XP Wdf01005.
RP23: 10.11.2009 15:48:54 - Installed Java(TM) 6 Update 15

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
ESET Online Scanner v3
Gigabyte Raid Configurer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Java(TM) 6 Update 15
JDownloader
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (3.5.5)
MSVCRT
NVIDIA Drivers
NVIDIA nView Desktop Manager
Pro Evolution Soccer 2010
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Segoe UI
Seismovision 3 (remove only)
Ventrilo Client
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
X-ray Anti-Cheat
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

8.11.2009 14:55:32, error: Service Control Manager [7028] - The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
8.11.2009 11:59:59, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\usbui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
10.11.2009 21:04:23, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10.11.2009 21:04:21, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The Alerter service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

==== End Of File ===========================
 
Only one note! I ran eset online scanner. I found out that virus was on my removable hard disk so every time i reinstalled my windows i put rremovable disk back in so i got infected.

G:\ is my removable hard disk

I ran scan again with eset but this virus is still on my computer. I can post new log if you want.

Here it is if it helps:

C:\AUTORUN.INF a variant of Win32/VB.EL worm deleted - quarantined
C:\WINDOWS\Session.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
C:\WINDOWS\svchost.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
C:\WINDOWS\system32\FileKan.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
C:\WINDOWS\system32\SocksA.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
D:\AUTORUN.INF a variant of Win32/VB.EL worm deleted - quarantined
G:\tel.xls.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP114\A0025565.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP114\A0025629.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP115\A0025643.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP116\A0025656.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP117\A0025665.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP120\A0026242.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP121\A0026316.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{17ACC589-E01B-45B4-8301-D68A412C0F51}\RP121\A0026371.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{4197DB50-630E-490A-8DA6-30CAEFB0DA8B}\RP6\A0000172.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP7\A0000387.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP8\A0000394.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP8\A0000412.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP9\A0000438.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP10\A0000451.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP11\A0000461.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP11\A0000492.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP11\A0000544.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP11\A0000569.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP12\A0000586.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP14\A0000615.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP15\A0000772.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP16\A0000850.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP17\A0000884.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP17\A0000896.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP18\A0000933.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP19\A0000946.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP20\A0000956.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP21\A0000970.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP21\A0001088.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP22\A0001114.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP23\A0001127.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP27\A0001402.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP27\A0001570.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP28\A0002754.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{09F55A89-E8F5-4663-9E7B-0ABFD5D0C78B}\RP28\A0002779.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP6\A0000319.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP7\A0000324.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP7\A0000334.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP8\A0000350.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP9\A0000369.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP10\A0000375.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP11\A0000384.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP16\A0001630.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP17\A0001637.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP22\A0002416.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
G:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002496.exe a variant of Win32/VB.EL worm cleaned by deleting - quarantined
 
