Blue screen of death when I try and open certain programes [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Blue screen of death when I try and open certain programes [Solved] Windows only starting in safe mode

#1 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 02 March 2009 - 06:15 AM

Hello

Although this is not my first time using this site I thought it best I read the rules on posting a new topic, which I have now done. I have attached the HijackThis Log and the Uninstall Log.

If someone is able to look at them and help I would be axtremley appreciative.

I am running Windows Vista SP1 with McAfee, ATF Cleaner and Maleware Anti maleware bytes.

I have logs saved of recent McAfee scans if it helps. 1 programe that was showing up as a threat was a Combofix [2] programe. If you could maybe help me in solving if this is a threat or something I can leave would be great.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:57, on 02/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yah...?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9083 bytes

AC3Filter (remove only)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Belkin 54g USB Network Adapter
Belkin 54Mbps Wireless Network Adapter
Bonjour
BT Yahoo! Applications
BTHomeHub
Combined Community Codec Pack 2008-09-21 16:18
ConvertXtoDVD 3.0.0.9c
DAEMON Tools Toolbar
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Freecorder Toolbar 3.02 Application
getPlus® for Adobe
Google Desktop
HijackThis 2.0.2
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 11
Java™ 6 Update 7
Last.fm 1.5.2.38918
Lexmark 730 Series
LimeWire PRO 4.18.7
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
NetWaiting
QuickTime
SigmaTel Audio
Skype™ 3.8
Sonic Activation Module
Tag&Rename 3.4.6
URL Assistant
User's Guides
Vuze
Windows Installer Clean Up
Windows Media Player Firefox Plugin
WinRAR archiver

#2 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 02 March 2009 - 07:53 AM

