I have a Problem

I have a virus called Polymorph virus. I really help..

I saw you have applied for GeekPolice Academy. After your computer is clean, you can be enrolled.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Ok heres the Log

ComboFix 09-12-26.05 - user 12/27/2009 12:12:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.339 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\commy.exe.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.

2009-12-27 04:52 . 2009-12-27 04:52 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AutoTyperMurGee
2009-12-27 04:51 . 2009-12-27 04:53 -------- d-----w- c:\program files\Auto Typer by MurGee
2009-12-27 02:13 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-27 02:13 . 2009-12-27 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 02:13 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 00:31 . 2009-12-27 00:31 -------- d-----w- c:\program files\ESET
2009-12-27 00:27 . 2009-12-27 00:29 4072 ----a-w- C:\BdUninstallTool2009.12.26-07.27.32.reg
2009-12-26 05:46 . 2009-12-26 05:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-26 00:30 . 2009-12-26 00:30 -------- d-----w- C:\$AVG
2009-12-26 00:29 . 2009-12-26 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-25 02:28 . 2009-12-25 02:31 38 ----a-w- C:\BdUninstallTool2009.12.24-09.28.13.reg
2009-12-25 02:21 . 2009-12-25 02:25 13322 ------w- C:\BdUninstallTool2009.12.24-09.21.53.reg
2009-12-24 03:26 . 2009-12-24 03:26 -------- d-----w- C:\Downloads
2009-12-22 16:38 . 2009-12-22 16:38 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-21 16:20 . 2009-12-21 16:20 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-21 16:20 . 2009-12-21 16:20 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-21 05:41 . 2009-12-21 05:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\wsbl.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\ph_white.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\ph_black.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\pcwords.dat
2009-12-20 19:32 . 2009-12-25 22:00 -------- d-----w- c:\program files\Microsoft Works
2009-12-20 19:29 . 2009-12-20 19:29 -------- d-----w- c:\program files\Microsoft.NET
2009-12-20 19:25 . 2009-12-20 19:25 -------- d-----r- C:\MSOCache
2009-12-19 18:10 . 2009-12-19 18:10 -------- d-----w- c:\documents and settings\user\Application Data\ESET
2009-12-18 00:33 . 2009-12-19 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-14 20:07 . 2009-12-14 20:07 -------- d-----w- C:\GMouse20
2009-12-14 20:07 . 1996-01-09 15:38 283648 ----a-w- c:\windows\uninst.exe
2009-12-14 20:07 . 2009-12-14 20:07 -------- d-----w- c:\documents and settings\user\WINDOWS
2009-12-12 00:17 . 2009-12-18 16:17 0 ----a-w- c:\documents and settings\user\Local Settings\Application Data\prvlcl.dat
2009-12-10 22:09 . 2009-12-10 22:09 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
2009-12-09 00:42 . 2009-12-09 00:42 -------- d--h--w- c:\windows\PIF
2009-12-08 21:49 . 2009-12-08 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-06 22:03 . 2009-12-06 22:03 -------- d-----w- C:\zee_store
2009-12-06 20:50 . 2009-12-06 20:50 0 ----a-w- c:\windows\nsreg.dat
2009-12-06 20:49 . 2009-12-06 20:49 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-11-30 02:45 . 2009-11-30 02:45 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-11-30 02:45 . 2009-11-30 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 07:01 . 2008-10-04 06:36 -------- d-----w- c:\program files\Alwil Software
2009-12-25 22:27 . 2009-10-04 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-24 18:10 . 2009-10-04 08:36 68128 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 03:16 . 2009-10-06 22:49 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer
2009-12-22 03:15 . 2009-10-25 20:50 -------- d-----w- c:\program files\TeamViewer
2009-12-21 16:14 . 2009-11-22 04:01 -------- d-----w- c:\documents and settings\user\Application Data\Notepad++
2009-12-21 16:14 . 2009-11-22 04:01 -------- d-----w- c:\program files\Notepad++
2009-12-10 22:09 . 2009-10-06 02:06 -------- d-----w- c:\program files\AceHide Free
2009-12-01 02:55 . 2009-11-10 01:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-27 04:45 . 2009-11-27 04:45 79488 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 23:21 . 2009-11-23 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-22 04:49 . 2009-11-21 21:12 -------- d-----w- c:\documents and settings\user\Application Data\mIRC
2009-11-15 06:01 . 2009-10-19 21:12 77656 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-12 01:47 . 2009-11-12 01:47 -------- d-----w- c:\documents and settings\user\Application Data\SMART Technologies Inc
2009-11-12 01:29 . 2009-11-12 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies Inc
2009-11-10 01:02 . 2009-11-10 01:02 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-11-10 01:02 . 2009-11-10 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-11-10 01:02 . 2009-11-10 01:02 -------- d-----w- c:\program files\Xinox Software
2009-11-09 18:22 . 2009-11-09 18:22 845800 ----a-w- c:\documents and settings\user\Application Data\MSNInstaller\msnauins.exe
2009-11-09 18:22 . 2009-11-09 18:21 -------- d-----w- c:\documents and settings\user\Application Data\MSNInstaller
2009-11-03 00:57 . 2009-11-03 00:57 -------- d-----w- c:\program files\ViSplore
2009-11-03 00:57 . 2009-11-03 00:57 -------- d-----w- c:\program files\TrueTransparency
2009-11-03 00:57 . 2009-11-03 00:57 -------- d-----w- c:\program files\WinFlip
2009-11-01 19:32 . 2009-11-01 19:31 -------- d-----w- c:\documents and settings\user\Application Data\ViStart
2009-11-01 19:31 . 2009-11-01 19:31 -------- d-----w- c:\documents and settings\user\Application Data\ViSplore
2009-11-01 19:31 . 2009-11-01 19:31 -------- d-----w- c:\documents and settings\user\Application Data\ViGlance
2009-10-29 07:45 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-23 20:54 . 2009-10-06 02:13 63 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2009-10-23 20:53 . 2009-10-06 02:03 38 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2009-10-21 06:00 . 2004-08-04 00:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 00:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 16:49 . 2009-10-18 16:50 38208 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-18 16:49 . 2009-10-18 16:50 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-18 16:48 . 2009-10-18 16:48 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-13 10:53 . 2004-08-04 00:56 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 20:24 . 2009-10-12 20:23 52770576 ----a-w- c:\documents and settings\user\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-10-12 13:54 . 2004-08-04 00:56 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 00:56 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-06 01:43 . 2009-10-06 01:42 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-06 01:33 . 2009-10-06 01:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 01:32 . 2009-10-06 01:32 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-04 21:45 . 2008-10-04 04:57 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-06 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdobeUpdate.jar [2009-12-6 57391]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\user\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_16\\bin\\java.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43594:TCP"= 43594:TCP:PServer

