Possible worm in my computer?

Hi everyone,
OK I'll apologise straight away as I know NOTHING really about computers, I don't know if I've put this in the right forum.
I recently switched computers at work with the IT lady who has now left. I don't think she's taken terribly good care of the computer and it's a complete nightmare! She mentioned in passing that there might be some kind of worm but she couldn't find it - I was like gee thanks!
I am unable to run internet explorer in its normal form, I can only run it with add-ons disabled. Otherwise I get some kind of de-bug error message, and then it tells me that there's a runtime error and it's malfunctioned or something.
The computer is also extremely slow, and I don't think it should be. It occasionally tells me my virtual memory is low, how can I sort this?
Sorry if this is ridiculously vague, I have no idea really what I'm talking about, all I know is I have to restart the computer about 3 times every morning as it freezes, and every programme until the 3rd time goes to not-responding every single time. It's so annoying!
Sooo since you guys were so helpful at helping me remove malware etc from my home PC I'm hoping you can help me with this one.
Cheers

oh p.s., when the computer starts up the possessed printer always prints a pag with nothing on it except for "U" at the top. any ideas?

Well if it was me, I would want to do a complete wipe of the computer, and start again, but you probably can't do that, with it being a work computer, but maybe you could ask your network administrators at your place of work, if they would format and re-install the OS for you? but before you get them to do this, make sure you have backed up any stuff you want to keep.

the problem is, the only person who knew anything about computers has now left, and I'm probably next in line for computer knowledge, which is worrying. I'd be able to do it if I had instructions to follow, but wouldn't know where to start by myself. The lady backed up the computer before she left, and I have the disk, is that a start?

If you think the PC has a virus/spyware/malware read this thread, install the free software and post the log files so we can see what is going on.

http://www.computer-juice.com/forums...-posting-7476/

Here is also a guide to fixing virtual memory issues.

http://support.microsoft.com/kb/308417

@ thingie, in future please point members to the above thread if they need malware/spyware/virus help.

Ok Dave, fair do's.