My latest McAfee Virus Scan if it helps to resolve my problem

20/01/2009 00:27:02 Scan Started: 01/20/2009 00:27:02 AM
20/01/2009 01:00:37 "C:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.exe" "Adware-WebSearch" "5"
20/01/2009 01:06:05 "C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WD6X01N\ComboFix[2].exe" "RemAdm-ProcLaunch!171" "5"
20/01/2009 01:08:17 "c:\users\paul\documents\office2003\extras\mathtype 5.1\mtype_v5_1_keygen.exe" "Generic.dx" "5"
20/01/2009 01:08:17 "C:\USERS\PAUL\DOCUMENTS\OFFICE2003\EXTRAS\MATHTYPE 5.1\MTYPE_V5_1_KEYGEN.EXE" "Generic.dx" "5"
20/01/2009 01:08:17 "C:\Users\Paul\Documents\Office2003\Extras\MathType 5.1\mtype_v5_1_keygen.exe" "Generic.dx" "5"
20/01/2009 01:20:12 "C:\WINDOWS\SYSTEM32\KDOXC.EXE" "DNSChanger.gen" "5"
20/01/2009 01:20:12 "C:\Windows\System32\kdoxc.exe" "DNSChanger.gen" "5"
20/01/2009 01:39:48 "D:\RESYCLED\BOOT.COM" "DNSChanger.gen" "5"
20/01/2009 01:39:49 "D:\resycled\boot.com" "DNSChanger.gen" "5"
20/01/2009 01:50:24 Total objects scanned: 212820
20/01/2009 01:50:24 Objects detected: 5
20/01/2009 01:50:24 Scan Done: 01/20/2009 01:50:24 AM
21/01/2009 22:08:38 Scan Started: 01/21/2009 10:08:38 PM
21/01/2009 22:09:20 Total objects scanned: 1
21/01/2009 22:09:20 Objects detected: 0
21/01/2009 22:09:20 Scan Done: 01/21/2009 10:09:20 PM
21/01/2009 22:17:22 Scan Started: 01/21/2009 10:17:22 PM
21/01/2009 22:17:28 Total objects scanned: 62
21/01/2009 22:17:28 Objects detected: 0
21/01/2009 22:17:28 Scan Done: 01/21/2009 10:17:28 PM
22/01/2009 14:16:48 Scan Started: 01/22/2009 02:16:48 PM
22/01/2009 14:20:05 Total objects scanned: 166
22/01/2009 14:20:05 Objects detected: 0
22/01/2009 14:20:05 Scan Done: 01/22/2009 02:20:05 PM
22/01/2009 15:06:11 Scan Started: 01/22/2009 03:06:11 PM
22/01/2009 15:27:11 Total objects scanned: 239
22/01/2009 15:27:11 Objects detected: 0
22/01/2009 15:27:11 Scan Done: 01/22/2009 03:27:11 PM
22/01/2009 19:27:56 Scan Started: 01/22/2009 07:27:56 PM
22/01/2009 19:28:24 Total objects scanned: 48
22/01/2009 19:28:24 Objects detected: 0
22/01/2009 19:28:24 Scan Done: 01/22/2009 07:28:24 PM
22/01/2009 19:30:24 Scan Started: 01/22/2009 07:30:24 PM
22/01/2009 20:17:36 Total objects scanned: 997
22/01/2009 20:17:36 Objects detected: 0
22/01/2009 20:17:36 Scan Done: 01/22/2009 08:17:36 PM
23/01/2009 00:04:43 Scan Started: 01/23/2009 00:04:43 AM
23/01/2009 00:51:07 "C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WD6X01N\ComboFix[2].exe" "RemAdm-ProcLaunch!171" "5"
23/01/2009 01:58:42 Total objects scanned: 213826
23/01/2009 01:58:42 Objects detected: 1
23/01/2009 01:58:42 Scan Done: 01/23/2009 01:58:42 AM
02/02/2009 22:08:26 Scan Started: 02/02/2009 10:08:26 PM
02/02/2009 22:08:28 Total objects scanned: 1
02/02/2009 22:08:28 Objects detected: 0
02/02/2009 22:08:28 Scan Done: 02/02/2009 10:08:28 PM
04/02/2009 11:08:57 Scan Started: 02/04/2009 11:08:57 AM
04/02/2009 11:09:00 Total objects scanned: 4
04/02/2009 11:09:00 Objects detected: 0
04/02/2009 11:09:00 Scan Done: 02/04/2009 11:09:00 AM
04/02/2009 11:10:48 Scan Started: 02/04/2009 11:10:48 AM
04/02/2009 11:10:56 Total objects scanned: 84
04/02/2009 11:10:56 Objects detected: 0
04/02/2009 11:10:56 Scan Done: 02/04/2009 11:10:56 AM
06/02/2009 14:14:54 Scan Started: 02/06/2009 02:14:54 PM
06/02/2009 14:14:58 Total objects scanned: 10
06/02/2009 14:14:58 Objects detected: 0
06/02/2009 14:14:58 Scan Done: 02/06/2009 02:14:58 PM
09/02/2009 10:41:00 Scan Started: 02/09/2009 10:41:00 AM
09/02/2009 10:41:11 Total objects scanned: 15
09/02/2009 10:41:11 Objects detected: 0
09/02/2009 10:41:11 Scan Done: 02/09/2009 10:41:11 AM
09/02/2009 10:42:15 Scan Started: 02/09/2009 10:42:15 AM
09/02/2009 10:42:20 Total objects scanned: 9
09/02/2009 10:42:20 Objects detected: 0
09/02/2009 10:42:20 Scan Done: 02/09/2009 10:42:20 AM
09/02/2009 10:43:11 Scan Started: 02/09/2009 10:43:11 AM
09/02/2009 10:43:29 Total objects scanned: 89
09/02/2009 10:43:29 Objects detected: 0
09/02/2009 10:43:29 Scan Done: 02/09/2009 10:43:29 AM
10/02/2009 00:53:25 Scan Started: 02/10/2009 00:53:25 AM