Hi,

Have your removable drive attached while following my instructions. That way we can try to get the drive clean.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
ComboFix 09-11-09.02 - hari 11.11.2009 15:19.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1669 [GMT 1:00]
Running from: c:\documents and settings\hari\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\tel.xls.exe
c:\windows\backinf.tab
c:\windows\session.exe
c:\windows\svchost.exe
c:\windows\system32\filekan.exe
c:\windows\system32\socksa.exe
c:\windows\ufdata2000.log
D:\Autorun.inf
D:\tel.xls.exe
G:\Autorun.inf
G:\tel.xls.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-10 18:01 . 2009-11-10 18:01 -------- d-----w- c:\program files\ESET
2009-11-10 14:49 . 2009-11-10 14:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 14:48 . 2009-11-10 14:48 -------- d-----w- c:\program files\Java
2009-11-10 14:48 . 2009-11-10 14:48 152576 ----a-w- c:\documents and settings\hari\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-11-09 21:13 . 2008-10-22 13:57 1419232 ----a-r- c:\windows\system32\WdfCoInstaller01005.dll
2009-11-09 20:57 . 2007-02-26 17:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-11-09 20:57 . 2007-02-26 17:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-11-09 20:57 . 2009-11-09 20:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-11-08 19:48 . 2009-11-08 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-08 19:48 . 2009-11-08 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-08 19:48 . 2009-11-08 19:48 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-08 19:48 . 2009-11-09 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-08 19:44 . 2009-11-08 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-08 18:09 . 2009-11-08 21:01 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\X-ray Anti-Cheat
2009-11-08 18:07 . 2009-11-08 18:07 -------- d-----w- c:\windows\Logs
2009-11-08 17:37 . 2009-11-10 14:46 -------- d-----w- c:\documents and settings\hari\Application Data\uTorrent
2009-11-08 17:25 . 2009-11-11 13:58 -------- d-----w- c:\documents and settings\hari\Tracing
2009-11-08 17:25 . 2009-11-08 17:25 -------- d-----w- c:\program files\Microsoft
2009-11-08 17:25 . 2009-11-08 17:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-08 17:24 . 2009-11-08 17:25 -------- d-----w- c:\program files\Windows Live
2009-11-08 17:22 . 2009-11-08 17:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-08 16:49 . 2009-11-08 16:57 -------- d-----w- c:\documents and settings\hari\Application Data\Ventrilo
2009-11-08 15:59 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-08 15:59 . 2009-11-08 15:59 -------- d-----w- c:\program files\Microsoft Works
2009-11-08 15:59 . 2009-11-08 15:59 -------- d-----w- c:\program files\MSBuild
2009-11-08 15:57 . 2009-11-08 15:59 -------- d-----w- c:\windows\SHELLNEW
2009-11-08 15:56 . 2009-11-08 15:56 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\Microsoft Help
2009-11-08 15:56 . 2009-11-08 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-08 15:52 . 2009-11-08 19:42 -------- d-----w- c:\documents and settings\hari\Application Data\DAEMON Tools Lite
2009-11-08 15:52 . 2009-11-08 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-08 13:16 . 2009-11-08 14:58 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\PunkBuster
2009-11-08 13:02 . 2009-11-10 17:21 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 13:02 . 2009-11-08 13:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-08 13:02 . 2009-11-08 13:02 -------- d-----w- c:\windows\system32\LogFiles
2009-11-08 12:56 . 2009-11-08 12:56 -------- d-sh--w- c:\windows\ftpcache
2009-11-08 12:49 . 2009-11-08 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-11-08 12:44 . 2009-11-08 15:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-08 12:44 . 2009-11-08 12:56 -------- d-----w- c:\documents and settings\hari\Application Data\DAEMON Tools Pro
2009-11-08 12:40 . 2009-11-08 12:40 0 ----a-w- c:\windows\nsreg.dat
2009-11-08 12:40 . 2009-11-08 12:40 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\Mozilla
2009-11-08 12:28 . 2009-11-08 17:21 68456 ----a-w- c:\documents and settings\hari\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 22:13 . 2009-11-08 11:20 -------- d-----w- c:\documents and settings\hari\Application Data\Xfire
2009-11-10 17:21 . 2009-11-08 13:03 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-10 14:16 . 2009-11-08 11:20 -------- d-----w- c:\program files\Xfire
2009-11-10 13:47 . 2009-11-08 10:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SaiKCB03_01005.Wdf
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-11-08 16:45 . 2009-11-08 11:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 14:41 . 2009-11-08 11:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-08 13:03 . 2009-11-08 13:03 22328 ----a-w- c:\documents and settings\hari\Application Data\PnkBstrK.sys
2009-11-08 13:03 . 2009-11-08 13:03 22328 ----a-w- c:\documents and settings\hari\Application Data\PnkBstrK.sys
2009-11-08 13:02 . 2009-11-08 11:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 11:21 . 2009-11-08 11:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-11-08 11:16 . 2009-11-08 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-08 11:16 . 2009-11-08 11:16 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-08 11:04 . 2009-11-08 11:02 -------- d-----w- c:\program files\Realtek
2009-11-08 11:04 . 2009-11-08 11:04 -------- d-----w- c:\documents and settings\hari\Application Data\InstallShield
2009-11-08 11:03 . 2009-11-08 10:58 15600 ----a-w- c:\windows\gdrv.sys
2009-11-08 11:02 . 2009-11-08 11:02 315392 ----a-w- c:\windows\HideWin.exe
2009-11-08 10:59 . 2009-11-08 10:59 -------- d-----w- c:\program files\Intel
2009-11-08 10:59 . 2009-11-08 10:59 -------- d-----w- c:\program files\Yahoo!
2009-11-08 10:54 . 2009-11-08 10:54 -------- d-----w- c:\program files\microsoft frontpage
2009-11-08 10:51 . 2009-11-08 10:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-06 02:14 . 2009-11-06 02:14 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-27 17:20 . 2009-09-27 17:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20 . 2009-09-27 17:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19 . 2009-09-27 17:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19 . 2009-09-27 17:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19 . 2009-09-27 17:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19 . 2009-09-27 17:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19 . 2009-09-27 17:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19 . 2009-09-27 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19 . 2009-09-27 17:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19 . 2009-09-27 17:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19 . 2009-09-27 17:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19 . 2009-09-27 17:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19 . 2009-09-27 17:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2009-09-27 15:12 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-04 16:44 . 2009-11-08 18:08 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-08 18:08 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-08 18:08 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-08 18:08 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [22.10.2008 14:57 106496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\hari\Application Data\Mozilla\Firefox\Profiles\mi4psrmw.default\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 15:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6E31F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a6e31f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
Completion time: 2009-11-11 15:21
ComboFix-quarantined-files.txt 2009-11-11 14:21

