Hi
I don't see any references to it in your logs, but do you have Spybot's TeaTimer disabled when you run a scan with Spybot?
Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove
Advanced SystemCare 3
If some programs listed are not present, please do not panic
You should also remove the following outdated version of Java, as it is open to exploitation:
Java(TM) 6 Update 13
CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:
Code:
File::
c:\windows\neoqaz2.dll
c:\windows\Tasks\AWC Update.job
Folder::
c:\program files\IObit
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Driver::
LogWatch
CA_LIC_CLNT
MEMSWEEP2
RRMONX
DDS::
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
uInternet Settings,ProxyOverride = <local>;<local>
Trusted Zone: o2.co.uk\*.broadband
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
MBRCheck
Download MBRCheck from Here & save it to your desktop.
Disable your security programs so they do not interfere with the tool.- Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt if enabled)
- A window will open on your desktop
- If an unknown bootcode is found, do not proceed with any further options at this time. For now, type in N then press Enter twice to exit the program
- If nothing unusual is found just press Enter
- A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop
- Post the contents of that file in your next reply
To post in next reply:
ComboFix log
MBRCheck log