10/02/2009 00:53:36 Total objects scanned: 13
10/02/2009 00:53:36 Objects detected: 0
10/02/2009 00:53:36 Scan Done: 02/10/2009 00:53:36 AM
19/02/2009 16:10:15 Scan Started: 02/19/2009 04:10:15 PM
19/02/2009 16:10:19 Total objects scanned: 1
19/02/2009 16:10:19 Objects detected: 0
19/02/2009 16:10:19 Scan Done: 02/19/2009 04:10:19 PM
19/02/2009 16:12:25 Scan Started: 02/19/2009 04:12:25 PM
19/02/2009 16:12:25 Total objects scanned: 1
19/02/2009 16:12:25 Objects detected: 0
19/02/2009 16:12:25 Scan Done: 02/19/2009 04:12:25 PM
20/02/2009 01:09:54 Scan Started: 02/20/2009 01:09:54 AM
20/02/2009 01:43:52 "C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0WD6X01N\ComboFix[2].exe" "RemAdm-ProcLaunch!171" "5"
20/02/2009 02:30:39 Total objects scanned: 219819
20/02/2009 02:30:39 Objects detected: 1
20/02/2009 02:30:39 Scan Done: 02/20/2009 02:30:39 AM
21/02/2009 16:37:44 Scan Started: 02/21/2009 04:37:44 PM
21/02/2009 16:37:47 Total objects scanned: 1
21/02/2009 16:37:47 Objects detected: 0
21/02/2009 16:37:47 Scan Done: 02/21/2009 04:37:47 PM
22/02/2009 13:39:49 Scan Started: 02/22/2009 01:39:49 PM
22/02/2009 13:39:53 Total objects scanned: 30
22/02/2009 13:39:53 Objects detected: 0
22/02/2009 13:39:53 Scan Done: 02/22/2009 01:39:53 PM
22/02/2009 20:52:40 Scan Started: 02/22/2009 08:52:40 PM
22/02/2009 20:52:45 Total objects scanned: 14
22/02/2009 20:52:45 Objects detected: 0
22/02/2009 20:52:45 Scan Done: 02/22/2009 08:52:45 PM
22/02/2009 20:58:16 Scan Started: 02/22/2009 08:58:16 PM
22/02/2009 20:58:18 Total objects scanned: 19
22/02/2009 20:58:18 Objects detected: 0
22/02/2009 20:58:18 Scan Done: 02/22/2009 08:58:18 PM
28/02/2009 11:02:51 Scan Started: 02/28/2009 11:02:51 AM
28/02/2009 11:02:52 Total objects scanned: 1
28/02/2009 11:02:52 Objects detected: 0
28/02/2009 11:02:52 Scan Done: 02/28/2009 11:02:52 AM
28/02/2009 11:07:27 Scan Started: 02/28/2009 11:07:27 AM
28/02/2009 11:07:27 Total objects scanned: 2
28/02/2009 11:07:27 Objects detected: 0
28/02/2009 11:07:27 Scan Done: 02/28/2009 11:07:27 AM
28/02/2009 11:10:03 Scan Started: 02/28/2009 11:10:03 AM
28/02/2009 11:10:09 Total objects scanned: 52
28/02/2009 11:10:09 Objects detected: 0
28/02/2009 11:10:09 Scan Done: 02/28/2009 11:10:09 AM
28/02/2009 11:12:03 Scan Started: 02/28/2009 11:12:03 AM
28/02/2009 11:12:18 Total objects scanned: 100
28/02/2009 11:12:18 Objects detected: 0
28/02/2009 11:12:18 Scan Done: 02/28/2009 11:12:18 AM
28/02/2009 16:58:15 Scan Started: 02/28/2009 04:58:15 PM
28/02/2009 16:58:17 Total objects scanned: 16
28/02/2009 16:58:17 Objects detected: 0
28/02/2009 16:58:17 Scan Done: 02/28/2009 04:58:17 PM
01/03/2009 15:55:29 Scan Started: 03/01/2009 03:55:29 PM
01/03/2009 15:55:32 "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"
01/03/2009 15:55:32 "C:\WINDOWS\SYSTEM32\GAOPDXITXOUTEY.DLL" "Generic FakeAlert.h" "5"
01/03/2009 15:55:32 "C:\Windows\system32\gaopdxitxoutey.dll" "Generic FakeAlert.h" "5"
01/03/2009 15:56:07 "C:\autorun.inf" "Generic!atr" "5"
01/03/2009 15:58:41 Total objects scanned: 3951
01/03/2009 15:58:41 Objects detected: 3
01/03/2009 15:58:41 Scan Done: 03/01/2009 03:58:41 PM
01/03/2009 16:33:44 Scan Started: 03/01/2009 04:33:44 PM
01/03/2009 16:33:46 "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"
01/03/2009 16:33:47 "C:\WINDOWS\SYSTEM32\GAOPDXITXOUTEY.DLL" "Generic FakeAlert.h" "5"
01/03/2009 16:33:47 "C:\Windows\system32\gaopdxitxoutey.dll" "Generic FakeAlert.h" "5"
01/03/2009 19:06:36 "D:\autorun.inf" "Generic!atr" "5"
01/03/2009 19:20:20 Total objects scanned: 217509
01/03/2009 19:20:20 Objects detected: 3
01/03/2009 19:20:20 Scan Done: 03/01/2009 07:20:20 PM
02/03/2009 11:49:36 Scan Started: 03/02/2009 11:49:36 AM
02/03/2009 11:49:38 "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"
02/03/2009 11:49:38 "C:\WINDOWS\SYSTEM32\GAOPDXITXOUTEY.DLL" "Generic FakeAlert.h" "5"
02/03/2009 11:49:38 "C:\Windows\system32\gaopdxitxoutey.dll" "Generic FakeAlert.h" "5"
02/03/2009 13:14:48 Total objects scanned: 217572
02/03/2009 13:14:48 Objects detected: 2
02/03/2009 13:14:48 Scan Done: 03/02/2009 01:14:48 PM