Pre-Run: 39.682.551.808 bytes free
Post-Run: 39.857.115.136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - D92AF2C3B74CFE2498DDBCF29B01FC71








DDS (Ver_09-10-26.01) - NTFSx86
Run by hari at 15:23:16,35 on sri 11.11.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1627 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
d:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\hari\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~1\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hari\applic~1\mozilla\firefox\profiles\mi4psrmw.default\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [2008-10-22 106496]

=============== Created Last 30 ================

2009-11-11 14:19:18 0 d-sha-r- C:\cmdcons
2009-11-11 14:18:25 98816 ----a-w- c:\windows\sed.exe
2009-11-11 14:18:25 77312 ----a-w- c:\windows\MBR.exe
2009-11-11 14:18:25 267264 ----a-w- c:\windows\PEV.exe
2009-11-11 14:18:25 161792 ----a-w- c:\windows\SWREG.exe
2009-11-10 18:01:25 0 d-----w- c:\program files\ESET
2009-11-10 14:49:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-10 14:49:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 20:57:45 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-11-09 20:57:45 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-11-09 20:57:44 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-11-08 19:48:36 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-08 19:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\KONAMI
2009-11-08 18:07:26 0 d-----w- c:\windows\Logs
2009-11-08 17:37:16 0 d-----w- c:\docume~1\hari\applic~1\uTorrent
2009-11-08 17:25:58 0 d-----w- c:\documents and settings\hari\Tracing
2009-11-08 17:25:33 0 d-----w- c:\program files\Microsoft
2009-11-08 17:25:19 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-08 17:22:18 0 d-----w- c:\program files\common files\Windows Live
2009-11-08 16:45:15 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-11-08 15:59:47 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-08 15:57:00 0 d-----w- c:\windows\SHELLNEW
2009-11-08 15:52:50 0 d-----w- c:\docume~1\hari\applic~1\DAEMON Tools Lite
2009-11-08 15:52:48 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-11-08 14:09:26 215104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-11-08 13:03:19 22328 ----a-w- c:\docume~1\hari\applic~1\PnkBstrK.sys
2009-11-08 13:02:42 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 13:02:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-08 13:02:41 0 d-----w- c:\windows\system32\LogFiles
2009-11-08 13:02:40 287 ----a-w- c:\windows\game.ini
2009-11-08 12:56:04 0 d-sh--w- c:\windows\ftpcache
2009-11-08 12:49:25 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-11-08 12:44:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-08 12:44:25 0 d-----w- c:\docume~1\hari\applic~1\DAEMON Tools Pro
2009-11-08 11:43:15 0 d-----w- c:\program files\common files\ODBC
2009-11-08 11:43:12 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-08 11:42:43 0 d-----r- c:\documents and settings\all users\Documents
2009-11-08 11:20:25 0 d-----w- c:\docume~1\hari\applic~1\Xfire
2009-11-08 11:20:22 0 d-----w- c:\program files\Xfire
2009-11-08 11:16:53 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-08 11:16:23 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-11-08 11:16:03 0 d-----w- c:\program files\NVIDIA Corporation
2009-11-08 11:02:05 0 d-----w- c:\program files\Realtek
2009-11-08 10:59:21 0 d-----w- c:\program files\Yahoo!
2009-11-08 10:53:29 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-08 10:53:16 0 d--h--w- c:\program files\WindowsUpdate
2009-11-08 10:52:14 0 d-----w- c:\program files\common files\MSSoap
2009-11-08 10:50:59 0 d-----w- c:\program files\Online Services
2009-11-08 10:50:54 0 d-----w- c:\program files\Messenger
2009-11-08 10:50:49 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-08 10:49:57 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-10 17:21:49 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-09 21:13:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SaiKCB03_01005.Wdf
2009-11-09 21:13:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-09 21:13:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-11-09 21:13:08 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-11-08 11:03:51 15600 ----a-w- c:\windows\gdrv.sys
2009-11-08 11:02:02 315392 ----a-w- c:\windows\HideWin.exe
2009-11-08 10:51:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-27 17:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 15:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

