Kaiser 1984

Thank you so much for your help gringo! I will donate something next week when i have money as you have a been a great help! Lets put an end to malware!! Best regards Kaiser =]

Had to attach as post was too long ComboFix.txt

Deleting files "C:\WINDOWS\system32\lspccv.dll" not deleted "C:\WINDOWS\system32\pro32.exe" deleted

-------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, May 2, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, May 02, 2010 16:53:34 Records in database: 4031822 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan statistics: Objects scanned: 75081 Threats found: 5 Infected objects found: 14 Suspicious objects found: 0 Scan duration: 02:29:33 File name / Threat / Threats count C:\WINDOWS\system32\lspccv.dll/C:\WINDOWS\system32\lspccv.dll Infected: Packed.Win32.TDSS.w 7 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\1301700638.exe.vir Infected: Trojan-Dropper.Win32.Agent.asuo 1 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\615289520.exe.vir Infected: Trojan.Win32.Agent.cmlp 1 C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\setupapi.dll.vir Infected: Trojan.Win32.Agent.bzzx 1 C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\setupapi.dll.vir Infected: Trojan.Win32.Agent.bzzx 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\E.tmp.vir Infected: Trojan.Win32.Agent.bzzx 1 C:\WINDOWS\system32\lspccv.dll Infected: Packed.Win32.TDSS.w 1 C:\WINDOWS\system32\pro32.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.g 1 Selected area has been scanned.

Here's my MBAM log; +Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4058 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 02/05/2010 01:47:58 mbam-log-2010-05-02 (01-47-58).txt Scan type: Quick scan Objects scanned: 136430 Time elapsed: 5 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Unfortunatly the online scan keeps crashing my IE so cannot do that

