Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security
Reload this Page

Help Needed Please Infected with Win32:Beagle-aaw

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register

 Default 

Help Needed Please Infected with Win32:Beagle-aaw




Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 5th Feb 2010, 16:22
Donor VIP
Posts: 38
 
Can someone please help my son has been on the computer today and it is now infected with a win32:Beagle-aaw Virus. It is shutting down Comodo Fire wall and trying to shut down Avast antivirus
__________________

My System: The corner

Processor(s):
Intel Pentium 4, 2933 MHz
Motherboard:
Gigabyte GA-8S661FXM-775
RAM Memory:
1023 MB
Graphics Card(s):
GeForce 7300 GT
Sound Card:
Realtek AC'97 onboard
Hard Drive(s):
Seagate 80 GB, Maxtor 120
Optical Drive(s):
DVDRW IDE 16X, PHILCrawla
Case / PSU:
Cooling:
Stock HSF
Network / Internet:
o2
Monitor(s):
Samsung 17"
Operating System(s):
Vista

  #2  
Old 5th Feb 2010, 20:11
Moderator
Posts: 7,561
 
Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link #1
Link #2

Rename ComboFix to Combo-Fix before saving it to the desktop.





Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista and Windows 7 users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.
__________________
The following user says thank you to evilfantasy for this post:
buzzby1080 (7th Feb 2010)
  #3  
Old 5th Feb 2010, 23:29
Donor VIP
Posts: 38
 
Evilfantasy thanks for coming to my rescue here is the log



ComboFix 10-02-05.03 - Derek 06/02/2010 6:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.697 [GMT 0:00]
Running from: d:\documents and settings\Derek.049087720362.004\Desktop\Combo-Fix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2963295381-3315715036-826276679-1003
c:\windows\system32\srosa2.sys
c:\windows\system32\Thumbs.db
d:\documents and settings\Derek.049087720362.004\Application Data\Desktopicon
d:\documents and settings\Derek.049087720362.004\Application Data\Desktopicon\eBay.ico
d:\documents and settings\Derek.049087720362.004\Application Data\Desktopicon\uninst.exe
d:\documents and settings\Derek.049087720362.004\Application Data\drivers\downld
d:\documents and settings\Derek.049087720362.004\Application Data\drivers\winupgro.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srosa