============= FINISH: 15:23:19,67 ===============
 
Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

If uTorrent is still installed there please remove it.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
c:\documents and settings\hari\Application Data\uTorrent
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Run ESET Online Scanner again and post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Any symptoms remaining?
 
Thanks! You really helped me! =)

Here is the log:

ComboFix 09-11-11.02 - hari 11.11.2009 21:08.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1615 [GMT 1:00]
Running from: c:\documents and settings\hari\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\hari\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\hari\Application Data\uTorrent
c:\documents and settings\hari\Application Data\uTorrent\Call.of.Duty.Modern.Warfare.2.STEAM.ENGLISH.READNFO-TorrentLeech.torrent
c:\documents and settings\hari\Application Data\uTorrent\dht.dat
c:\documents and settings\hari\Application Data\uTorrent\dht.dat.old
c:\documents and settings\hari\Application Data\uTorrent\Pro.Evolution.Soccer.2010-RELOADED.torrent
c:\documents and settings\hari\Application Data\uTorrent\resume.dat
c:\documents and settings\hari\Application Data\uTorrent\resume.dat.old
c:\documents and settings\hari\Application Data\uTorrent\rss.dat
c:\documents and settings\hari\Application Data\uTorrent\rss.dat.old
c:\documents and settings\hari\Application Data\uTorrent\settings.dat
c:\documents and settings\hari\Application Data\uTorrent\settings.dat.old