OK, here are my logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/11/2008 at 01:26 PM
Application Version : 4.15.1000
Core Rules Database Version : 3502
Trace Rules Database Version: 1493
Scan type : Complete Scan
Total Scan Time : 01:19:48
Memory items scanned : 443
Memory threats detected : 0
Registry items scanned : 6348
Registry threats detected : 15
File items scanned : 103304
File threats detected : 60
Trojan.IEObject/Win
HKLM\Software\Classes\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}#AppID
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\Control
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\InprocServer32
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\MiscStatus
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\MiscStatus\1
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\ProgID
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\ToolboxBitmap32
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\TypeLib
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\Version
HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\VersionIndependentProgID
C:\WINDOWS\IECODECPLG.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}
Adware.Tracking Cookie
C:\Documents and Settings\Staff\Cookies\staff@media.adrevolver[3].txt
C:\Documents and Settings\Staff\Cookies\staff@ad.lookery[1].txt
C:\Documents and Settings\Staff\Cookies\staff@adtech[1].txt
C:\Documents and Settings\Staff\Cookies\staff@specificclick[2].txt
C:\Documents and Settings\Staff\Cookies\staff@kontera[2].txt
C:\Documents and Settings\Staff\Cookies\staff@fastclick[1].txt
C:\Documents and Settings\Staff\Cookies\staff@sitestats.tiscali.co[1].txt
C:\Documents and Settings\Staff\Cookies\staff@azjmp[1].txt
C:\Documents and Settings\Staff\Cookies\staff@atdmt[2].txt
C:\Documents and Settings\Staff\Cookies\staff@questionmarket[2].txt
C:\Documents and Settings\Staff\Cookies\staff@videoegg.adbureau[2].txt
C:\Documents and Settings\Staff\Cookies\staff@adviva[1].txt
C:\Documents and Settings\Staff\Cookies\staff@tribalfusion[2].txt
C:\Documents and Settings\Staff\Cookies\staff@list[1].txt
C:\Documents and Settings\Staff\Cookies\staff@serving-sys[2].txt
C:\Documents and Settings\Staff\Cookies\staff@advertising[1].txt
C:\Documents and Settings\Staff\Cookies\staff@statse.webtrendslive[1].txt
C:\Documents and Settings\Staff\Cookies\staff@optimost[1].txt
C:\Documents and Settings\Staff\Cookies\staff@apmebf[1].txt
C:\Documents and Settings\Staff\Cookies\staff@d.blogads[2].txt
C:\Documents and Settings\Staff\Cookies\staff@msnportal.112.2o7[1].txt
C:\Documents and Settings\Staff\Cookies\staff@bs.serving-sys[1].txt
C:\Documents and Settings\Staff\Cookies\staff@www.googleadservices[1].txt
C:\Documents and Settings\Staff\Cookies\staff@e-2dj6wjlycjc5sfp.stats.esomniture[2].txt
C:\Documents and Settings\Staff\Cookies\staff@mediaplex[1].txt
C:\Documents and Settings\Staff\Cookies\staff@bizrate.co[2].txt
C:\Documents and Settings\Staff\Cookies\staff@doubleclick[1].txt
C:\Documents and Settings\Staff\Cookies\staff@imrworldwide[2].txt
C:\Documents and Settings\Staff\Cookies\staff@ads.uknetguide.co[2].txt
C:\Documents and Settings\Staff\Cookies\staff@s[1].txt
C:\Documents and Settings\Staff\Cookies\staff@track.adform[2].txt
C:\Documents and Settings\Staff\Cookies\staff@dti[2].txt
C:\Documents and Settings\Staff\Cookies\staff@bluestreak[1].txt
C:\Documents and Settings\Staff\Cookies\staff@tacoda[1].txt
C:\Documents and Settings\Staff\Cookies\staff@dti[1].txt
C:\Documents and Settings\Staff\Cookies\staff@ad.yieldmanager[2].txt
C:\Documents and Settings\Staff\Cookies\staff@adopt.euroclick[2].txt
C:\Documents and Settings\Staff\Cookies\staff@uk.sitestat[1].txt
C:\Documents and Settings\Staff\Cookies\staff@server.iad.liveperson[3].txt
C:\Documents and Settings\Staff\Cookies\staff@counter.hitslink[1].txt
C:\Documents and Settings\Staff\Cookies\staff@casalemedia[1].txt
C:\Documents and Settings\Staff\Cookies\staff@digitalclarity.112.2o 7[1].txt
C:\Documents and Settings\Staff\Cookies\staff@www.adserveuk.co[2].txt
C:\Documents and Settings\Staff\Cookies\staff@tradedoubler[1].txt
C:\Documents and Settings\Staff\Cookies\staff@ads.pointroll[2].txt
C:\Documents and Settings\Staff\Cookies\staff@adrevolver[1].txt
C:\Documents and Settings\Staff\Cookies\staff@indextools[2].txt
C:\Documents and Settings\Staff\Cookies\staff@ad1.emediate[2].txt
C:\Documents and Settings\Staff\Cookies\staff@revsci[2].txt
C:\Documents and Settings\Staff\Cookies\staff@statcounter[1].txt
C:\Documents and Settings\Staff\Cookies\staff@server.iad.liveperson[2].txt
C:\Documents and Settings\Staff\Cookies\staff@a[1].txt
C:\Documents and Settings\Staff\Cookies\staff@overture[1].txt
C:\Documents and Settings\Staff\Cookies\staff@2o7[1].txt
C:\Documents and Settings\Staff\Cookies\staff@media.adrevolver[1].txt
C:\Documents and Settings\Staff\Cookies\staff@socialmedia[2].txt
C:\Documents and Settings\Staff\Cookies\staff@adserveuk[2].txt
Malware.VirusProtect
C:\Program Files\VirusProtect 3.8\ignored.lst
C:\Program Files\VirusProtect 3.8


Malwarebytes' Anti-Malware 1.20
Database version: 951
Windows 5.1.2600 Service Pack 2
08:50:09 15/07/2008
mbam-log-7-15-2008 (08-50-09).txt
Scan type: Quick Scan
Objects scanned: 43739
Time elapsed: 6 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0b0a76e7-ade1-41f4-b157-559605721b3a} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50da37bb-7083-4fa7-80cf-de4cdb634166} (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieobject.ieobjectobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25:19, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/u...en/default.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TurboBackup] C:\Program Files\FileStream\TurboBackup\tbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/13ba7ddd...p/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095074565531
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E82ED244-76EF-4D34-BDB3-AB21A522F38E} (webhelper Class) - http://www.btconnect.com/public/home...control013.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B60ACC8-9F17-43BC-BBC4-4AB22D510161}: NameServer = 212.67.120.148
O17 - HKLM\System\CS1\Services\Tcpip\..\{3B60ACC8-9F17-43BC-BBC4-4AB22D510161}: NameServer = 212.67.120.148
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 9423 bytes

Open Hijackthis and select Do a system scan onle then place a check mark next to:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Click fix checked.

How is everything now?

OK, internet explorer seems to be working better now, it certainly didn't come up with the error this time around, I'll keep you posted if it happens again. Thanks for that!
I'm still getting printouts of the letter "u" whenever I turn my computer on, and when I arrive in the morning I have to restart my computer a couple of times, as occasionally when I log in, the wallpaper loads but nothing else, no task bar, system tray, icons, nothing. Even ctrl alt and del does nothing, so I have to switch it off and back on, sometimes up to 3 times in a morning.
Any ideas?

