Plz Help :-( :-( I am sick of this *censored* virus

[sharjeel]

Dear Users
Plzz Tell me which antivirus will detect it or scan it this "censored"virus on mouse pointer I have formatted my windows and also have deleted my whole partition 5 times and then I was able to get rid off this but again it has now in my pc when i have connected my friend  PC through team viewer the main problem of this *censored* virus is that it consumes the internet resources by destroying the internet speed it affects on mouse curser it at once to go any side of my desktop screen after 3-4 minutes plzz :-( I am now getting sick off this pointer virus
:-( :-( :-(

[sharjeel]

It seemed to me like this is some kind of mellinumum bugg or else virus my many friends have this *censored* virus

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
**************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
******************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[sharjeel]

Log Detail from Super Spyware
Here it is
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2011 at 08:05 PM

Application Version : 4.52.1000

Core Rules Database Version : 7057
Trace Rules Database Version: 4869

Scan type       : Complete Scan
Total Scan Time : 00:22:42

Memory items scanned      : 424
Memory threats detected   : 0
Registry items scanned    : 6036
Registry threats detected : 0
File items scanned        : 26718
File threats detected     : 5

Trojan.Agent/Gen-ImageDocFake
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8LEBCPUB\JYRTEPB[1].BMP
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8LEBCPUB\XQBFCT[1].BMP
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W1638PU3\FWHOQIIK[1].GIF
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WDAROH6R\JHIMGCV[1].GIF
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WDAROH6R\UKUHN[1].GIF

[sharjeel]

Now a Second Scan from Super Spyware including my USB
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/14/2011 at 09:01 PM

Application Version : 4.52.1000

Core Rules Database Version : 7057
Trace Rules Database Version: 4869

Scan type       : Complete Scan
Total Scan Time : 00:31:31

Memory items scanned      : 420
Memory threats detected   : 0
Registry items scanned    : 6049
Registry threats detected : 0
File items scanned        : 36515
File threats detected     : 2

Trojan.Agent/Gen-ImageDocFake
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\5RJQLUNI\VYKREBQA[1].GIF
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WHAV89MR\GUFKVP[1].GIF

[sharjeel]