ComboFix 10-05-01.04 - Michael 02/05/2010 0:29.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.447.127 [GMT 1:00] Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_211c6440 -------\Service_579f9ac2 -------\Service_761d6cee -------\Service_cc2c5d42 ((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 ))))))))))))))))))))))))))))))) . 2010-05-01 22:52 . 2010-05-01 22:52 -------- d-----w- c:\windows\LastGood 2010-05-01 22:48 . 2010-05-01 22:48 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2010-05-01 14:22 . 2010-05-01 14:22 -------- d-----w- c:\windows\ie8updates 2010-05-01 14:06 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-05-01 14:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2010-05-01 14:02 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2010-05-01 14:02 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-01 14:02 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-01 14:02 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-01 14:02 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-01 14:02 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-01 14:02 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-01 14:02 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-01 14:02 . 2010-02-17 08:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-05-01 14:02 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-05-01 14:02 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-01 14:02 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-05-01 13:59 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll 2010-05-01 13:38 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-01 13:38 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-01 13:38 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-01 13:35 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-04-30 03:35 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-29 21:29 . 2010-05-01 14:11 -------- d-----w- c:\windows\ServicePackFiles 2010-04-24 03:07 . 2010-04-24 03:07 -------- d-----w- c:\documents and settings\Michael\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-04-04 11:21 . 2010-04-04 11:21 -------- d-----w- c:\program files\Common Files\Java 2010-04-02 10:10 . 2010-04-02 10:10 61440 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdccfae-n\decora-sse.dll 2010-04-02 10:10 . 2010-04-02 10:10 503808 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7103a01e-n\msvcp71.dll 2010-04-02 10:10 . 2010-04-02 10:10 499712 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7103a01e-n\jmc.dll 2010-04-02 10:10 . 2010-04-02 10:10 348160 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7103a01e-n\msvcr71.dll 2010-04-02 10:10 . 2010-04-02 10:10 12800 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdccfae-n\decora-d3d.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 22:30 . 2006-08-11 21:00 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-05-01 14:33 . 2009-08-06 11:13 -------- d-----w- c:\program files\Microsoft Silverlight 2010-04-30 22:24 . 2008-12-22 07:53 -------- d-----w- c:\program files\uTorrent 2010-04-30 18:53 . 2008-12-19 20:17 36936 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-30 03:35 . 2007-01-27 05:48 -------- d-----w- c:\program files\Java 2010-04-29 18:56 . 2009-02-08 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 18:54 . 2009-03-26 01:24 6153648 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-29 12:45 . 2009-10-27 12:13 2048 ----a-w- c:\windows\system32\Tr_sttool.dat 2010-04-29 11:19 . 2009-02-08 20:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 11:19 . 2009-02-08 20:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 11:05 . 2009-08-19 08:24 -------- d-----w- c:\documents and settings\Michael\Application Data\vlc 2010-04-27 00:56 . 2009-05-16 17:16 -------- d-----w- c:\documents and settings\Michael\Application Data\Userplane 2010-04-27 00:56 . 2009-05-16 17:16 -------- d-----w- c:\program files\AdultWork Notifier 2010-04-27 00:55 . 2009-05-17 13:20 -------- d-----w- c:\program files\CCleaner 2010-04-24 11:55 . 2009-10-27 16:36 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-24 11:49 . 2009-10-27 16:36 38784 ----a-w- c:\documents and settings\Michael\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-22 01:37 . 2010-03-21 12:11 439816 ----a-w- c:\documents and settings\Michael\Application Data\Real\Update\setup3.10\setup.exe 2010-04-08 21:17 . 2009-06-16 21:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-03-31 17:12 . 2009-03-15 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-30 10:27 . 2009-06-16 21:08 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe 2010-03-20 08:21 . 2010-03-20 08:21 -------- d-----w- c:\program files\WinPcap 2010-03-20 08:21 . 2010-03-20 08:21 -------- d-----w- c:\program files\StreamingStar 2010-03-14 20:13 . 2009-10-27 12:13 -------- d-----w- c:\program files\BSR Screen Recorder 4 2010-03-14 20:13 . 2010-03-14 20:13 81920 ----a-w- c:\windows\system32\bsrgvas.dll 2010-03-14 20:13 . 2010-03-14 20:13 692224 ----a-w- c:\windows\system32\bsrmgcv.dll 2010-03-14 20:13 . 2010-03-14 20:13 192512 ----a-w- c:\windows\system32\bsrmgps.dll 2010-03-14 20:12 . 2010-03-14 20:12 585728 ----a-w- c:\windows\system32\bsratswf.dll 2010-03-14 20:12 . 2010-03-14 20:12 147456 ----a-w- c:\windows\system32\bsratwmv.dll 2010-03-10 06:15 . 2004-08-10 20:00 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-10 03:13 . 2009-10-02 22:24 -------- d-----w- c:\documents and settings\Michael\Application Data\gtk-2.0 2010-02-24 13:11 . 2008-12-25 18:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2008-12-25 18:15 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2008-12-25 18:15 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-08-10 20:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2008-12-25 18:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-08 2010864] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-25 185872] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-30 5419008] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-10-01 10:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-09-29 22:01 67584 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] 2004-08-10 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-07-11 22:19 7626752 ----a-w- c:\windows\system32\nvcpl.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/26/2009 10:05 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 66632] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 12872] S3 AVEO;AVEO USB2.0 PC Camera;c:\windows\system32\drivers\aveodcnt.sys [1/15/2010 12:05 PM 171520] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [11/23/2009 3:35 PM 13224] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 7:19 PM 50704] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [1/28/2009 10:35 PM 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [1/28/2009 10:35 PM 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [1/28/2009 10:35 PM 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [1/28/2009 10:35 PM 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [1/28/2009 10:35 PM 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [1/28/2009 10:35 PM 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [1/28/2009 10:35 PM 115752] S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [11/30/2009 11:08 PM 58536] . . ------- Supplementary Scan ------- . uStart Page = about:blank FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\4sfciw3f.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-02 00:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(2436) c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\MFC71U.DLL c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE . ************************************************************************** . Completion time: 2010-05-02 00:42:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-01 23:42 ComboFix2.txt 2010-05-01 13:33 ComboFix3.txt 2009-06-12 20:00 Pre-Run: 15,064,858,624 bytes free Post-Run: 15,052,181,504 bytes free - - End Of File - - E40CBCEB0930B6339DB8E2D12FB1E905 No problems, ran fine. Pc is working well as far as i can tell. Windows SP3 and all updates ready to install once ok given =]