((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 05:59 . 2010-02-06 05:59 -------- d-----w- C:\Combo-Fix22726C
2010-02-06 05:59 . 2010-02-06 05:59 -------- d-----w- C:\Combo-Fix10241C
2010-02-06 05:57 . 2010-02-06 05:57 -------- d-----w- C:\Combo----Fix11794C
2010-02-06 05:56 . 2010-02-06 05:56 -------- d-----w- C:\Combo----Fix16469C
2010-02-06 05:55 . 2010-02-06 05:55 -------- d-----w- C:\Combo----Fix6235C
2010-02-06 05:54 . 2010-02-06 05:54 -------- d-----w- C:\Combo----Fix
2010-02-06 05:50 . 2010-02-06 05:50 -------- d-----w- C:\Combo-Fix8985C
2010-02-06 05:47 . 2010-02-06 05:47 -------- d-----w- C:\Combo-Fix27870C
2010-02-06 05:46 . 2010-02-06 05:46 -------- d-----w- C:\Combo-Fix8101C
2010-02-06 05:44 . 2010-02-06 05:44 -------- d-----w- C:\Combo-Fix27855C
2010-02-06 05:40 . 2010-02-06 05:40 -------- d-----w- C:\Combo-Fix3567C
2010-02-06 05:40 . 2010-02-06 05:40 -------- d-----w- C:\Combo-Fix24890C
2010-02-06 05:39 . 2010-02-06 05:39 -------- d-----w- C:\Combo-Fix
2010-02-05 21:19 . 2010-02-06 06:11 -------- d--h--w- d:\documents and settings\Derek.049087720362.004\Application Data\drivers
2010-02-05 20:03 . 2010-02-05 20:03 210672 ----a-w- d:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-05 19:35 . 2010-02-05 19:35 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-05 19:35 . 2010-02-05 19:35 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\SUPERAntiSpyware.com
2010-02-05 19:34 . 2010-02-05 19:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-05 15:44 . 2010-01-20 16:52 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-02-05 15:44 . 2010-01-28 20:35 1692288 ----a-w- c:\windows\system32\BootMan.exe
2010-02-05 15:44 . 2010-01-20 16:53 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-02-05 15:44 . 2010-01-20 16:53 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-02-05 15:44 . 2010-01-20 16:53 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-02-04 20:40 . 2010-02-04 20:40 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Local Settings\Application Data\Handy Software Lab
2010-02-04 20:40 . 2010-02-04 20:40 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\Handy Software Lab
2010-02-04 20:40 . 2010-02-04 20:40 -------- d-----w- d:\documents and settings\All Users\Application Data\Handy Software Lab
2010-02-04 07:34 . 2010-02-05 22:31 -------- d-----w- d:\documents and settings\All Users\Application Data\WinZip
2010-02-02 19:36 . 2010-02-02 19:36 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software
2010-02-02 07:29 . 2010-02-02 07:29 -------- d-----w- c:\windows\system32\Adobe
2010-02-01 19:01 . 2010-02-01 19:01 -------- d-----w- c:\windows\Sun
2010-02-01 16:52 . 2010-02-01 16:52 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\Malwarebytes
2010-02-01 16:52 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 16:52 . 2010-02-01 16:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 16:52 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 07:21 . 2010-02-01 07:21 -------- d-----w- c:\program files\MSBuild
2010-02-01 07:21 . 2010-02-01 07:21 -------- d-----w- c:\program files\Reference Assemblies
2010-02-01 06:48 . 2010-02-01 06:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 06:32 . 2010-02-01 06:32 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\AdobeUM
2010-02-01 06:13 . 2010-02-01 06:34 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
2010-01-31 22:28 . 2010-01-31 22:29 -------- d-----w- c:\windows\system32\URTTemp
2010-01-31 20:32 . 2010-01-31 21:33 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-31 19:28 . 2010-01-31 19:28 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-01-31 18:28 . 2010-01-31 18:28 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Local Settings\Application Data\PCHealth
2010-01-31 18:17 . 2010-01-31 18:17 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-31 18:16 . 2010-01-31 18:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-31 18:16 . 2010-01-31 18:16 -------- d-----w- c:\windows\system32\LogFiles
2010-01-31 18:06 . 2010-01-31 18:06 -------- d-sh--w- d:\documents and settings\Derek.049087720362.004\UserData
2010-01-31 18:06 . 2010-01-31 18:06 -------- d-sh--w- d:\documents and settings\Derek.049087720362.004\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 20:04 . 2010-01-31 15:55 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-02-03 21:11 . 2010-01-31 15:38 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-02 07:31 . 2010-01-31 16:25 -------- d-----w- c:\program files\Java
2010-02-02 07:15 . 2010-01-31 12:37 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-02 07:15 . 2010-01-31 12:37 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-01 07:23 . 2010-01-31 15:57 104816 ----a-w- d:\documents and settings\Derek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 06:42 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\AOL
2010-02-01 06:42 . 2010-01-31 16:25 -------- d-----w- c:\program files\Common Files\aolshare
2010-02-01 06:41 . 2010-01-31 16:25 -------- d-----w- c:\program files\Common Files\AOL
2010-01-31 16:34 . 2010-01-31 08:41 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\You've Got Pictures Screensaver
2010-01-31 16:34 . 2010-01-31 08:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Viewpoint
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Ulead Systems
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\SBSI
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\QuickTime
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\OD2
2010-01-31 16:29 . 2010-01-31 16:25 -------- d-----w- c:\program files\QuickTime
2010-01-31 16:26 . 2010-01-31 16:25 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-01-31 15:44 . 2010-01-31 15:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-31 15:44 . 2010-01-31 15:44 -------- d-----w- c:\program files\Microsoft.NET
2010-01-31 15:44 . 2010-01-31 15:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-31 15:41 . 2010-01-31 15:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-01-31 15:27 . 2010-01-31 15:27 2328832 ----a-w- c:\windows\system32\TUKernel.exe
2010-01-31 15:03 . 2010-01-31 15:02 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-31 15:03 . 2010-01-31 15:03 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\TuneUp Software
2010-01-31 15:02 . 2010-01-31 09:17 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-31 15:02 . 2010-01-31 15:02 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-31 14:37 . 2010-01-31 12:37 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-31 14:37 . 2010-01-31 12:37 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-31 13:14 . 2010-01-31 13:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Alwil Software
2010-01-31 12:58 . 2004-08-10 15:57 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-31 12:39 . 2010-01-31 12:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Comodo
2010-01-31 12:15 . 2010-01-31 12:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-31 10:26 . 2010-01-31 10:26 -------- d-----w- c:\program files\Partition Wizard Home Edition 4.2.2
2010-01-31 10:11 . 2010-01-31 08:42 47168 ----a-w- d:\documents and settings\Derek.049087720362.004\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 09:59 . 2010-01-31 09:59 -------- d-----w- d:\documents and settings\All Users\Application Data\SupportSoft
2010-01-31 09:59 . 2010-01-31 09:58 -------- d-----w- c:\program files\O2
2010-01-31 09:55 . 2010-01-31 09:55 -------- d-----w- c:\program files\O2_Installer
2010-01-31 09:51 . 2010-01-31 09:51 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-01-31 09:17 . 2010-01-31 09:17 -------- d-----w- d:\documents and settings\Derek\Application Data\TuneUp Software
2010-01-31 06:30 . 2010-01-31 06:30 -------- d-----w- d:\documents and settings\Derek\Application Data\Canneverbe_Limited
2010-01-30 15:50 . 2010-01-30 15:29 -------- d-----w- d:\documents and settings\Derek\Application Data\Stardock(2)
2010-01-28 22:09 . 2010-01-31 13:14 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-28 21:57 . 2010-01-31 13:14 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-28 21:57 . 2010-01-31 13:14 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-28 21:54 . 2010-01-31 13:14 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-28 21:54 . 2010-01-31 13:14 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-28 21:54 . 2010-01-31 13:14 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-28 21:54 . 2010-01-31 13:14 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-28 21:53 . 2010-01-31 13:14 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-27 04:28 . 2010-01-27 04:28 -------- d-----w- d:\documents and settings\Derek\Application Data\OD2
2010-01-26 18:55 . 2010-01-24 19:47 -------- d-----w- d:\documents and settings\Derek\Application Data\pdfforge
2010-01-24 19:47 . 2010-01-24 19:47 -------- d-----w- d:\documents and settings\Derek\Application Data\Search Settings
2010-01-24 15:05 . 2010-01-24 15:05 -------- d-----w- d:\documents and settings\Derek\Application Data\Ulead Systems
2010-01-24 14:23 . 2010-01-24 14:23 -------- d-----w- d:\documents and settings\Derek\Application Data\IsolatedStorage
2010-01-24 14:17 . 2010-01-24 14:17 -------- d-----w- d:\documents and settings\Derek\Application Data\Stardock
2010-01-24 14:12 . 2010-01-24 14:12 -------- d-----w- d:\documents and settings\Derek\Application Data\GlarySoft
2010-01-24 14:10 . 2010-01-24 14:10 -------- d-----w- d:\documents and settings\Derek\Application Data\FastStone
2010-01-19 11:57 . 2010-01-31 13:14 38848 ----a-w- c:\windows\system32\avastSS.scr
2009-12-22 05:35 . 2009-12-22 05:35 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 20:39 . 2010-01-31 10:21 461368 ----a-w- c:\windows\system32\pwNative.exe
2009-12-21 20:39 . 2010-01-31 10:21 16456 ----a-w- c:\windows\system32\pwdrvio.sys
2009-12-21 20:39 . 2010-01-31 10:21 11088 ----a-w- c:\windows\system32\pwdspio.sys
2009-12-21 19:14 . 2004-08-10 15:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 21:19 . 2010-01-31 15:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 21:14 . 2010-01-31 15:03 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-21 15:51 . 2004-08-10 15:37 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast5"="e:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
"COMODO Internet Security"="e:\program files\Comodo\COMODO Internet Security\cfp.exe" [2010-01-31 1800464]
"UnlockerAssistant"="e:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Derek.049087720362.004^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=d:\documents and settings\Derek.049087720362.004\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
2003-05-02 10:31 24576 ----a-w- c:\apps\ABOARD\ABOARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker]
2003-07-02 10:13 40960 ----a-w- c:\apps\EmailChecker\ech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 13:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 10:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 10:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 10:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\O2]
2008-03-28 22:47 198184 ----a-w- c:\program files\O2\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostOOBE]
2008-05-08 11:24 155648 ----a-w- c:\windows\system32\wscript.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-07-22 14:00 81920 ----a-r- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-31 12:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 10:43 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- e:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31/01/2010 13:14 163280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [31/01/2010 12:37 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [31/01/2010 12:37 25160]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/01/2010 13:14 19024]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:17 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S0 crpf;crpf;c:\windows\system32\drivers\crpf.sys --> c:\windows\system32\drivers\crpf.sys [?]
S0 csdf;csdf;c:\windows\system32\drivers\csdf.sys --> c:\windows\system32\drivers\csdf.sys [?]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S3 DfSdkS;Defragmentation-Service;"e:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe" --> e:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [05/02/2010 15:44 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [05/02/2010 15:44 8456]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 04:28 4639136]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [31/01/2010 10:21 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [31/01/2010 10:21 11088]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 21:23]

