[Not curable - Virut] Need serious help

DDS (Ver_10-03-17.01) - NTFSx86
Run by D at 16:34:08.32 on Sun 12/05/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20
AV: AVG Internet Security *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============


============== Pseudo HJT Report ===============

mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=%s
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\d\startm~1\programs\startup\limewi~1.lnk - d:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291610191595
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\d\applic~1\mozilla\firefox\profiles\dsb3wgv5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\SearchSettingsFF.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-12-06 04:37:14 80 -c--a-w- c:\windows\system32\asr_otqtja
2010-12-06 04:35:28 0 dc-h--w- C:\$AVG
2010-12-06 04:34:09 81 -c--a-w- c:\windows\system32\asr_baxcjb
2010-12-06 04:30:19 0 dc----w- c:\program files\AVG
2010-12-06 04:30:10 0 dc----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-12-06 04:29:33 0 dc----w- c:\docume~1\alluse~1.win\applic~1\avg9
2010-12-06 04:28:31 15880 -c--a-w- c:\windows\system32\lsdelete.exe
2010-12-06 04:27:52 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-12-06 04:27:44 95024 -c--a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-06 04:22:41 425984 -c--a-w- c:\windows\system32\AscConTest.dll
2010-12-06 04:22:41 36864 -c--a-w- c:\windows\system32\ascbalon.dll
2010-12-06 04:22:41 307200 -c--a-w- c:\windows\system32\AscSQLite.dll
2010-12-06 04:21:34 0 dc----w- c:\program files\Ascentive
2010-12-06 04:15:21 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 04:15:11 80 -c--a-w- c:\windows\system32\asr_buxqwk
2010-12-06 04:15:04 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 04:12:41 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2010-12-06 04:12:38 411368 -c--a-w- c:\windows\system32\deployJava1.dll
2010-12-06 04:12:04 0 dc----w- c:\program files\CCleaner
2010-12-06 04:07:28 0 dc-h--w- c:\docume~1\alluse~1.win\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-12-06 04:04:34 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-12-06 04:04:33 25608 -c--a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-12-06 04:04:32 161800 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-12-06 04:04:31 360584 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-12-06 04:04:22 0 dc----w- c:\docume~1\d\applic~1\Sammsoft
2010-12-06 04:03:44 333192 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-12-06 04:02:57 0 dc----w- c:\windows\system32\drivers\Avg
2010-12-06 04:01:21 50968 -c--a-w- c:\windows\system32\avgfwdx.dll
2010-12-06 04:01:21 30104 -c--a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-12-06 04:00:36 81 -c--a-w- c:\windows\system32\asr_hqqcbu
2010-12-06 03:55:37 0 dc----w- c:\docume~1\d\applic~1\Malwarebytes
2010-12-06 03:51:05 0 dc----w- c:\docume~1\d\applic~1\BitTorrent
2010-12-06 03:42:53 21728 -c--a-w- c:\windows\system32\wucltui.dll.mui
2010-12-06 03:42:50 17632 -c--a-w- c:\windows\system32\wuaueng.dll.mui
2010-12-06 03:42:45 15072 -c--a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-12-06 03:42:42 15064 -c--a-w- c:\windows\system32\wuapi.dll.mui
2010-12-06 00:24:32 0 dc----w- c:\windows\system32\CatRoot_bak
2010-12-06 00:23:50 80 -c--a-w- c:\windows\system32\asr_wkxmyu
2010-12-05 20:56:07 80 -c--a-w- c:\windows\system32\asr_zpxrab
2010-12-05 20:45:24 80 -c--a-w- c:\windows\system32\asr_zirrbj
2010-12-05 20:32:34 80 -c--a-w- c:\windows\system32\asr_itmwql
2010-12-05 20:18:18 80 -c--a-w- c:\windows\system32\asr_kfrrnz
2010-12-05 20:16:36 80 -c--a-w- c:\windows\system32\asr_ahgczv
2010-12-05 20:14:28 80 -c--a-w- c:\windows\system32\asr_gqpwbr
2010-12-05 20:09:34 80 -c--a-w- c:\windows\system32\asr_cezcsa
2010-12-05 20:07:11 80 -c--a-w- c:\windows\system32\asr_gmdytr

==================== Find3M ====================

2010-12-06 00:58:54 60416 -c--a-w- C:\gendel32.exe
2010-12-06 00:20:58 24064 -c--a-w- c:\windows\system32\upnpcont.exe
2010-12-06 00:19:59 84480 -c--a-w- c:\windows\system32\rtcshare.exe
2010-12-06 00:18:59 15360 -c--a-w- c:\windows\system32\lpr.exe
2010-12-06 00:08:47 528384 -c--a-w- c:\windows\system32\DivXsm.exe
2010-12-06 00:07:58 153600 -c--a-w- c:\windows\regedit.exe
2010-12-06 00:07:48 76288 -c--a-w- c:\windows\NOTEPAD.EXE
2010-12-06 00:07:34 306688 -c--a-w- c:\windows\IsUninst.exe
2010-12-06 00:07:28 17920 -c--a-w- c:\windows\hh.exe
2010-12-06 00:07:26 155648 -c--a-w- C:\UNWISE.EXE
2010-12-06 00:07:18 708608 -c--a-w- C:\StubInstaller.exe

============= FINISH: 16:38:14.87 ===============

Click to expand...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3
Advertising Center
ASIO4ALL
Ask Toolbar
AVG 9.0
AVS Audio Converter version 6.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BitTorrent
CCleaner
CD - DVD Publishing Service
Delta
DolbyFiles
Express Burn
FL Studio 9
FLV to MP3 Converter 1.5
Freez FLV to MP3 Converter
FriendBlasterPro
IL Download Manager
ImagXpress
Java Auto Updater
Java(TM) 6 Update 20
LimeWire 5.4.6
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.9.0
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Movie Templates - Starter Kit
Mozilla Firefox (3.5.8)
MySpace Views Increaser
Nero 9
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
PoiZone
Sawer
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 9.0
SoundTrax
Syncrosoft's License Control
SyncroSoft Emu (Remove only)
Toxic Biohazard
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Winamp
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinRAR archiver

==== End Of File ===========================

Click to expand...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/5/2010 4:01:25 PM
mbam-log-2010-12-05 (16-01-25).txt

Scan type: Quick scan
Objects scanned: 172702
Time elapsed: 1 hour(s), 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Hosts Controller (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\waittokillservicet (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\windows\fonts\unwise_.exe (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Click to expand...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/5/2010 4:10:41 PM
mbam-log-2010-12-05 (16-10-41).txt

Scan type: Quick scan
Objects scanned: 172702
Time elapsed: 1 hour(s), 2 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Windows_HOSTS_CONTROLLER (Worm.Kolab) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Hosts Controller (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\intime (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\reup (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\waittokillservicet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:\windows\fonts\unwise_.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Click to expand...

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"