ComboFix 10-04-30.03 - Michael 01/05/2010 14:12:45.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.447.194 [GMT 1:00] Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WindowsUpdate c:\recycler\S-1-5-21-7580067392-3461222767-887690573-1322 c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf c:\windows\system32\tmp.reg . ((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 ))))))))))))))))))))))))))))))) . 2010-05-01 13:23 . 2010-05-01 13:23 -------- d-----w- c:\windows\LastGood 2010-04-30 03:35 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-29 21:29 . 2010-04-29 21:29 -------- d-----w- c:\windows\ServicePackFiles 2010-04-24 03:07 . 2010-04-24 03:07 -------- d-----w- c:\documents and settings\Michael\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-04-04 11:21 . 2010-04-04 11:21 -------- d-----w- c:\program files\Common Files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-30 22:24 . 2008-12-22 07:53 -------- d-----w- c:\program files\uTorrent 2010-04-30 18:53 . 2008-12-19 20:17 36936 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-04-30 03:35 . 2007-01-27 05:48 -------- d-----w- c:\program files\Java 2010-04-29 21:33 . 2006-08-11 21:00 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-29 18:56 . 2009-02-08 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-29 18:54 . 2009-03-26 01:24 6153648 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-29 12:45 . 2009-10-27 12:13 2048 ----a-w- c:\windows\system32\Tr_sttool.dat 2010-04-29 11:19 . 2009-02-08 20:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 11:19 . 2009-02-08 20:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 11:05 . 2009-08-19 08:24 -------- d-----w- c:\documents and settings\Michael\Application Data\vlc 2010-04-27 00:56 . 2009-05-16 17:16 -------- d-----w- c:\documents and settings\Michael\Application Data\Userplane 2010-04-27 00:56 . 2009-05-16 17:16 -------- d-----w- c:\program files\AdultWork Notifier 2010-04-27 00:55 . 2009-05-17 13:20 -------- d-----w- c:\program files\CCleaner 2010-04-24 11:55 . 2009-10-27 16:36 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-04-24 11:49 . 2009-10-27 16:36 38784 ----a-w- c:\documents and settings\Michael\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-04-22 01:37 . 2010-03-21 12:11 439816 ----a-w- c:\documents and settings\Michael\Application Data\Real\Update\setup3.10\setup.exe 2010-04-08 21:17 . 2009-06-16 21:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-04-02 10:10 . 2010-04-02 10:10 61440 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdccfae-n\decora-sse.dll 2010-04-02 10:10 . 2010-04-02 10:10 503808 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7103a01e-n\msvcp71.dll 2010-04-02 10:10 . 2010-04-02 10:10 499712 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7103a01e-n\jmc.dll 2010-04-02 10:10 . 2010-04-02 10:10 348160 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7103a01e-n\msvcr71.dll 2010-04-02 10:10 . 2010-04-02 10:10 12800 ----a-w- c:\documents and settings\caroline\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1cdccfae-n\decora-d3d.dll 2010-03-31 17:12 . 2009-03-15 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-30 10:27 . 2009-06-16 21:08 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeARM.exe 2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AdobeExtractFiles.dll 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\ReaderUpdater.exe 2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.2\ARM\ARM Update\AcrobatUpdater.exe 2010-03-20 08:21 . 2010-03-20 08:21 -------- d-----w- c:\program files\WinPcap 2010-03-20 08:21 . 2010-03-20 08:21 -------- d-----w- c:\program files\StreamingStar 2010-03-14 20:13 . 2009-10-27 12:13 -------- d-----w- c:\program files\BSR Screen Recorder 4 2010-03-14 20:13 . 2010-03-14 20:13 81920 ----a-w- c:\windows\system32\bsrgvas.dll 2010-03-14 20:13 . 2010-03-14 20:13 692224 ----a-w- c:\windows\system32\bsrmgcv.dll 2010-03-14 20:13 . 2010-03-14 20:13 192512 ----a-w- c:\windows\system32\bsrmgps.dll 2010-03-14 20:12 . 