2010-01-24 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2010-01-31 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2010-01-24 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2010-02-05 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 08:03]
.
.
------- Supplementary Scan -------
.
uStart Page = file://c:\apps\IE\offline\uk.htm
IE: Customize Menu - file://e:\program files\roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://e:\program files\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://e:\program files\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://e:\program files\roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - d:\documents and settings\Derek.049087720362.004\Application Data\Mozilla\Firefox\Profiles\237i0j39.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/?p=us
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documents and settings\Derek.049087720362.004\Application Data\Mozilla\Firefox\Profiles\237i0j39.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
SharedTaskScheduler-{1984DD45-52CF-49cd-AB77-18F378FEA264} - (no file)
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
AddRemove-eBay Icon - d:\documents and settings\Derek.049087720362.004\Application Data\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 06:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
d:\documents and settings\Derek.049087720362.004\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
d:\documents and settings\Derek.049087720362.004\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(3848)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Comodo\COMODO Internet Security\cmdagent.exe
e:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Completion time: 2010-02-06 06:19:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-06 06:19

Pre-Run: 38,568,984,576 bytes free
Post-Run: 38,423,756,800 bytes free

- - End Of File - - CC7C2E9694AAF2C5009CB6082D9247F5
  #4  
Old 5th Feb 2010, 23:36
Moderator
Posts: 7,561
 
Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

----------

Next post add:
  • MBAM log
  • Both DDS logs
__________________
The following user says thank you to evilfantasy for this post:
buzzby1080 (7th Feb 2010)
  #5  
Old 5th Feb 2010, 23:55
Donor VIP
Posts: 38
 
Malwarebytes' Anti-Malware 1.44
Database version: 3696
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/02/2010 06:44:39
mbam-log-2010-02-06 (06-44-39).txt

Scan type: Quick Scan
Objects scanned: 130317
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