#3 emeraldnzl

Group: GeekU Moderator
Posts: 14,425
Joined: 19-November 07

Posted 06 March 2009 - 01:33 PM

Hello

Firstly: Please disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

After that

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

Close all windows other than HiJackThis, then click Fix Checked.

Close HiJackThis.

Now

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:processes
explorer.exe

:files
C:\Program Files\AskBarDis
C:\Program Files\DAEMON Tools Toolbar

:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Finally in this post

Please download random's system information tool (RSIT) by random/random from here.
It is important that is saved to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

So when you return please post
MBAM log
the two RSIT logs - log.txt and info.txt

Note: Unless otherwise instructed always post the logs in the forum. It is likely these reports will not fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

#4 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 10 March 2009 - 06:06 AM

Thanks for your time in helping me with my problem, I have been away visiting family so have not been able to fix my pc sooner

Anyway

I have done everything you requested apart from 1 thing

I was not able to update Maleware Bytes before running a scan. I kept getting an error message saying please set your firewall to allow MBAM access to the internet?

I tried several times to try and change different options but still it would not update?

Also when I run OTMoveit the computer needed to be restarted and when I pressed yes it loaded windows noramlly but I then got the Blue screen of death again so had to restart in "Safe Mode"

Might this be the problem with not being able to update MBAM??

Please find below the logs you asked me for
MBAM
OTMoveit3
log.txt
info.txt

Thanks again for your time

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 6.0.6001 Service Pack 1

10/03/2009 12:04:21
mbam-log-2009-03-10 (12-04-21).txt

Scan type: Quick Scan
Objects scanned: 53194
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\AskBarDis\bar\Settings moved successfully.
C:\Program Files\AskBarDis\bar\bin moved successfully.
C:\Program Files\AskBarDis\bar moved successfully.
C:\Program Files\AskBarDis moved successfully.
C:\Program Files\DAEMON Tools Toolbar\Resources moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components moved successfully.
Folder move failed. C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT scheduled to be moved on reboot.
Folder move failed. C:\Program Files\DAEMON Tools Toolbar scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Paul\AppData\Local\Temp\etilqs_evvKh4XGg9Di8YeHsYNP scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\mcmsc_Y9sxRMyhd30UE3x scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_112336

Logfile of random's system information tool 1.05 (written by random/random)
Run by Paul at 2009-03-10 11:55:42
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 42 GB (30%) free of 142 GB
Total RAM: 1013 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:22, on 10/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Paul\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Paul.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yah...?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Users\Paul\Downloads\OTMoveIt3.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6904 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2008-10-17 247312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-11-17 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTMoveIt"=C:\Users\Paul\Downloads\OTMoveIt3.exe [2009-03-10 348160]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2006-11-12 446976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
c:\dell\E-Center\EULALauncher.exe [2006-11-17 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
C:\Windows\FixCamera.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-02-14 240640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2007-02-09 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2007-02-09 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCFCATS]
rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McENUI]
C:\PROGRA~1\McAfee\MHN\McENUI.exe [2008-06-13 1176808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\Windows\system32\igfxpers.exe [2007-02-09 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Windows\sttray.exe [2006-11-22 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\Windows\vsnp2std.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\Windows\tsnp2std.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-09-22 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-02-09 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b657f3-d712-11dd-b61a-0019d138f1a3}]
shell\AutoRun\command - WDSetup.exe

======List of files/folders created in the last 1 months======

2009-03-10 11:55:42 ----D---- C:\rsit
2009-03-10 11:23:36 ----D---- C:\_OTMoveIt
2009-03-04 11:59:48 ----D---- C:\Windows\pss
2009-02-28 11:04:33 ----D---- C:\RECYCLER
2009-02-19 16:48:34 ----D---- C:\Program Files\Combined Community Codec Pack
2009-02-16 20:22:49 ----A---- C:\Windows\system32\EncDec.dll
2009-02-16 20:22:35 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-16 20:22:01 ----A---- C:\Windows\system32\mshtml.dll
2009-02-16 20:21:59 ----A---- C:\Windows\system32\ieframe.dll
2009-02-16 20:21:55 ----A---- C:\Windows\system32\urlmon.dll
2009-02-16 20:21:53 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-16 20:21:50 ----A---- C:\Windows\system32\wininet.dll
2009-02-16 20:21:48 ----A---- C:\Windows\system32\mstime.dll
2009-02-16 20:21:44 ----A---- C:\Windows\system32\iertutil.dll
2009-02-16 20:21:38 ----A---- C:\Windows\system32\jsproxy.dll