2010-03-14 20:12 585728 ----a-w- c:\windows\system32\bsratswf.dll 2010-03-14 20:12 . 2010-03-14 20:12 147456 ----a-w- c:\windows\system32\bsratwmv.dll 2010-03-10 03:13 . 2009-10-02 22:24 -------- d-----w- c:\documents and settings\Michael\Application Data\gtk-2.0 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-08 2010864] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-25 185872] "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-05-30 5419008] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-10-01 10:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-09-29 22:01 67584 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] 2004-08-10 20:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2006-07-11 22:19 7626752 ----a-w- c:\windows\system32\nvcpl.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [26/05/2009 10:05 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 66632] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 12872] S1 211c6440;211c6440;c:\windows\system32\drivers\211c6440.sys --> c:\windows\system32\drivers\211c6440.sys [?] S1 579f9ac2;579f9ac2;c:\windows\system32\drivers\579f9ac2.sys --> c:\windows\system32\drivers\579f9ac2.sys [?] S1 761d6cee;761d6cee;c:\windows\system32\drivers\761d6cee.sys --> c:\windows\system32\drivers\761d6cee.sys [?] S1 cc2c5d42;cc2c5d42;c:\windows\system32\drivers\cc2c5d42.sys --> c:\windows\system32\drivers\cc2c5d42.sys [?] S3 AVEO;AVEO USB2.0 PC Camera;c:\windows\system32\drivers\aveodcnt.sys [15/01/2010 12:05 171520] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [23/11/2009 15:35 13224] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 19:19 50704] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [28/01/2009 22:35 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [28/01/2009 22:35 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [28/01/2009 22:35 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [28/01/2009 22:35 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [28/01/2009 22:35 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [28/01/2009 22:35 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [28/01/2009 22:35 115752] S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [30/11/2009 23:08 58536] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\4sfciw3f.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - Notify-dimsntfy - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-01 14:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2174515030-3141958951-538735306-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28A10A1B-43AB-FFED-583E-55D818F30A8B}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "nabademhiabokdbgbcgmmkijpkpn"=hex:6b,61,63,66,68,64,6c,68,66,62,64,6b,65,66, 68,66,69,6c,6a,70,68,65,00,00 "malofgdfbebhdolonfhnoeoogk"=hex:6b,61,6e,65,66,64,61,70,6e,63,64,70,65,6b,62, 6a,6a,6c,6e,6f,63,70,00,00 [HKEY_LOCAL_MACHINE\software\Classes\VAXObject.Chl\CLSID] @DACL=(02 0000) @="{6BF52A52-394A-11D3-B153-00C04F79FAA6}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(760) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(3084) c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\MFC71U.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\acer\Empowering Technology\ePerformance\MemCheck.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\SoftwareDistribution\Download\eb9a3cecaccfdb2a115742a9b5d50b42\update\update.exe . ************************************************************************** . Completion time: 2010-05-01 14:33:27 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-01 13:33 ComboFix2.txt 2009-06-12 20:00 Pre-Run: 18,861,785,088 bytes free Post-Run: 18,816,053,248 bytes free - - End Of File - - 8E13F900187AF0B91AFB4B3ABF8319E5 Finally those awful files have gone! Thank you so much! This PC was a gift but has been nothing but a curse! now 150 important security updates to download as well as multiple software and hardware updates lol Thanks again Gringo!!!