DDS (Ver_09-09-29.01) - NTFSx86
Run by Derek at 6:47:32.43 on 06/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.594 [GMT 0:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
e:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Program Files\Comodo\COMODO Internet Security\cfp.exe
E:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Documents and Settings\Derek.049087720362.004\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = file://c:\apps\ie\offline\uk.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {724d43a0-0d85-11d4-9908-00400523e39a} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast5] e:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [COMODO Internet Security] "e:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [UnlockerAssistant] "e:\program files\unlocker\UnlockerAssistant.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Customize Menu - file://e:\program files\roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Fill Forms - file://e:\program files\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://e:\program files\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://e:\program files\roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - e:\program files\roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - e:\program files\roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - e:\program files\roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264324303312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\derek0~1.004\applic~1\mozilla\firefox\profiles\237i0j39.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/?p=us
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: d:\documents and settings\derek.049087720362.004\application data\mozilla\firefox\profiles\237i0j39.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-31 163280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-31 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-31 25160]
R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-31 19024]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-1-31 40384]
R2 cmdAgent;COMODO Internet Security Helper Service;e:\program files\comodo\comodo internet security\cmdagent.exe [2010-1-31 723632]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808]
R3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-1-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-1-31 40384]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S0 crpf;crpf;c:\windows\system32\drivers\crpf.sys --> c:\windows\system32\drivers\crpf.sys [?]
S0 csdf;csdf;c:\windows\system32\drivers\csdf.sys --> c:\windows\system32\drivers\csdf.sys [?]
S2 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]
S3 DfSdkS;Defragmentation-Service;"e:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\dfsdks.exe" --> e:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\Dfsdks.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-2-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-2-5 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-1-31 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-1-31 11088]
S3 SASENUM;SASENUM;e:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-06 06:07 261,632 a------- c:\windows\PEV.exe
2010-02-06 06:07 161,792 a------- c:\windows\SWREG.exe
2010-02-06 06:07 98,816 a------- c:\windows\sed.exe
2010-02-06 06:07 77,312 a------- c:\windows\MBR.exe
2010-02-06 05:59 <DIR> --d----- C:\Combo-Fix22726C
2010-02-06 05:59 <DIR> --d----- C:\Combo-Fix10241C
2010-02-06 05:57 <DIR> --d----- C:\Combo----Fix11794C
2010-02-06 05:56 <DIR> --d----- C:\Combo----Fix16469C
2010-02-06 05:55 <DIR> --d----- C:\Combo----Fix6235C
2010-02-06 05:54 <DIR> --d----- C:\Combo----Fix
2010-02-06 05:50 <DIR> --d----- C:\Combo-Fix8985C
2010-02-06 05:47 <DIR> --d----- C:\Combo-Fix27870C
2010-02-06 05:46 <DIR> --d----- C:\Combo-Fix8101C
2010-02-06 05:44 <DIR> --d----- C:\Combo-Fix27855C
2010-02-06 05:40 <DIR> --d----- C:\Combo-Fix3567C
2010-02-06 05:40 <DIR> --d----- C:\Combo-Fix24890C
2010-02-06 05:39 <DIR> --d----- C:\Combo-Fix
2010-02-05 21:19 <DIR> --d-h--- d:\docume~1\derek0~1.004\applic~1\drivers
2010-02-05 19:35 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-05 19:35 <DIR> --d----- d:\docume~1\derek0~1.004\applic~1\SUPERAntiSpyware.com
2010-02-05 19:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2010-02-05 18:29 <DIR> --d----- c:\windows\pss
2010-02-05 15:44 14,848 a------- c:\windows\system32\EuEpmGdi.dll
2010-02-05 15:44 1,692,288 a------- c:\windows\system32\BootMan.exe
2010-02-05 15:44 86,408 a------- c:\windows\system32\setupempdrv03.exe
2010-02-05 15:44 8,456 a------- c:\windows\system32\EuGdiDrv.sys
2010-02-05 15:44 13,192 a------- c:\windows\system32\epmntdrv.sys
2010-02-04 20:40 <DIR> --d----- d:\docume~1\derek0~1.004\applic~1\Handy Software Lab
2010-02-04 20:40 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Handy Software Lab
2010-02-02 07:29 <DIR> --d----- c:\windows\system32\Adobe
2010-02-01 16:52 <DIR> --d----- d:\docume~1\derek0~1.004\applic~1\Malwarebytes
2010-02-01 16:52 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 16:52 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-02-01 16:52 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-31 22:28 <DIR> --d----- c:\windows\system32\URTTemp
2010-01-31 20:32 <DIR> --d----- c:\windows\SxsCaPendDel
2010-01-31 18:17 <DIR> --d----- c:\program files\Windows Media Connect 2
2010-01-31 18:16 <DIR> --d----- c:\windows\system32\LogFiles
2010-01-31 18:06 <DIR> --dsh--- d:\documents and settings\derek.049087720362.004\UserData
2010-01-31 18:06 <DIR> --dsh--- d:\documents and settings\derek.049087720362.004\IECompatCache
2010-01-31 16:34 <DIR> --dsh--- d:\documents and settings\all users\DRM
2010-01-31 16:34 <DIR> --d--r-- d:\documents and settings\all users\Documents
2010-01-31 16:34 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Viewpoint
2010-01-31 16:34 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SBSI
2010-01-31 16:34 <DIR> --d----- d:\docume~1\alluse~1\applic~1\OD2
2010-01-31 16:25 <DIR> --d----- c:\program files\Windows NT
2010-01-31 16:25 <DIR> --d----- c:\program files\Windows Media Components
2010-01-31 16:25 <DIR> --d----- c:\program files\Viewpoint
2010-01-31 16:25 <DIR> --d----- c:\program files\Ulead Systems
2010-01-31 16:25 <DIR> --d----- c:\program files\Sonic
2010-01-31 16:25 <DIR> --d----- c:\program files\Online Services
2010-01-31 16:25 <DIR> --d----- c:\program files\MSN Gaming Zone
2010-01-31 16:25 <DIR> --d----- c:\program files\Learn2.com
2010-01-31 16:25 <DIR> --d----- c:\program files\GMixon
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\xing shared
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\Ulead Systems
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\SureThing Shared
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\SpeechEngines
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\Real
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\Nullsoft
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\MSSoap
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\aolshare
2010-01-31 16:25 <DIR> --d----- c:\program files\common files\AOL
2010-01-31 15:44 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2010-01-31 15:44 <DIR> --d----- d:\documents and settings\all users\Microsoft
2010-01-31 15:44 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2010-01-31 15:41 <DIR> --d----- c:\program files\Microsoft Analysis Services
2010-01-31 15:03 <DIR> --d----- d:\docume~1\derek0~1.004\applic~1\TuneUp Software
2010-01-31 15:02 <DIR> --d----- c:\program files\TuneUp Utilities 2010
2010-01-31 15:02 <DIR> --dsh--- d:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-31 13:30 <DIR> --dsh--- d:\documents and settings\derek.049087720362.004\PrivacIE
2010-01-31 13:14 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-31 12:37 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Comodo
2010-01-31 12:34 <DIR> --dsh--- d:\documents and settings\derek.049087720362.004\IETldCache
2010-01-31 10:26 <DIR> --d----- c:\program files\Partition Wizard Home Edition 4.2.2
2010-01-31 09:58 <DIR> --d----- c:\program files\O2
2010-01-31 09:55 <DIR> --d----- c:\program files\O2_Installer
2010-01-31 09:51 <DIR> --d----- c:\program files\common files\SupportSoft
2010-01-31 09:17 <DIR> --d----- d:\docume~1\alluse~1\applic~1\TuneUp Software
2010-01-31 08:41 <DIR> --d----- d:\docume~1\derek0~1.004\applic~1\You've Got Pictures Screensaver