======List of files/folders modified in the last 1 months======

2009-03-10 11:53:37 ----D---- C:\Windows\temp
2009-03-10 11:32:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-10 11:32:36 ----D---- C:\Windows\system32\drivers
2009-03-10 11:30:16 ----D---- C:\Program Files\Mozilla Firefox
2009-03-10 11:29:42 ----A---- C:\Windows\ntbtlog.txt
2009-03-10 11:28:58 ----D---- C:\Windows\Minidump
2009-03-10 11:28:46 ----D---- C:\Windows
2009-03-10 11:23:37 ----RD---- C:\Program Files
2009-03-10 11:23:37 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-03-06 21:58:16 ----D---- C:\Users\Paul\AppData\Roaming\Vso
2009-03-04 12:02:52 ----D---- C:\Windows\Prefetch
2009-03-03 19:24:44 ----D---- C:\Windows\System32
2009-03-03 19:24:44 ----D---- C:\Windows\inf
2009-03-03 19:24:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-03-01 20:39:29 ----SHD---- C:\System Volume Information
2009-02-28 18:13:38 ----D---- C:\Users\Paul\AppData\Roaming\LimeWire
2009-02-28 16:57:41 ----D---- C:\Users\Paul\AppData\Roaming\Azureus
2009-02-27 14:27:29 ----D---- C:\Program Files\Vuze
2009-02-27 11:59:35 ----D---- C:\Program Files\Common Files\Real
2009-02-27 11:59:29 ----D---- C:\Program Files\Common Files
2009-02-27 11:59:20 ----D---- C:\Users\Paul\AppData\Roaming\Real
2009-02-27 11:56:57 ----D---- C:\ProgramData\Google
2009-02-27 11:56:57 ----D---- C:\Program Files\Google
2009-02-27 11:45:54 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-26 22:23:44 ----D---- C:\Program Files\Lx_cats
2009-02-26 22:23:43 ----HD---- C:\ProgramData
2009-02-26 22:02:53 ----SHD---- C:\Windows\Installer
2009-02-24 12:02:59 ----D---- C:\Windows\system32\catroot2
2009-02-21 18:37:53 ----D---- C:\Windows\Downloaded Installations
2009-02-21 18:37:52 ----D---- C:\Program Files\Kontiki
2009-02-18 16:35:04 ----SD---- C:\Windows\Downloaded Program Files
2009-02-16 22:25:29 ----D---- C:\Windows\winsxs
2009-02-16 22:08:38 ----D---- C:\Windows\Microsoft.NET
2009-02-16 22:08:37 ----RSD---- C:\Windows\assembly
2009-02-16 22:03:11 ----D---- C:\Windows\system32\catroot
2009-02-16 22:02:59 ----D---- C:\Windows\ehome
2009-02-16 22:01:28 ----D---- C:\Program Files\Windows Mail
2009-02-12 04:56:17 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-06-02 130424]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 netr73;Belkin Wireless 54G USB Network Adapter Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2008-10-02 464384]
S1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
S1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2008-06-27 207656]
S2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
S2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
S2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
S2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
S2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
S2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
S2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
S2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
S2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
S2 dsunidrv;dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [2006-08-17 7424]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys []
S3 aue4vitm;aue4vitm; C:\Windows\system32\drivers\aue4vitm.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys []
S3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-09 1476608]
S3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2008-06-27 79240]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2008-06-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2008-06-27 40488]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-17 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-17 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\Windows\system32\drivers\Ndisprot.sys [2008-11-25 29184]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-09-29 47360]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RkHit;RkHit; \??\C:\Windows\system32\drivers\RKHit.sys [2008-09-16 30080]
S3 RT73;Belkin USB Network Adapter; C:\Windows\system32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\Windows\system32\DRIVERS\snp2sxp.sys []
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-22 647680]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
S2 lxcf_device;lxcf_device; C:\Windows\system32\lxcfcoms.exe [2007-02-23 537520]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
S2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-17 303104]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2008-07-09 25416]
S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
S2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-22 90112]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2006-11-07 70656]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2007-02-14 81408]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-03-10 11:56:25