Ok so it froze once again but worked fine in safe mode. Here's the new logs! DDS DDS (Ver_10-03-17.01) - NTFSx86 Run by Michael at 0:32:29.10 on 01/05/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.447.138 [GMT 1:00] FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Michael\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 1 mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background StartupFolder: c:\docume~1\michael\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272569823359 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\4sfciw3f.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 66632] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872] S1 211c6440;211c6440;c:\windows\system32\drivers\211c6440.sys --> c:\windows\system32\drivers\211c6440.sys [?] S1 579f9ac2;579f9ac2;c:\windows\system32\drivers\579f9ac2.sys --> c:\windows\system32\drivers\579f9ac2.sys [?] S1 761d6cee;761d6cee;c:\windows\system32\drivers\761d6cee.sys --> c:\windows\system32\drivers\761d6cee.sys [?] S1 cc2c5d42;cc2c5d42;c:\windows\system32\drivers\cc2c5d42.sys --> c:\windows\system32\drivers\cc2c5d42.sys [?] S3 AVEO;AVEO USB2.0 PC Camera;c:\windows\system32\drivers\aveodcnt.sys [2010-1-15 171520] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-23 13224] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-1-28 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-1-28 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-1-28 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-1-28 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-1-28 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-1-28 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-1-28 115752] S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [2009-11-30 58536] =============== Created Last 30 ================ 2010-04-30 22:22:44 0 d-s---w- C:\ComboFix 2010-04-30 18:25:19 0 ----a-w- c:\documents and settings\michael\defogger_reenable 2010-04-30 15:45:56 77312 ----a-w- c:\windows\MBR.exe 2010-04-30 15:45:56 256512 ----a-w- c:\windows\PEV.exe 2010-04-30 03:35:22 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-29 21:29:48 0 d-----w- c:\windows\ServicePackFiles 2010-04-29 21:28:29 19528 ----a-w- c:\windows\000001_.tmp 2010-04-24 03:07:18 0 d-----w- c:\docume~1\michael\applic~1\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-04-04 11:20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl ==================== Find3M ==================== 2010-04-29 12:45:00 2048 ----a-w- c:\windows\system32\Tr_sttool.dat 2010-04-29 11:19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 11:19:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-14 20:13:16 81920 ----a-w- c:\windows\system32\bsrgvas.dll 2010-03-14 20:13:16 692224 ----a-w- c:\windows\system32\bsrmgcv.dll 2010-03-14 20:13:16 192512 ----a-w- c:\windows\system32\bsrmgps.dll 2010-03-14 20:12:53 585728 ----a-w- c:\windows\system32\bsratswf.dll 2010-03-14 20:12:53 147456 ----a-w- c:\windows\system32\bsratwmv.dll 2009-06-03 02:06:32 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat 2009-05-18 09:13:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051120090518\index.dat 2009-05-28 07:29:07 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090525\index.dat 2009-06-01 01:43:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052520090601\index.dat 2009-06-01 01:43:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060120090602\index.dat 2009-06-02 08:38:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060220090603\index.dat 2009-06-03 02:06:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060320090604\index.dat ============= FINISH: 0:32:56.95 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 27/01/2007 05:46:44 System Uptime: 05/01/2010 00:27:17 (2784 hours ago) Motherboard: Acer | | EM61SM/EM61PM Processor: AMD Sempron Processor 3400+ | Socket M2 | 1808/201mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 34 GiB total, 17.112 GiB free. D: is FIXED (FAT32) - 35 GiB total, 31.016 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 29/04/2010 21:50:17 - System Checkpoint RP2: 29/04/2010 22:28:36 - Installed Windows XP Service Pack 2. RP3: 30/04/2010 04:34:54 - Installed Java 6 Update 20 RP4: 30/04/2010 16:08:56 - Installed Windows XP Service Pack 2. ==== Installed Programs ====================== Acer eDataSecurity Management Acer eDataSecurity Management 2.0.3077 Acer Empowering Technology Acer ePerformance Management Acer