==================== Find3M ====================

2010-02-02 07:15 171,552 a------- c:\windows\system32\guard32.dll
2010-02-02 07:15 134,344 a------- c:\windows\system32\drivers\cmdguard.sys
2010-01-31 15:27 2,328,832 a------- c:\windows\system32\TUKernel.exe
2010-01-31 14:37 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2010-01-31 12:58 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2010-01-31 12:15 411,368 a------- c:\windows\system32\deploytk.dll
2009-12-22 05:35 81,920 -------- c:\windows\system32\ieencode.dll
2009-12-22 05:35 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-12-21 20:39 461,368 a------- c:\windows\system32\pwNative.exe
2009-12-21 20:39 16,456 a------- c:\windows\system32\pwdrvio.sys
2009-12-21 20:39 11,088 a------- c:\windows\system32\pwdspio.sys
2009-12-21 13:19 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-17 21:19 30,536 a------- c:\windows\system32\TURegOpt.exe
2009-12-17 21:14 30,024 a------- c:\windows\system32\uxtuneup.dll
2009-12-11 08:38 69,120 -------- c:\windows\system32\dllcache\iecompat.dll
2009-11-21 15:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-21 15:51 471,552 -------- c:\windows\system32\dllcache\aclayers.dll

============= FINISH: 6:48:10.03 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 24/01/2010 08:59:53
System Uptime: 02/06/2010 06:29:56 (-2784 hours ago)
Processor: Intel(R) Pentium(R) 4 CPU 2.93GHz | Socket 775 | 2934/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 47 GiB total, 35.813 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 10.707 GiB free.
E: is FIXED (NTFS) - 70 GiB total, 69.385 GiB free.
F: is FIXED (NTFS) - 44 GiB total, 27.243 GiB free.
G: is CDROM (CDFS)
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP53: 05/02/2010 21:07:21 - Revo Uninstaller's restore point - WinZip 14.0
RP54: 05/02/2010 21:07:50 - Removed WinZip 14.0
RP55: 05/02/2010 21:17:31 - Installed WinZip 14.0
RP56: 05/02/2010 22:31:06 - Revo Uninstaller's restore point - WinZip 14.0
RP57: 05/02/2010 22:31:32 - Removed WinZip 14.0
RP58: 06/02/2010 05:48:34 - Revo Uninstaller's restore point - East-Tec Backup 2009 2.3

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Alchemy Mahjong 1.0.0.0
avast! Free Antivirus
CCleaner
COMODO Internet Security
EASEUS Partition Master 5.0.1 Professional
FileHippo.com Update Checker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
Java Auto Updater
Java(TM) 6 Update 17
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14 (Beta)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.7)
MyDefrag v4.2.7
NVIDIA Drivers
O2 Broadband Assistant
O2InstV2Win7UpdateV1
Partition Wizard Home Edition 4.2.2
Revo Uninstaller 1.85
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SiS 900 PCI Fast Ethernet Adapter Driver
Sonic RecordNow!
Speccy
SUPERAntiSpyware Professional
TuneUp Utilities
TuneUp Utilities Language Pack (en-GB)
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip 14.0