Another from DDS
.
DDS (Ver_11-03-05.01) - NTFSx86 
Run by Administrator at 21:08:40.35 on Sat 05/14/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.765.262 [GMT 5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.internetdownloadmanager.com/welcome.html?v=518b2
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\internet download manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\idmmbc.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: {A687DCD5-A6BD-43D3-82DC-2CCB643854D3} = 203.99.163.240,202.125.132.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:  c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\gl03g850.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.pk
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\gl03g850.default\extensions\[email protected]\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\nppl3260.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin2.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin4.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin5.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npqtplugin6.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\nprpjplug.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: IDM CC: [email protected] - c:\documents and settings\administrator\application data\idm\idmmzcc3
FF - Ext: LastPass: [email protected] - %profile%\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-13 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-13 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-13 269480]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2011-5-13 239928]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-13 61960]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1779792]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [2011-5-13 42112]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-5-13 45056]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [2011-5-13 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [2011-5-13 30720]
.
=============== Created Last 30 ================
.
2011-05-14 15:20:30   --------   d-----w-   c:\docume~1\admini~1\applic~1\Malwarebytes
2011-05-14 15:18:59   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys9:11 PM 5/14/2011
2011-05-14 15:18:59   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-05-14 15:18:55   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-05-14 15:18:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-05-14 14:31:15   --------   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-14 14:31:15   --------   d-----w-   c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2011-05-14 14:31:06   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-05-14 09:21:24   221184   ----a-w-   c:\windows\system32\wmpns.dll
2011-05-14 07:54:51   26496   -c--a-w-   c:\windows\system32\dllcache\usbstor.sys
2011-05-13 22:11:58   --------   d-----w-   c:\windows\system32\NtmsData
2011-05-13 20:43:35   --------   d-----w-   c:\docume~1\admini~1\applic~1\TeamViewer
2011-05-13 20:42:54   --------   d-----w-   c:\program files\TeamViewer
2011-05-13 18:30:10   --------   d-----w-   c:\program files\COMODO
2011-05-13 18:29:39   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Comodo
2011-05-13 18:09:39   --------   d-----w-   c:\windows\Internet Logs
2011-05-13 16:58:01   106496   ----a-w-   c:\windows\system32\TwnLib20.dll
2011-05-13 16:57:59   476320   ------w-   c:\windows\system32\ImagXpr7.dll
2011-05-13 16:57:59   471040   ------w-   c:\windows\system32\ImagXRA7.dll
2011-05-13 16:57:59   364544   ------w-   c:\windows\system32\TwnLib4.dll
2011-05-13 16:57:59   262144   ------w-   c:\windows\system32\ImagXR7.dll
2011-05-13 16:57:59   1568768   ------w-   c:\windows\system32\ImagX7.dll
2011-05-13 16:57:58   38912   ------w-   c:\windows\system32\picn20.dll
2011-05-13 16:57:56   155648   ----a-w-   c:\windows\system32\NeroCheck.exe
2011-05-13 16:56:24   33104   ----a-w-   c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-05-13 16:56:24   32592   ----a-w-   c:\windows\system32\msonpmon.dll
2011-05-13 16:56:02   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Systweak
2011-05-13 16:51:13   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2011-05-13 16:50:36   --------   d-----w-   c:\windows\SHELLNEW
2011-05-13 16:50:08   --------   d-----w-   c:\docume~1\admini~1\locals~1\applic~1\Microsoft Help
2011-05-13 16:44:46   --------   d-----w-   c:\program files\PowerISO
2011-05-13 16:42:46   --------   d-----w-   c:\docume~1\admini~1\applic~1\Systweak
2011-05-13 16:41:59   17136   ----a-w-   c:\windows\system32\sasnative32.exe
2011-05-13 16:41:47   --------   d-----w-   c:\program files\Advanced System Optimizer 3
2011-05-13 16:07:04   --------   d-----w-   c:\docume~1\admini~1\locals~1\applic~1\LastPass
2011-05-13 16:06:20   --------   d-----w-   c:\program files\LastPass
.
==================== Find3M  ====================
.
2011-05-13 14:48:28   737280   ----a-w-   c:\windows\iun6002.exe
2011-05-13 14:25:10   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-05-13 14:25:10   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-05-13 14:23:24   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:36:04   284744   ----a-w-   c:\windows\system32\guard32.dll
2011-04-13 22:40:10   4284416   ----a-w-   c:\windows\system32\GPhotos.scr
2011-03-29 08:00:00   80896   ----a-w-   c:\windows\system32\ff_vfw.dll
2011-03-24 19:35:18   243200   ----a-w-   c:\windows\system32\xvidvfw.dll
2011-03-24 19:28:12   631808   ----a-w-   c:\windows\system32\xvidcore.dll
2011-03-19 19:00:38   151552   ----a-w-   c:\windows\system32\ac3acm.acm
2011-03-05 10:47:16   122368   ----a-w-   c:\windows\system32\lagarith.dll
2011-03-03 18:29:52   2712064   ----a-w-   c:\windows\system32\x264vfw.dll
2011-03-02 10:43:46   175616   ----a-w-   c:\windows\system32\unrar.dll
.
============= FINISH: 21:10:51.04 ===============