WLAN 11g USB Dongle Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.2 Adobe Shockwave Player 11.5 Apple Application Support Apple Software Update Avanquest update AVEO USB2.0 PC Camera(C7EVTV1P10939) Bonjour BSR Screen Recorder 4 CCleaner commercial Critical Update for Windows Media Player 11 (KB959772) GIMP 2.6.7 GTactix HiDownloadPlatinum High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB893357) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB898444) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) Hotfix for Windows XP (KB906569) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB935448) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Java Auto Updater Java 6 Update 20 Junk Mail filter update LightScribe 1.4.74.1 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.0 Hotfix (KB887998) Microsoft .NET Framework 1.0 Hotfix (KB930494) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft National Language Support Downlevel APIs Microsoft Office Excel Viewer 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.6.3) MSVCRT MSXML 4.0 SP2 (KB954430) NVIDIA Drivers OCA Client history tool install QuickTime RealPlayer Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Segoe UI Sonic Encoders Sony Ericsson PC Suite 4.010.00 Sony Ericsson W395© driver v3.5.3.0 SUPERAntiSpyware Free Edition Update for Windows Media Player 10 (KB910393) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB912945) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update Rollup 2 for Windows XP Media Center Edition 2005 Update Service Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 1.0.1 WebFldrs XP Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Driver Package - AMD System (04/06/2006 1.0.1.0) Windows Genuine Advantage Notifications (KB905474) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 WinPcap 4.1.1 WinRAR archiver WinZip Self-Extractor ==== Event Viewer Messages From Past Week ======== 30/04/2010 16:10:57, error: NtServicePack [4374] - Windows XP Service Pack 2 installation failed, leaving Windows XP partially updated. Service Pack 2 installation did not complete. 30/04/2010 16:10:34, error: NtServicePack [4373] - Windows XP Service Pack 2 installation failed. Access is denied. 29/04/2010 22:44:19, error: NtServicePack [4374] - Windows XP Service Pack 2 installation failed, leaving Windows XP partially updated. Service Pack 2 installation did not complete. 29/04/2010 22:32:51, error: NtServicePack [4373] - Windows XP Service Pack 2 installation failed. Access is denied. 29/04/2010 22:16:52, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. 29/04/2010 20:37:33, error: Service Control Manager [7028] - The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key. 29/04/2010 20:25:52, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid 29/04/2010 20:25:50, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. 29/04/2010 11:34:40, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 28/04/2010 11:03:29, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified. 28/04/2010 11:03:29, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 28/04/2010 10:50:21, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified. 27/04/2010 10:47:37, error: ipnathlp [30005] - The DHCP allocator has detected a DHCP server with IP address 192.168.0.1 on the same network as the interface with IP address 192.168.0.101. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients. 25/04/2010 19:08:24, error: ipnathlp [30009] - The DHCP allocator encountered a network error while attempting to reply on IP address 240.49.70.102 to a request from a client. The data is the error code. ==== End Of File =========================== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-01 01:34:44 Windows 5.1.2600 Service Pack 2 Running: 13ep6zz2.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\agloapoc.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Classes\VAXObject.Chl\CLSID@ {6BF52A52-394A-11D3-B153-00C04F79FAA6} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28A10A1B-43AB-FFED-583E-55D818F30A8B} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28A10A1B-43AB-FFED-583E-55D818F30A8B}@nabademhiabokdbgbcgmmkijpkpn 0x6B 0x61 0x63 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{28A10A1B-43AB-FFED-583E-55D818F30A8B}@malofgdfbebhdolonfhnoeoogk 0x6B 0x61 0x6E 0x65 ... ---- EOF - GMER 1.0.15 ---- The report is half of what is was out of safe mode but i'm sure you were expecting that