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/26/2009 9:13 PM 276816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/26/2009 9:13 PM 19160]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\xb22q9ea.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
ActiveSetup-{0DF7DD50-867C-84C6-D640-CF767142E512} - c:\windows\system32:client.exe



**************************************************************************
scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-27 12:17:40
ComboFix-quarantined-files.txt 2009-12-27 17:17

Pre-Run: 19,367,055,360 bytes free
Post-Run: 19,413,745,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 75CAC1A24AA72F1424235D3795867F66

Please download CKScanner by askey127 from here

Save it to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify that the file is saved.
  
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  

==

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

==

Please download Rooter and Save it to your desktop

1. Double click it to start the tool.
   
2. Click Scan.
   
3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
   

==

Please post all the contents of the logs from CKScanner, Malwarebytes, and Rooter in your next reply.

Ck Scanner Report
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

Malwarebytles Report
Malwarebytes' Anti-Malware 1.42
Database version: 3436
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

12/27/2009 3:31:15 PM
mbam-log-2009-12-27 (15-31-15).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 161853
Time elapsed: 1 hour(s), 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Root
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 3 Stepping 4, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.5 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:37 Go - Free:18 Go )
D:\ [Fixed-NTFS] .. ( Total:0 Go - Free:0 Go )
E:\ [Fixed-NTFS] .. ( Total:14 Go - Free:14 Go )
G:\ [CD_Rom]
.
Scan : 14:11.17
Path : C:\Documents and Settings\user\Desktop\Rooter.exe
User : user ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (600)
______ \??\C:\WINDOWS\system32\csrss.exe (664)
______ \??\C:\WINDOWS\system32\winlogon.exe (688)
______ C:\WINDOWS\system32\services.exe (732)
______ C:\WINDOWS\system32\lsass.exe (744)
______ C:\WINDOWS\system32\svchost.exe (900)
______ C:\WINDOWS\system32\svchost.exe (956)
______ C:\WINDOWS\System32\svchost.exe (996)
______ C:\WINDOWS\system32\svchost.exe (1104)
______ C:\WINDOWS\system32\svchost.exe (1128)
______ C:\WINDOWS\Explorer.EXE (1500)
______ C:\WINDOWS\system32\spoolsv.exe (1592)
______ C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (1884)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1948)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (1976)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (2000)
______ C:\Program Files\Java\jre6\bin\java.exe (268)
______ C:\WINDOWS\system32\svchost.exe (276)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1016)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1060)
______ C:\WINDOWS\system32\svchost.exe (1368)
______ C:\WINDOWS\System32\alg.exe (1200)
______ C:\WINDOWS\system32\ctfmon.exe (2340)
______ C:\WINDOWS\system32\wuauclt.exe (2280)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3112)
______ C:\Program Files\Java\jre6\bin\jucheck.exe (2528)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (1080)
______ C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (4084)
______ C:\Documents and Settings\user\Desktop\Rooter.exe (2424)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:40048856064)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for user.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{52FDA649-9C0D-4863-B6CB-17C6946F6C96}.job
C:\WINDOWS\Tasks\WGASetup.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:11.37
.
C:\Rooter$\Rooter_1.txt - (27/12/2009 | 14:11.37)

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner (remove only)
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Java DB 10.4.2.1
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

it wont let me Install Eset Smart Security

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

It is time to fix the damages due to malware, and to secure your computer to help prevent re-infection.
Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.

• Please disable realtime protection. (If any)
  
• Double-click DragonFix.reg, and follow the prompt(s).
  
• Please reboot your computer.

==

Let me know if you can get it installed. Also, let me know how the updates went.

Thank You Guys Its works now