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Belkin 54g USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\Belkin Wireless Network Utility\setup.exe" -l0x9
Belkin 54Mbps Wireless Network Adapter-->C:\Program Files\InstallShield Installation Information\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BT Yahoo! Applications-->C:\Program Files\Yahoo!\Common\uninstall.exe
BTHomeHub-->C:\Program Files.\BTHomeHub.\Uninstall.exe BTHomeHub2.0
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
ConvertXtoDVD 3.0.0.9c-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Freecorder Toolbar 3.02 Application-->"C:\Windows\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Last.fm 1.5.2.38918-->"C:\Program Files\Last.fm\unins000.exe"
Lexmark 730 Series-->C:\Program Files\Lexmark 730 Series\Install\x86\Uninst.exe
LimeWire PRO 4.18.7-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Tag&Rename 3.4.6-->"C:\Program Files\TagRename\unins000.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

======Security center information======

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

#5 emeraldnzl

Group: GeekU Moderator
Posts: 14,425
Joined: 19-November 07

Posted 10 March 2009 - 11:55 AM

Quote

Might this be the problem with not being able to update MBAM??

No I don't think so. More likely some temporary conflict somewhere with OTMoveIt3 but may be related to your initial problem and reason for coming here.

Lets have a deeper look.

Download Lop S&D by Eric_71 and save it to your desktop.

Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and anti-malware programs so they do not interfere with the running of Lop S&D. You can usually do this via a right click on the System Tray icon.

Double-click LopSD.exe
If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 2 to choose Option 2 (Fix + Hosts), then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

#6 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 10 March 2009 - 12:11 PM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 2.1.2
USER : Paul ( Administrator )
BOOT : Fail-safe with network boot
C:\ (Local Disk) - NTFS - Total:138 Go (Free:41 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 10/03/2009|18:09 )

[ UAC => 0 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in Local

[17/09/2008|14:38] C:\Users\Paul\AppData\Local\Application Data
[22/09/2008|10:37] C:\Users\Paul\AppData\Local\Apps
[07/01/2009|16:35] C:\Users\Paul\AppData\Local\Citrix
[16/01/2009|19:39] C:\Users\Paul\AppData\Local\Cooliris
[10/03/2009|11:30] C:\Users\Paul\AppData\Local\d3d9caps.dat
[03/03/2009|10:50] C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[02/10/2008|13:33] C:\Users\Paul\AppData\Local\Deployment
[30/12/2008|21:06] C:\Users\Paul\AppData\Local\Downloaded Installations
[04/03/2009|11:12] C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
[27/02/2009|11:56] C:\Users\Paul\AppData\Local\Google
[17/09/2008|14:38] C:\Users\Paul\AppData\Local\History
[19/02/2009|16:30] C:\Users\Paul\AppData\Local\ImgBurn.exe
[16/02/2009|20:43] C:\Users\Paul\AppData\Local\Last.fm
[30/11/2008|23:58] C:\Users\Paul\AppData\Local\Microsoft
[13/12/2008|00:03] C:\Users\Paul\AppData\Local\Microsoft Help
[17/09/2008|16:02] C:\Users\Paul\AppData\Local\MigWiz
[06/10/2008|11:41] C:\Users\Paul\AppData\Local\Mozilla
[23/09/2008|12:34] C:\Users\Paul\AppData\Local\Protexis
[17/09/2008|14:40] C:\Users\Paul\AppData\Local\Roxio
[17/09/2008|16:31] C:\Users\Paul\AppData\Local\SupportSoft
[10/03/2009|18:09] C:\Users\Paul\AppData\Local\Temp
[17/09/2008|14:38] C:\Users\Paul\AppData\Local\Temporary Internet Files
[22/09/2008|12:26] C:\Users\Paul\AppData\Local\Threat Expert
[19/02/2009|16:30] C:\Users\Paul\AppData\Local\tsMuxeR.exe
[17/09/2008|14:40] C:\Users\Paul\AppData\Local\VirtualStore