Will do, last time i tried it it finished scanning then when i went to save it froze up. Will post reports ASAP

Sorry i mean from defogger to GMER

My apologies, i installed it and opened it but never ran a scan as no such notepad entry exists Would you like me to run combofix for the first time and post the log? Proxy settings have been disabled and utorrent has been removed. I will retry the previous instructions from DDS to GMER and see if it will finish

Hi Gringo, thanks for the quick response! I have a problem, when i run defogger it runs fine, no error messages, when i the run GMER is freezes my pc so i have to manuall cut the power to reboot it! Here is DDS, all i can get sorted so far; DDS (Ver_10-03-17.01) - NTFSx86 Run by Michael at 19:25:50.34 on 30/04/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.447.160 [GMT 1:00] FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Michael\My Documents\Downloads\Defogger.exe C:\Documents and Settings\Michael\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyServer = http=localhost:7171 uInternet Settings,ProxyOverride = *.local;<local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 1 mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background StartupFolder: c:\docume~1\michael\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272569823359 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\4sfciw3f.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-26 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 66632] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 12872] S1 211c6440;211c6440;c:\windows\system32\drivers\211c6440.sys --> c:\windows\system32\drivers\211c6440.sys [?] S1 579f9ac2;579f9ac2;c:\windows\system32\drivers\579f9ac2.sys --> c:\windows\system32\drivers\579f9ac2.sys [?] S1 761d6cee;761d6cee;c:\windows\system32\drivers\761d6cee.sys --> c:\windows\system32\drivers\761d6cee.sys [?] S1 cc2c5d42;cc2c5d42;c:\windows\system32\drivers\cc2c5d42.sys --> c:\windows\system32\drivers\cc2c5d42.sys [?] S3 AVEO;AVEO USB2.0 PC Camera;c:\windows\system32\drivers\aveodcnt.sys [2010-1-15 171520] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-11-23 13224] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-1-28 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-1-28 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-1-28 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-1-28 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-1-28 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-1-28 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-1-28 115752] S3 SE1008mdm;Sony Ericsson SE1008 Mobile Device Full USB Driver;c:\windows\system32\drivers\SE1008mdm.sys [2009-11-30 58536] =============== Created Last 30 ================ 2010-04-30 18:25:19 0 ----a-w- c:\documents and settings\michael\defogger_reenable 2010-04-30 15:45:56 77312 ----a-w- c:\windows\MBR.exe 2010-04-30 15:45:56 256512 ----a-w- c:\windows\PEV.exe 2010-04-30 15:45:47 0 d-s---w- C:\ComboFix 2010-04-30 03:35:22 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-29 21:29:48 0 d-----w- c:\windows\ServicePackFiles 2010-04-29 21:28:29 19528 ----a-w- c:\windows\000001_.tmp 2010-04-24 03:07:18 0 d-----w- c:\docume~1\michael\applic~1\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2010-04-04 11:20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl ==================== Find3M ==================== 2010-04-29 12:45:00 2048 ----a-w- c:\windows\system32\Tr_sttool.dat 2010-04-29 11:19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 11:19:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-14 20:13:16 81920 ----a-w- c:\windows\system32\bsrgvas.dll 2010-03-14 20:13:16 692224 ----a-w- c:\windows\system32\bsrmgcv.dll 2010-03-14 20:13:16 192512 ----a-w- c:\windows\system32\bsrmgps.dll 2010-03-14 20:12:53 585728 ----a-w- c:\windows\system32\bsratswf.dll 2010-03-14 20:12:53 147456 ----a-w- c:\windows\system32\bsratwmv.dll 2009-06-03 02:06:32 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat 2009-05-18 09:13:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051120090518\index.dat 2009-05-28 07:29:07 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051820090525\index.dat 2009-06-01 01:43:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052520090601\index.dat 2009-06-01 01:43:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060120090602\index.dat 2009-06-02 08:38:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060220090603\index.dat 2009-06-03 02:06:32 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060320090604\index.dat ============= FINISH: 19:26:19.59 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 27/01/2007 05:46:44 System Uptime: 30/04/2010 14:11:35 (5 hours ago) Motherboard: Acer | | EM61SM/EM61PM Processor: AMD Sempron Processor 3400+ | Socket M2 | 1808/201mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 34 GiB total, 17.112 GiB free. D: is FIXED (FAT32) - 35 GiB total, 31.016 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 29/04/2010 21:50:17 - System Checkpoint RP2: 29/04/2010 22:28:36 - Installed Windows XP Service Pack 2. RP3: 30/04/2010 04:34:54 - Installed Java 6 Update 20 RP4: 30/04/2010 16:08:56 - Installed Windows XP Service Pack 2. ==== Installed Programs ======================

I have had this issue for months and haven't been able to update my pc! Thank you in advance for reading =]