.
((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-10 18:01 . 2009-11-10 18:01 -------- d-----w- c:\program files\ESET
2009-11-10 14:49 . 2009-11-10 14:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-10 14:48 . 2009-11-10 14:48 -------- d-----w- c:\program files\Java
2009-11-10 14:48 . 2009-11-10 14:48 152576 ----a-w- c:\documents and settings\hari\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-11-09 21:13 . 2008-10-22 13:57 1419232 ----a-r- c:\windows\system32\WdfCoInstaller01005.dll
2009-11-09 20:57 . 2007-02-26 17:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-11-09 20:57 . 2007-02-26 17:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-11-09 20:57 . 2009-11-09 20:57 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-11-08 19:48 . 2009-11-08 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-08 19:48 . 2009-11-08 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-08 19:48 . 2009-11-08 19:48 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-08 19:48 . 2009-11-09 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-08 19:44 . 2009-11-08 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-11-08 18:09 . 2009-11-08 21:01 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\X-ray Anti-Cheat
2009-11-08 18:07 . 2009-11-08 18:07 -------- d-----w- c:\windows\Logs
2009-11-08 17:25 . 2009-11-11 20:03 -------- d-----w- c:\documents and settings\hari\Tracing
2009-11-08 17:25 . 2009-11-08 17:25 -------- d-----w- c:\program files\Microsoft
2009-11-08 17:25 . 2009-11-08 17:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-08 17:24 . 2009-11-08 17:25 -------- d-----w- c:\program files\Windows Live
2009-11-08 17:22 . 2009-11-08 17:22 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-08 16:49 . 2009-11-08 16:57 -------- d-----w- c:\documents and settings\hari\Application Data\Ventrilo
2009-11-08 15:59 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-08 15:59 . 2009-11-08 15:59 -------- d-----w- c:\program files\Microsoft Works
2009-11-08 15:59 . 2009-11-08 15:59 -------- d-----w- c:\program files\MSBuild
2009-11-08 15:57 . 2009-11-08 15:59 -------- d-----w- c:\windows\SHELLNEW
2009-11-08 15:56 . 2009-11-08 15:56 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\Microsoft Help
2009-11-08 15:56 . 2009-11-08 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-08 15:52 . 2009-11-08 19:42 -------- d-----w- c:\documents and settings\hari\Application Data\DAEMON Tools Lite
2009-11-08 15:52 . 2009-11-08 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-08 13:16 . 2009-11-08 14:58 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\PunkBuster
2009-11-08 13:02 . 2009-11-10 17:21 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 13:02 . 2009-11-08 13:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-08 13:02 . 2009-11-08 13:02 -------- d-----w- c:\windows\system32\LogFiles
2009-11-08 12:56 . 2009-11-08 12:56 -------- d-sh--w- c:\windows\ftpcache
2009-11-08 12:49 . 2009-11-08 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-11-08 12:44 . 2009-11-08 15:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-08 12:44 . 2009-11-08 12:56 -------- d-----w- c:\documents and settings\hari\Application Data\DAEMON Tools Pro
2009-11-08 12:40 . 2009-11-08 12:40 0 ----a-w- c:\windows\nsreg.dat
2009-11-08 12:40 . 2009-11-08 12:40 -------- d-----w- c:\documents and settings\hari\Local Settings\Application Data\Mozilla
2009-11-08 12:28 . 2009-11-08 17:21 68456 ----a-w- c:\documents and settings\hari\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 15:52 . 2009-11-08 11:20 -------- d-----w- c:\program files\Xfire
2009-11-10 22:13 . 2009-11-08 11:20 -------- d-----w- c:\documents and settings\hari\Application Data\Xfire
2009-11-10 17:21 . 2009-11-08 13:03 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-10 13:47 . 2009-11-08 10:53 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SaiKCB03_01005.Wdf
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-11-09 21:13 . 2009-11-09 21:13 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-11-08 16:45 . 2009-11-08 11:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-08 14:41 . 2009-11-08 11:01 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-08 13:03 . 2009-11-08 13:03 22328 ----a-w- c:\documents and settings\hari\Application Data\PnkBstrK.sys
2009-11-08 13:03 . 2009-11-08 13:03 22328 ----a-w- c:\documents and settings\hari\Application Data\PnkBstrK.sys
2009-11-08 13:02 . 2009-11-08 11:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 11:21 . 2009-11-08 11:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-11-08 11:16 . 2009-11-08 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-11-08 11:16 . 2009-11-08 11:16 -------- d-----w- c:\program files\NVIDIA Corporation
2009-11-08 11:04 . 2009-11-08 11:02 -------- d-----w- c:\program files\Realtek
2009-11-08 11:04 . 2009-11-08 11:04 -------- d-----w- c:\documents and settings\hari\Application Data\InstallShield
2009-11-08 11:03 . 2009-11-08 10:58 15600 ----a-w- c:\windows\gdrv.sys
2009-11-08 11:02 . 2009-11-08 11:02 315392 ----a-w- c:\windows\HideWin.exe
2009-11-08 10:59 . 2009-11-08 10:59 -------- d-----w- c:\program files\Intel
2009-11-08 10:59 . 2009-11-08 10:59 -------- d-----w- c:\program files\Yahoo!
2009-11-08 10:54 . 2009-11-08 10:54 -------- d-----w- c:\program files\microsoft frontpage
2009-11-08 10:51 . 2009-11-08 10:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-06 02:14 . 2009-11-06 02:14 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-27 17:20 . 2009-09-27 17:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20 . 2009-09-27 17:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19 . 2009-09-27 17:19 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19 . 2009-09-27 17:19 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19 . 2009-09-27 17:19 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19 . 2009-09-27 17:19 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19 . 2009-09-27 17:19 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19 . 2009-09-27 17:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19 . 2009-09-27 17:19 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19 . 2009-09-27 17:19 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19 . 2009-09-27 17:19 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19 . 2009-09-27 17:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19 . 2009-09-27 17:19 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12 . 2009-09-27 15:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12 . 2009-09-27 15:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12 . 2009-09-27 15:12 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 15:12 . 2009-09-27 15:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12 . 2009-09-27 15:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12 . 2009-09-27 15:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12 . 2009-09-27 15:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12 . 2009-09-27 15:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12 . 2009-09-27 15:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-04 16:44 . 2009-11-08 18:08 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44 . 2009-11-08 18:08 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:44 . 2009-11-08 18:08 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:29 . 2009-11-08 18:08 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29 . 2009-11-08 18:08 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-11_14.21.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 23:46 . 2006-12-01 23:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 23:08 . 2006-12-01 23:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 23:26 . 2006-12-01 23:26 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 23:25 . 2006-12-01 23:25 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 21:56 . 2006-12-01 21:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-11-11 20:03 . 2009-11-11 20:03 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat
+ 2009-11-08 13:03 . 2007-06-20 19:46 266088 c:\windows\system32\xactengine2_8.dll
- 2009-11-08 13:03 . 2007-05-31 18:30 266088 c:\windows\system32\xactengine2_8.dll
- 2009-11-08 18:08 . 2008-10-10 03:52 452440 c:\windows\system32\d3dx10_40.dll
+ 2009-11-08 18:08 . 2008-10-15 05:22 452440 c:\windows\system32\d3dx10_40.dll
+ 2009-11-11 14:31 . 2009-11-11 14:31 331264 c:\windows\Installer\1f051f.msi
+ 2006-12-01 23:25 . 2006-12-01 23:25 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 23:25 . 2006-12-01 23:25 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2009-11-08 18:08 . 2008-10-15 05:22 4379984 c:\windows\system32\D3DX9_40.dll
- 2009-11-08 18:08 . 2008-10-10 03:52 4379984 c:\windows\system32\D3DX9_40.dll
- 2009-11-08 18:08 . 2008-10-10 03:52 2036576 c:\windows\system32\D3DCompiler_40.dll
+ 2009-11-08 18:08 . 2008-10-15 05:22 2036576 c:\windows\system32\D3DCompiler_40.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=