==== Event Viewer Messages From Past Week ========

06/02/2010 06:12:14, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
06/02/2010 06:08:09, error: Service Control Manager [7034] - The Generic Service for HID Keyboard Input Collections service terminated unexpectedly. It has done this 1 time(s).
05/02/2010 22:50:47, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The class is configured to run as a security id different from the caller
05/02/2010 21:24:19, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
05/02/2010 21:24:00, error: Service Control Manager [7034] - The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s).
04/02/2010 06:29:47, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.UtilitiesSvc service.
03/02/2010 13:30:32, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
02/02/2010 16:00:49, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
01/02/2010 17:10:09, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417).
01/02/2010 17:09:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
01/02/2010 17:09:42, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707).
01/02/2010 17:09:30, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
01/02/2010 06:35:04, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================
  #6  
Old 6th Feb 2010, 10:37
Moderator
Posts: 7,561
 
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

----------

Delete ComboFix and download a new copy. Don't rename it this time.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

DDS::
TB: {724d43a0-0d85-11d4-9908-00400523e39a} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program  files\messenger\msmsgs.exe

Folder::
c:\program  files\messenger
C:\Combo-Fix22726C
 C:\Combo-Fix10241C
 C:\Combo----Fix11794C
 C:\Combo----Fix16469C
C:\Combo----Fix6235C
 C:\Combo----Fix
 C:\Combo-Fix8985C
 C:\Combo-Fix27870C
 C:\Combo-Fix8101C
 C:\Combo-Fix27855C
 C:\Combo-Fix3567C
 C:\Combo-Fix24890C
 C:\Combo-Fix
c:\program files\Viewpoint
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
__________________
The following user says thank you to evilfantasy for this post:
buzzby1080 (7th Feb 2010)
  #7  
Old 6th Feb 2010, 15:55
Donor VIP
Posts: 38
 
Have run comboFix but i am having problems with Java have followed your instruction the up date is looking for file "jre1.6.0_17-c-l.msi"