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[19/01/2009 17:56][--a------] C:\Windows\tasks\McDefragTask.job
[19/01/2009 17:56][--a------] C:\Windows\tasks\McQcTask.job
[10/03/2009 11:27][--ah-----] C:\Windows\tasks\SA.DAT
[01/03/2009 16:28][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[30/11/2008|00:14] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[06/12/2008|23:45] C:\ProgramData\Adobe
[19/09/2008|14:24] C:\ProgramData\Apple
[19/09/2008|14:29] C:\ProgramData\Apple Computer
[17/09/2008|14:33] C:\ProgramData\Application Data
[23/01/2009|16:37] C:\ProgramData\Applications
[19/09/2008|15:52] C:\ProgramData\Azureus
[30/09/2008|13:25] C:\ProgramData\Citrix
[14/02/2007|01:48] C:\ProgramData\Corel
[09/01/2009|21:36] C:\ProgramData\DAEMON Tools Lite
[17/09/2008|16:44] C:\ProgramData\Dell
[17/09/2008|14:33] C:\ProgramData\Desktop
[17/09/2008|14:33] C:\ProgramData\Documents
[05/01/2009|18:46] C:\ProgramData\DriverScanner
[17/09/2008|14:33] C:\ProgramData\Favorites
[27/02/2009|11:56] C:\ProgramData\Google
[14/02/2007|01:54] C:\ProgramData\Gtek
[14/02/2007|01:51] C:\ProgramData\InstallShield
[04/01/2009|18:17] C:\ProgramData\Kaspersky Lab
[25/11/2008|14:44] C:\ProgramData\Kaspersky Lab Setup Files
[01/12/2008|00:17] C:\ProgramData\Last.fm
[12/11/2008|11:27] C:\ProgramData\Malwarebytes
[23/01/2009|11:00] C:\ProgramData\McAfee
[23/01/2009|17:36] C:\ProgramData\Microsoft
[23/01/2009|17:25] C:\ProgramData\Microsoft Help
[02/10/2008|12:29] C:\ProgramData\Motive
[25/09/2008|16:11] C:\ProgramData\NOS
[05/02/2009|08:50] C:\ProgramData\ntuser.pol
[30/12/2008|21:08] C:\ProgramData\PC Drivers HeadQuarters
[22/09/2008|15:41] C:\ProgramData\PC Tools
[04/01/2009|19:09] C:\ProgramData\Roxio
[19/09/2008|15:16] C:\ProgramData\Skype
[14/02/2007|01:53] C:\ProgramData\Sonic
[17/12/2008|17:43] C:\ProgramData\SPL19D4.tmp
[17/09/2008|14:33] C:\ProgramData\Start Menu
[17/09/2008|16:28] C:\ProgramData\SupportSoft
[04/01/2009|18:31] C:\ProgramData\TEMP
[17/09/2008|14:33] C:\ProgramData\Templates
[29/09/2008|18:53] C:\ProgramData\vsosdk
[16/12/2008|13:58] C:\ProgramData\WindowsSearch
[02/10/2008|12:35] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[20/12/2008|10:49] C:\Program Files\AC3Filter
[25/09/2008|16:12] C:\Program Files\Adobe
[19/09/2008|14:26] C:\Program Files\Apple Software Update
[14/02/2007|02:00] C:\Program Files\BAE
[02/10/2008|14:57] C:\Program Files\Belkin
[28/12/2008|11:37] C:\Program Files\Bonjour
[02/10/2008|12:33] C:\Program Files\BT Broadband Desktop Help
[02/10/2008|12:34] C:\Program Files\BTHomeHub
[19/02/2009|16:48] C:\Program Files\Combined Community Codec Pack
[27/02/2009|11:59] C:\Program Files\Common Files
[14/02/2007|01:36] C:\Program Files\CONEXANT
[09/01/2009|21:36] C:\Program Files\DAEMON Tools Lite
[10/03/2009|11:23] C:\Program Files\DAEMON Tools Toolbar
[14/02/2007|02:07] C:\Program Files\Dell
[17/09/2008|16:28] C:\Program Files\Dell Support Center
[14/02/2007|01:54] C:\Program Files\DellSupport
[14/02/2007|01:46] C:\Program Files\Digital Line Detect
[13/12/2008|11:07] C:\Program Files\DivX
[14/01/2009|19:48] C:\Program Files\Freecorder Toolbar
[27/02/2009|11:56] C:\Program Files\Google
[04/02/2009|19:11] C:\Program Files\InstallShield Installation Information
[14/02/2007|01:44] C:\Program Files\Intel
[21/09/2008|12:15] C:\Program Files\Internet Explorer
[30/11/2008|00:13] C:\Program Files\iPod
[01/12/2008|00:17] C:\Program Files\iTunes
[17/12/2008|09:10] C:\Program Files\Java
[21/02/2009|18:37] C:\Program Files\Kontiki
[01/12/2008|00:09] C:\Program Files\Last.fm
[23/01/2009|19:28] C:\Program Files\Lexmark 730 Series
[20/09/2008|13:47] C:\Program Files\LimeWire