S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [22.10.2008 14:57 106496]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\hari\Application Data\Mozilla\Firefox\Profiles\mi4psrmw.default\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-11-11 21:11
ComboFix-quarantined-files.txt 2009-11-11 20:10
ComboFix2.txt 2009-11-11 14:21

Pre-Run: 39.672.659.968 bytes free
Post-Run: 39.648.215.040 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 874DBFD0E5A259C869C4D2281A938160
 
Im little confused now. I just ran eset online scan again and it found more viruses then before (the same virus).

c22ad50d.bmp


And here is the log saved in .txt file:





C:\Qoobox\Quarantine\C\tel.xls.exe.vir a variant of Win32/VB.EL worm
C:\Qoobox\Quarantine\C\WINDOWS\Session.exe.vir a variant of Win32/VB.EL worm
C:\Qoobox\Quarantine\C\WINDOWS\svchost.exe.vir a variant of Win32/VB.EL worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\FileKan.exe.vir a variant of Win32/VB.EL worm
C:\Qoobox\Quarantine\C\WINDOWS\system32\SocksA.exe.vir a variant of Win32/VB.EL worm
C:\Qoobox\Quarantine\D\tel.xls.exe.vir a variant of Win32/VB.EL worm
C:\Qoobox\Quarantine\G\tel.xls.exe.vir a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP10\A0000371.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP11\A0000380.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP11\A0000411.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP11\A0000412.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP11\A0000413.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP11\A0000417.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP11\A0000418.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP17\A0001633.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP17\A0001643.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP17\A0001644.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP17\A0001645.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP17\A0001646.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP18\A0001662.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP18\A0001680.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP18\A0001694.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP18\A0001695.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP18\A0001696.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP19\A0001697.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP19\A0001763.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP19\A0001780.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP19\A0002194.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP20\A0002204.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP21\A0002237.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP22\A0002285.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP22\A0002292.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP22\A0002323.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP22\A0002405.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002424.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002498.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002499.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002500.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002503.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002513.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002525.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002531.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002532.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002533.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP23\A0002549.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP7\A0000320.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP7\A0000330.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP7\A0000339.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP7\A0000340.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP7\A0000341.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP8\A0000346.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP8\A0000357.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP8\A0000358.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP8\A0000359.exe a variant of Win32/VB.EL worm
C:\System Volume Information\_restore{2DD5CCE5-0C6B-410C-BC38-54D15862DE19}\RP9\A0000365.exe a variant of Win32/VB.EL worm
 
Hi,

All those findings are either quarantined or in system restore. Those will be removed when ComboFix is uninstalled and system restore resetted. That will be done in the final phase :)

May I see a fresh dds log too, please?
 