ComboFix 10-02-05.04 - Derek 06/02/2010 18:22:00.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.632 [GMT 0:00]
Running from: d:\documents and settings\Derek.049087720362.004\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Derek.049087720362.004\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-06 08:47 . 2010-02-06 08:47 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\Comodo
2010-02-05 21:19 . 2010-02-06 06:11 -------- d--h--w- d:\documents and settings\Derek.049087720362.004\Application Data\drivers
2010-02-05 20:03 . 2010-02-05 20:03 210672 ----a-w- d:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-05 19:35 . 2010-02-05 19:35 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-05 19:35 . 2010-02-05 19:35 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\SUPERAntiSpyware.com
2010-02-05 19:34 . 2010-02-05 19:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-05 15:44 . 2010-01-20 16:52 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-02-05 15:44 . 2010-01-28 20:35 1692288 ----a-w- c:\windows\system32\BootMan.exe
2010-02-05 15:44 . 2010-01-20 16:53 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-02-05 15:44 . 2010-01-20 16:53 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-02-05 15:44 . 2010-01-20 16:53 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-02-04 20:40 . 2010-02-04 20:40 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Local Settings\Application Data\Handy Software Lab
2010-02-04 20:40 . 2010-02-04 20:40 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\Handy Software Lab
2010-02-04 20:40 . 2010-02-04 20:40 -------- d-----w- d:\documents and settings\All Users\Application Data\Handy Software Lab
2010-02-04 07:34 . 2010-02-05 22:31 -------- d-----w- d:\documents and settings\All Users\Application Data\WinZip
2010-02-02 19:36 . 2010-02-02 19:36 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY\Application Data\TuneUp Software
2010-02-02 07:29 . 2010-02-02 07:29 -------- d-----w- c:\windows\system32\Adobe
2010-02-01 19:01 . 2010-02-01 19:01 -------- d-----w- c:\windows\Sun
2010-02-01 16:52 . 2010-02-01 16:52 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\Malwarebytes
2010-02-01 16:52 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 16:52 . 2010-02-01 16:52 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 16:52 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 07:21 . 2010-02-01 07:21 -------- d-----w- c:\program files\MSBuild
2010-02-01 07:21 . 2010-02-01 07:21 -------- d-----w- c:\program files\Reference Assemblies
2010-02-01 06:48 . 2010-02-01 06:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 06:32 . 2010-02-01 06:32 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\AdobeUM
2010-02-01 06:13 . 2010-02-01 06:34 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS
2010-01-31 22:28 . 2010-01-31 22:29 -------- d-----w- c:\windows\system32\URTTemp
2010-01-31 20:32 . 2010-01-31 21:33 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-31 19:28 . 2010-01-31 19:28 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-01-31 18:28 . 2010-01-31 18:28 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Local Settings\Application Data\PCHealth
2010-01-31 18:17 . 2010-01-31 18:17 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-31 18:16 . 2010-01-31 18:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-31 18:16 . 2010-01-31 18:16 -------- d-----w- c:\windows\system32\LogFiles
2010-01-31 18:06 . 2010-01-31 18:06 -------- d-sh--w- d:\documents and settings\Derek.049087720362.004\UserData
2010-01-31 18:06 . 2010-01-31 18:06 -------- d-sh--w- d:\documents and settings\Derek.049087720362.004\IECompatCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 18:28 . 2010-01-31 15:55 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-02-03 21:11 . 2010-01-31 15:38 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-02 07:31 . 2010-01-31 16:25 -------- d-----w- c:\program files\Java
2010-02-02 07:15 . 2010-01-31 12:37 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-02 07:15 . 2010-01-31 12:37 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-01 07:23 . 2010-01-31 15:57 104816 ----a-w- d:\documents and settings\Derek\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 06:42 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\AOL
2010-02-01 06:42 . 2010-01-31 16:25 -------- d-----w- c:\program files\Common Files\aolshare
2010-02-01 06:41 . 2010-01-31 16:25 -------- d-----w- c:\program files\Common Files\AOL
2010-01-31 16:34 . 2010-01-31 08:41 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\You've Got Pictures Screensaver
2010-01-31 16:34 . 2010-01-31 08:40 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Viewpoint
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\Ulead Systems
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\SBSI
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\QuickTime
2010-01-31 16:34 . 2010-01-31 16:34 -------- d-----w- d:\documents and settings\All Users\Application Data\OD2
2010-01-31 16:29 . 2010-01-31 16:25 -------- d-----w- c:\program files\QuickTime
2010-01-31 16:26 . 2010-01-31 16:25 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-01-31 15:44 . 2010-01-31 15:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-01-31 15:44 . 2010-01-31 15:44 -------- d-----w- c:\program files\Microsoft.NET
2010-01-31 15:44 . 2010-01-31 15:44 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-31 15:41 . 2010-01-31 15:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-01-31 15:27 . 2010-01-31 15:27 2328832 ----a-w- c:\windows\system32\TUKernel.exe
2010-01-31 15:03 . 2010-01-31 15:02 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-31 15:03 . 2010-01-31 15:03 -------- d-----w- d:\documents and settings\Derek.049087720362.004\Application Data\TuneUp Software
2010-01-31 15:02 . 2010-01-31 09:17 -------- d-----w- d:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-31 15:02 . 2010-01-31 15:02 -------- d-sh--w- d:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-31 14:37 . 2010-01-31 12:37 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-31 14:37 . 2010-01-31 12:37 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-31 13:14 . 2010-01-31 13:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Alwil Software
2010-01-31 12:58 . 2004-08-10 15:57 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-31 12:39 . 2010-01-31 12:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Comodo
2010-01-31 12:15 . 2010-01-31 12:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-31 10:26 . 2010-01-31 10:26 -------- d-----w- c:\program files\Partition Wizard Home Edition 4.2.2
2010-01-31 10:11 . 2010-01-31 08:42 47168 ----a-w- d:\documents and settings\Derek.049087720362.004\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 09:59 . 2010-01-31 09:59 -------- d-----w- d:\documents and settings\All Users\Application Data\SupportSoft
2010-01-31 09:59 . 2010-01-31 09:58 -------- d-----w- c:\program files\O2
2010-01-31 09:55 . 2010-01-31 09:55 -------- d-----w- c:\program files\O2_Installer
2010-01-31 09:51 . 2010-01-31 09:51 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-01-31 09:17 . 2010-01-31 09:17 -------- d-----w- d:\documents and settings\Derek\Application Data\TuneUp Software
2010-01-31 06:30 . 2010-01-31 06:30 -------- d-----w- d:\documents and settings\Derek\Application Data\Canneverbe_Limited
2010-01-30 15:50 . 2010-01-30 15:29 -------- d-----w- d:\documents and settings\Derek\Application Data\Stardock(2)
2010-01-28 22:09 . 2010-01-31 13:14 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-28 21:57 . 2010-01-31 13:14 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-28 21:57 . 2010-01-31 13:14 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-28 21:54 . 2010-01-31 13:14 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-28 21:54 . 2010-01-31 13:14 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-28 21:54 . 2010-01-31 13:14 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-28 21:54 . 2010-01-31 13:14 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-28 21:53 . 2010-01-31 13:14 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-27 04:28 . 2010-01-27 04:28 -------- d-----w- d:\documents and settings\Derek\Application Data\OD2
2010-01-26 18:55 . 2010-01-24 19:47 -------- d-----w- d:\documents and settings\Derek\Application Data\pdfforge
2010-01-24 19:47 . 2010-01-24 19:47 -------- d-----w- d:\documents and settings\Derek\Application Data\Search Settings
2010-01-24 15:05 . 2010-01-24 15:05 -------- d-----w- d:\documents and settings\Derek\Application Data\Ulead Systems
2010-01-24 14:23 . 2010-01-24 14:23 -------- d-----w- d:\documents and settings\Derek\Application Data\IsolatedStorage
2010-01-24 14:17 . 2010-01-24 14:17 -------- d-----w- d:\documents and settings\Derek\Application Data\Stardock
2010-01-24 14:12 . 2010-01-24 14:12 -------- d-----w- d:\documents and settings\Derek\Application Data\GlarySoft
2010-01-24 14:10 . 2010-01-24 14:10 -------- d-----w- d:\documents and settings\Derek\Application Data\FastStone
2010-01-19 11:57 . 2010-01-31 13:14 38848 ----a-w- c:\windows\system32\avastSS.scr
2009-12-22 05:35 . 2009-12-22 05:35 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-21 20:39 . 2010-01-31 10:21 461368 ----a-w- c:\windows\system32\pwNative.exe
2009-12-21 20:39 . 2010-01-31 10:21 16456 ----a-w- c:\windows\system32\pwdrvio.sys
2009-12-21 20:39 . 2010-01-31 10:21 11088 ----a-w- c:\windows\system32\pwdspio.sys
2009-12-21 19:14 . 2004-08-10 15:38 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 21:19 . 2010-01-31 15:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 21:14 . 2010-01-31 15:03 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-11-21 15:51 . 2004-08-10 15:37 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 21:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"East-Tec Backup 2009"="e:\program files\East-Tec Backup\etBackup.exe" [2008-10-14 4062880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast5"="e:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
"COMODO Internet Security"="e:\program files\Comodo\COMODO Internet Security\cfp.exe" [2010-01-31 1800464]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- e:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 10:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- e:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31/01/2010 13:14 163280]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [31/01/2010 12:37 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [31/01/2010 12:37 25160]
R1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/01/2010 13:14 19024]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 16:19 202280]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17/12/2009 21:17 1044808]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S0 crpf;crpf;c:\windows\system32\drivers\crpf.sys --> c:\windows\system32\drivers\crpf.sys [?]
S0 csdf;csdf;c:\windows\system32\drivers\csdf.sys --> c:\windows\system32\drivers\csdf.sys [?]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S3 DfSdkS;Defragmentation-Service;"e:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe" --> e:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [05/02/2010 15:44 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [05/02/2010 15:44 8456]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26/09/2009 04:28 4639136]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [31/01/2010 10:21 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [31/01/2010 10:21 11088]
S3 SASENUM;SASENUM;e:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 21:23]