[sharjeel]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/13/2011 3:22:19 PM
System Uptime: 5/14/2011 9:03:01 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5G41T-M LX
Processor: Intel Pentium III Xeon processor | LGA775 | 2499/200mhz
Processor: Intel Pentium III Xeon processor | LGA775 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 19 GiB total, 10.422 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 15.804 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_1131&DEV_7130&SUBSYS_00001131&REV_01\4&CF81C54&0&08F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1131&DEV_7130&SUBSYS_00001131&REV_01\4&CF81C54&0&08F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
==== System Restore Points ===================
.
RP1: 5/13/2011 3:24:24 PM - System Checkpoint
RP2: 5/13/2011 3:33:45 PM - Installed Atheros Communications Inc.(R) AR81Family Gigabit/Fast
RP3: 5/13/2011 7:25:05 PM - Installed Java(TM) 6 Update 25
RP4: 5/13/2011 7:42:48 PM - Installed Windows XP KB915865.
RP5: 5/13/2011 7:54:29 PM - Installed Windows XP KB943232.
RP6: 5/13/2011 8:12:26 PM - Installed Windows XP KB943232.
RP7: 5/13/2011 8:24:43 PM - Installed DirectX
RP8: 5/13/2011 8:41:45 PM - Installed Windows XP --  Software Updates KB952011.
RP9: 5/13/2011 8:58:30 PM - Installed Windows XP KB942288-v3.
RP10: 5/13/2011 9:43:57 PM - Advanced System Optimizer - Registry Cleaner
RP11: 5/13/2011 9:49:20 PM - Installed Microsoft Office Enterprise 2007
RP12: 5/13/2011 9:56:12 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP13: 5/13/2011 9:58:45 PM - Installed Windows Media Format 9 Series Runtime Setup
RP14: 5/13/2011 11:30:07 PM - Installed COMODO Internet Security
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22beta
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
Advanced System Optimizer
Any Video Converter 3.2.3
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
CCleaner
COMODO Internet Security
Conduit Engine
Dungeon Siege 2
Foxit Reader
GOM Player
Google Chrome
Google Talk (remove only)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB943232)
Intel(R) Graphics Media Accelerator Driver
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 25
K-Lite Mega Codec Pack 7.1.0
LastPass (uninstall only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.17)
Nero OEM
Picasa 3
PowerISO
QT Lite 4.1.0
Real Alternative 2.0.2
Skype Toolbars
Skype™ 5.0
SUPERAntiSpyware
TeamViewer 6
TeraCopy 2.12
Unlocker 1.9.1
uTorrentBar Toolbar
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
5/13/2011 7:19:59 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/13/2011 7:04:59 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/13/2011 4:04:25 PM, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
5/13/2011 4:04:25 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
5/13/2011 4:04:25 PM, error: SideBySide [32]  - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
5/13/2011 11:08:29 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/13/2011 11:08:22 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================

[SuperDave]

P2P - I see you have P2P software installed on your machine (uTorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
************************************************
I would like to see the MBAM log.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[sharjeel]

It has detected root kit activity and then rebooted the PC here is the report log


ComboFix 11-05-14.01 - Administrator 05/15/2011  12:07:22.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.765.462 [GMT 5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-15 to 2011-05-15  )))))))))))))))))))))))))))))))
.
.
2011-05-13 16:49 . 2011-05-13 16:49   --------   d-----r-   C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40   4284416   ----a-w-   c:\windows\system32\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 08:51   3911776   ----a-w-   c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 08:51   3911776   ----a-w-   c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-09 3118512]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-04 6174008]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-13 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 2552648]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\PC Games\\Dungen Seig 2\\DungeonSiege2.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/13/2011 4:05 PM 136360]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [5/13/2011 9:41 PM 239928]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [5/13/2011 8:11 PM 42112]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [5/13/2011 3:27 PM 45056]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [5/13/2011 8:11 PM 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [5/13/2011 8:11 PM 30720]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.internetdownloadmanager.com/welcome.html?v=518b2
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download FLV videos with IDM from 10 last requested - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms
LSP: c:\windows\system32\idmmbc.dll
TCP: {A687DCD5-A6BD-43D3-82DC-2CCB643854D3} = 203.99.163.240,202.125.132.12
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gl03g850.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.pk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: IDM CC: [email protected] - c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3
FF - Ext: LastPass: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-AutorunRemover.exe - c:\program files\AutorunRemover\AutorunRemover.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-15 12:11
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\guard32.dll
c:\windows\system32\idmmbc.dll
.
Completion time: 2011-05-15  12:13:55
ComboFix-quarantined-files.txt  2011-05-15 07:13
.
Pre-Run: 11,029,012,480 bytes free
Post-Run: 12,145,455,104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3FBC5587045D0C0599FF4A60320D7822

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[sharjeel]

Mouse pointer virus is vanished completely :-) thanks  is google test is necessary??? but i shall paste the report
ThankX