Ok, here it is:



DDS (Ver_09-10-26.01) - NTFSx86
Run by hari at 22:51:06,40 on sri 11.11.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1463 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Xfire\Xfire.exe
d:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\hari\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~1\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hari\applic~1\mozilla\firefox\profiles\mi4psrmw.default\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [2008-10-22 106496]

=============== Created Last 30 ================

2009-11-11 20:08:05 0 d-----w- C:\ComboFix
2009-11-11 14:46:12 0 d-----w- c:\windows\system32\appmgmt
2009-11-11 14:19:18 0 d-sha-r- C:\cmdcons
2009-11-11 14:18:25 98816 ----a-w- c:\windows\sed.exe
2009-11-11 14:18:25 77312 ----a-w- c:\windows\MBR.exe
2009-11-11 14:18:25 267264 ----a-w- c:\windows\PEV.exe
2009-11-11 14:18:25 161792 ----a-w- c:\windows\SWREG.exe
2009-11-10 18:01:25 0 d-----w- c:\program files\ESET
2009-11-10 14:49:05 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-10 14:49:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 20:57:45 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-11-09 20:57:45 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-11-09 20:57:44 0 d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-11-08 19:48:36 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-11-08 19:44:09 0 d-----w- c:\docume~1\alluse~1\applic~1\KONAMI
2009-11-08 18:07:26 0 d-----w- c:\windows\Logs
2009-11-08 17:25:58 0 d-----w- c:\documents and settings\hari\Tracing
2009-11-08 17:25:33 0 d-----w- c:\program files\Microsoft
2009-11-08 17:25:19 0 d-----w- c:\program files\Windows Live SkyDrive
2009-11-08 17:22:18 0 d-----w- c:\program files\common files\Windows Live
2009-11-08 16:45:15 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-11-08 15:59:47 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-08 15:57:00 0 d-----w- c:\windows\SHELLNEW
2009-11-08 15:52:50 0 d-----w- c:\docume~1\hari\applic~1\DAEMON Tools Lite
2009-11-08 15:52:48 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-11-08 14:09:26 215104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-11-08 13:03:19 22328 ----a-w- c:\docume~1\hari\applic~1\PnkBstrK.sys
2009-11-08 13:02:42 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-08 13:02:41 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-08 13:02:41 0 d-----w- c:\windows\system32\LogFiles
2009-11-08 13:02:40 287 ----a-w- c:\windows\game.ini
2009-11-08 12:56:04 0 d-sh--w- c:\windows\ftpcache
2009-11-08 12:49:25 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-11-08 12:44:29 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-08 12:44:25 0 d-----w- c:\docume~1\hari\applic~1\DAEMON Tools Pro
2009-11-08 11:43:15 0 d-----w- c:\program files\common files\ODBC
2009-11-08 11:43:12 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-08 11:42:43 0 d-----r- c:\documents and settings\all users\Documents
2009-11-08 11:20:25 0 d-----w- c:\docume~1\hari\applic~1\Xfire
2009-11-08 11:20:22 0 d-----w- c:\program files\Xfire
2009-11-08 11:16:53 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-08 11:16:23 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-11-08 11:16:03 0 d-----w- c:\program files\NVIDIA Corporation
2009-11-08 11:02:05 0 d-----w- c:\program files\Realtek
2009-11-08 10:59:21 0 d-----w- c:\program files\Yahoo!
2009-11-08 10:53:29 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-08 10:53:16 0 d--h--w- c:\program files\WindowsUpdate
2009-11-08 10:52:14 0 d-----w- c:\program files\common files\MSSoap
2009-11-08 10:50:59 0 d-----w- c:\program files\Online Services
2009-11-08 10:50:54 0 d-----w- c:\program files\Messenger
2009-11-08 10:50:49 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-08 10:49:57 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-10 17:21:49 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-09 21:13:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SaiKCB03_01005.Wdf
2009-11-09 21:13:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-09 21:13:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-11-09 21:13:08 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-11-08 11:03:51 15600 ----a-w- c:\windows\gdrv.sys
2009-11-08 11:02:02 315392 ----a-w- c:\windows\HideWin.exe
2009-11-08 10:51:15 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-27 17:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:20:00 81920 ----a-w- c:\windows\system32\nvwddi.dll
2009-09-27 17:19:52 3166208 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:19:50 4026368 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:19:48 3547136 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:19:48 188416 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:19:48 1286144 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:19:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:19:46 4935680 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:19:46 172100 ----a-w- c:\windows\system32\nvsvc32.exe
2009-09-27 17:19:46 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-09-27 17:19:46 13918208 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-27 17:19:40 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-09-27 15:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 15:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 15:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 15:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 15:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 15:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 15:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 15:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 15:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 15:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-04 16:44:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 16:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 16:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 16:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 16:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 16:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 16:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 16:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