2010-01-24 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2010-01-31 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2010-01-24 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2010-02-06 c:\windows\Tasks\Setup my PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-05-11 08:03]
.
.
------- Supplementary Scan -------
.
uStart Page = file://c:\apps\IE\offline\uk.htm
IE: Customize Menu - file://e:\program files\roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://e:\program files\roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://e:\program files\roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://e:\program files\roboform\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - d:\documents and settings\Derek.049087720362.004\Application Data\Mozilla\Firefox\Profiles\237i0j39.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://m.uk.yahoo.com/?p=us
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: d:\documents and settings\Derek.049087720362.004\Application Data\Mozilla\Firefox\Profiles\237i0j39.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 18:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
e:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
d:\documents and settings\Derek.049087720362.004\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
d:\documents and settings\Derek.049087720362.004\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Comodo\COMODO Internet Security\cmdagent.exe
e:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Completion time: 2010-02-06 18:32:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-06 18:32

Pre-Run: 38,601,056,256 bytes free
Post-Run: 38,555,279,360 bytes free

- - End Of File - - 8C2B899AAC8E4995A35CFC323281B9E7
  #8  
Old 6th Feb 2010, 16:11
Moderator
Posts: 7,561
 
Try downloading it from here. http://www.filehippo.com/download_jre_32/


* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log
__________________
The following user says thank you to evilfantasy for this post:
buzzby1080 (7th Feb 2010)
  #9  
Old 7th Feb 2010, 01:41
Donor VIP
Posts: 38
 
i think java is up dated how do i check?

eset log
D:\backup\MyBackup 1 February 04, 2010 (17.30.50)\F\Downloads\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined
D:\backup\MyBackup 1 February 05, 2010 (17.30.59)\F\Downloads\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined
D:\backup\MyBackup 1 February 06, 2010 (07.11.25)\F\Downloads\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined
F:\Downloads\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined
  #10  
Old 7th Feb 2010, 09:35
Moderator
Posts: 7,561
 
Jave Tester Website.


Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.


----------

Go to Microsoft Windows Update and get all critical updates.

----------

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from the Microsoft Internet Explorer 8: Home page.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
The following user says thank you to evilfantasy for this post:
buzzby1080 (7th Feb 2010)
Reply
Page 1 of 2 1 2

Register

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I Have the Legendary Win32 Heur2 Trogen and Win32 Alureon Virus? How to Fix? maddawg512 Virus, Spyware & Security 8 13th Oct 2009 07:29
Win32 Trogen and Win32 Alureon Taken Over My Pc!!!!! Help acute18 Virus, Spyware & Security 8 2nd Oct 2009 14:35
Infected with Virus.Win32.Tenga.a; Please Help !! ruffryder2k7 Virus, Spyware & Security 17 20th May 2008 10:23
Help! - Win32/agent trojan mumskiii Virus, Spyware & Security 25 28th Jan 2008 09:06
Win32.Poison.k Trojan casselle Virus, Spyware & Security 7 22nd Oct 2007 01:28
Thread Tools



Translations Powered by Powered by Google
Arabic Bulgarian Chinese Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Taiwanese Thai Turkish Ukrainian

Copyright ©2006 - 2010 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.