Let's take a closer look and see if I can find anything.

Download Combofix by sUBs from one of the below links.

• Link #1
• Link #2

Important! Combofix.exe MUST be saved to and ran from the Desktop.

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
• Double click combofix.exe & follow the prompts.
  • Choose Yes to accept the Disclaimers.
  
  Combofix should never take more that 20 minutes including the reboot if malware is detected.
  If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

• When finished, it will produce a log for you.
• Post that log in your next reply.

Warning: Do not mouseclick Combofix's window while it is running. That may cause it to stall

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

If needed, see this Combofix tutorial with screenshots that will detail more thoroughly the downloading and running of Combofix and installing the Recover Console.

Remember to re-enable your antivirus and antispyware protection.

----------

Next post add
Combofix log

ComboFix 08-07-15.4 - Staff 2008-07-17 9:25:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.244 [GMT 1:00]
Running from: C:\Documents and Settings\Staff\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Staff\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\system32\mdm.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
2008-07-15 09:34 . 2008-07-15 09:34 <DIR> d-------- C:\Program Files\Auslogics
2008-07-15 09:34 . 2008-07-15 09:34 <DIR> d-------- C:\Documents and Settings\Staff\Application Data\Auslogics
2008-07-15 09:23 . 2008-07-15 09:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 09:08 . 2008-07-15 09:08 410,976 --a------ C:\WINDOWS\SYSTEM32\deploytk.dll
2008-07-15 09:08 . 2008-07-15 09:08 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-15 08:40 . 2008-07-15 08:40 <DIR> d-------- C:\Documents and Settings\Staff\Application Data\Malwarebytes
2008-07-15 08:40 . 2008-07-15 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 12:03 . 2008-07-11 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-11 12:02 . 2008-07-15 12:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-11 12:02 . 2008-07-11 12:02 <DIR> d-------- C:\Documents and Settings\Staff\Application Data\SUPERAntiSpyware.com
2008-07-09 16:23 . 2008-07-09 16:23 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-09 16:19 . 2008-07-09 16:19 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU
2008-07-07 16:05 . 2008-07-07 16:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-07 09:32 . 2008-07-07 15:39 <DIR> d-------- C:\Documents and Settings\Staff\Contacts
2008-07-07 09:29 . 2008-07-07 09:30 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-20 18:41 . 2008-06-20 18:41 245,248 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 11:44 . 2008-06-20 11:44 138,368 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-15 08:08 --------- d-----w C:\Program Files\Java
2008-07-09 15:23 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-04 13:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-12 11:06 --------- d-----w C:\Program Files\Samsung
2008-05-20 15:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2006-10-01 08:22 12,698,583 ----a-w C:\Documents and Settings\Administrator\VSE80iLEN.zip
2005-11-03 23:29 72,832 ----a-r C:\WINDOWS\INF\CamAvb.sys
1758-02-07 04:28 4,263 --sh--w C:\WINDOWS\windllreg1c.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 12:28 684032]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb04.exe" [2003-01-30 18:55 196608]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [2003-01-30 18:55 311296]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-15 11:47 98304]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-07-15 09:08 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-01-24 09:03:38 282624]
EZ-DUB Finder.lnk - C:\Program Files\EZ-DUB\EZ-DUB.exe [2005-09-13 19:47:52 266240]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetSupport School\\PCINSSUI.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"27085:TCP"= 27085:TCP:BitComet 27085 TCP
"27085:UDP"= 27085:UDP:BitComet 27085 UDP
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-07-15 09:08]
R2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 14:58]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - PSEXESVC
.
Contents of the 'Scheduled Tasks' folder
"2008-07-17 08:08:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Microsoft Works Update Detection - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
HKLM-Run-BearFlix - C:\Program Files\BearFlix\BearFlix.exe
HKU-Default-Run-TurboBackup - C:\Program Files\FileStream\TurboBackup\tbksche.exe

************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 09:31:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-07-17 9:35:07
ComboFix-quarantined-files.txt 2008-07-17 08:34:36
Pre-Run: 54,848,012,288 bytes free
Post-Run: 54,961,254,400 bytes free
132 --- E O F --- 2008-07-09 15:23:56

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

-----

Use the Kaspersky Online Scanner

Important! If using Windows Vista open your browser by right-clicking on its icon and select Run As Administrator to perform this scan.

• Click Accept.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.

The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

• Next, in the Save as prompt, Save in area, select: Desktop.
• In the File name area use KScan, or something similar.
• In Save as type: click the drop arrow and select: Text file [*.txt]
• Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.