============= FINISH: 22:51:10,46 ===============














UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8.11.2009 11:56:07
System Uptime: 11.11.2009 21:02:25 (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3P
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/333mhz
Processor: Intel Pentium III Xeon processor | Socket 775 | 2666/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 36,848 GiB free.
D: is FIXED (NTFS) - 249 GiB total, 140,116 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 233 GiB total, 232,813 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8.11.2009 11:58:24 - System Checkpoint
RP2: 8.11.2009 12:01:36 - Installed Windows XP KB888111WXPSP2.
RP3: 8.11.2009 12:02:04 - Installed Realtek High Definition Audio Driver
RP4: 8.11.2009 12:04:25 - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP5: 8.11.2009 12:04:51 - Installed Gigabyte Raid Configurer
RP6: 8.11.2009 12:16:41 - Installed Windows Installer KB893803v2.
RP7: 8.11.2009 13:44:29 - SPTD setup V1.60
RP8: 8.11.2009 13:56:27 - Installed Call of Duty(R) 4 - Modern Warfare(TM)
RP9: 8.11.2009 14:05:13 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
RP10: 8.11.2009 14:06:24 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
RP11: 8.11.2009 14:07:14 - Installed Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
RP12: 8.11.2009 15:41:35 - Installed Call of Duty(R) 2
RP13: 8.11.2009 15:50:48 - Installed Call of Duty(R) 2 Patch 1.3
RP14: 8.11.2009 16:53:04 - SPTD setup V1.62
RP15: 8.11.2009 16:56:29 - Installed Microsoft Office Enterprise 2007
RP16: 8.11.2009 16:59:46 - Printer Driver Send To Microsoft OneNote Driver Installed
RP17: 8.11.2009 17:45:17 - Installed Ventrilo Client
RP18: 8.11.2009 19:08:29 - Installed DirectX
RP19: 8.11.2009 20:44:09 - Installed Pro Evolution Soccer 2010.
RP20: 9.11.2009 21:57:41 - Installed DirectX
RP21: 9.11.2009 22:13:05 - Installed Windows XP Wdf01001.
RP22: 9.11.2009 22:13:43 - Installed Windows XP Wdf01005.
RP23: 10.11.2009 15:48:54 - Installed Java(TM) 6 Update 15
RP24: 11.11.2009 15:31:45 - Installed Microsoft Visual C++ 2005 Redistributable
RP25: 11.11.2009 15:31:53 - Installed DirectX
RP26: 11.11.2009 15:32:26 - Installed Steam
RP27: 11.11.2009 15:41:05 - Installed DirectX
RP28: 11.11.2009 15:46:02 - Removed Steam

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
ESET Online Scanner v3
Gigabyte Raid Configurer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Java(TM) 6 Update 15
JDownloader
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Xbox 360 Accessories 1.1
Mozilla Firefox (3.5.5)
MSVCRT
NVIDIA Drivers
Pro Evolution Soccer 2010
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Segoe UI
Seismovision 3 (remove only)
Ventrilo Client
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
X-ray Anti-Cheat
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

8.11.2009 14:55:32, error: Service Control Manager [7028] - The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
8.11.2009 11:59:59, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\usbui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
10.11.2009 21:04:23, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10.11.2009 21:04:21, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7034] - The Alerter service terminated unexpectedly. It has done this 1 time(s).
10.11.2009 21:04:11, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

==== End Of File ===========================
 
Hi,

Java still needs updating (instructions in post #7). After that it's time for final steps unless there're still issues left.



THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis





Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
    Antivir
    Avast!
    Good commercial ones are from:
    Kaspersky and
    ESET
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Thanks a ton man! Everything works fine now and my computer is fast! :D

I'm only wondering which metod of deleting "uTorrent" can i use if i install it again.

THANKS! ;)
 
You must log in or register to reply here.
Back
Top