[26/02/2009|22:23] C:\Program Files\Lx_cats
[10/03/2009|11:32] C:\Program Files\Malwarebytes' Anti-Malware
[23/01/2009|11:00] C:\Program Files\McAfee
[19/01/2009|17:38] C:\Program Files\McAfee.com
[23/01/2009|17:33] C:\Program Files\Microsoft ActiveSync
[23/01/2009|17:31] C:\Program Files\Microsoft Office
[23/01/2009|11:17] C:\Program Files\Microsoft Office.old
[27/02/2009|11:45] C:\Program Files\Microsoft Silverlight
[23/01/2009|11:18] C:\Program Files\Microsoft Small Business
[18/09/2008|19:01] C:\Program Files\Microsoft SQL Server
[14/02/2007|01:57] C:\Program Files\Microsoft Visual Studio
[23/01/2009|17:24] C:\Program Files\Microsoft Visual Studio 8
[23/01/2009|11:19] C:\Program Files\Microsoft.NET
[14/02/2007|01:46] C:\Program Files\Modem Diagnostic Tool
[21/09/2008|12:15] C:\Program Files\Movie Maker
[10/03/2009|11:30] C:\Program Files\Mozilla Firefox
[22/01/2009|14:29] C:\Program Files\MSBuild
[19/01/2009|17:13] C:\Program Files\MSECACHE
[17/09/2008|15:25] C:\Program Files\MSXML 4.0
[14/02/2007|01:46] C:\Program Files\NetWaiting
[25/09/2008|16:04] C:\Program Files\NOS
[30/11/2008|00:11] C:\Program Files\QuickTime
[02/11/2006|12:37] C:\Program Files\Reference Assemblies
[14/02/2007|01:43] C:\Program Files\SigmaTel
[19/01/2009|17:38] C:\Program Files\SiteAdvisor
[19/09/2008|15:16] C:\Program Files\Skype
[19/11/2008|14:10] C:\Program Files\TagRename
[12/11/2008|15:10] C:\Program Files\Trend Micro
[02/11/2006|13:01] C:\Program Files\Uninstall Information
[29/09/2008|17:44] C:\Program Files\VSO
[27/02/2009|14:27] C:\Program Files\Vuze
[21/09/2008|12:15] C:\Program Files\Windows Calendar
[21/09/2008|12:15] C:\Program Files\Windows Collaboration
[21/09/2008|12:15] C:\Program Files\Windows Defender
[19/01/2009|17:14] C:\Program Files\Windows Installer Clean Up
[21/09/2008|12:15] C:\Program Files\Windows Journal
[16/02/2009|22:01] C:\Program Files\Windows Mail
[01/12/2008|00:17] C:\Program Files\Windows Media Player
[02/11/2006|12:37] C:\Program Files\Windows NT
[21/09/2008|12:15] C:\Program Files\Windows Photo Gallery
[21/09/2008|12:15] C:\Program Files\Windows Sidebar
[23/09/2008|12:19] C:\Program Files\WinRAR
[02/10/2008|12:29] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[25/09/2008|16:10] C:\Program Files\Common Files\Adobe
[06/12/2008|23:45] C:\Program Files\Common Files\Adobe AIR
[30/11/2008|00:13] C:\Program Files\Common Files\Apple
[14/02/2007|01:57] C:\Program Files\Common Files\DESIGNER
[14/02/2007|01:52] C:\Program Files\Common Files\InstallShield
[04/10/2008|15:19] C:\Program Files\Common Files\Java
[23/01/2009|17:33] C:\Program Files\Common Files\L&H
[20/01/2009|00:12] C:\Program Files\Common Files\McAfee
[23/01/2009|17:34] C:\Program Files\Common Files\microsoft shared
[02/10/2008|13:52] C:\Program Files\Common Files\Motive
[22/09/2008|12:05] C:\Program Files\Common Files\PX Storage Engine
[27/02/2009|11:59] C:\Program Files\Common Files\Real
[02/11/2006|11:18] C:\Program Files\Common Files\Services
[19/09/2008|15:16] C:\Program Files\Common Files\Skype
[02/11/2006|11:18] C:\Program Files\Common Files\SpeechEngines
[17/09/2008|16:28] C:\Program Files\Common Files\supportsoft
[22/01/2009|14:35] C:\Program Files\Common Files\System

--------------------\\ Process

( 26 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 18:09:42
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\Paul\iTunes Music\Snow Patrol\A Hundred Million Suns\02 Crack The Shutters.mp3
C:\Users\Paul\Music\Kanye West\kanye west-late registration\08 Crack Music (Feat. The Game).mp3
C:\Users\Paul\Music\Snow Patrol\A Hundred Million Suns\02 Snow Patrol - Crack The Shutters.mp3

[F:3][D:1]-> C:\Users\Paul\AppData\Local\Temp
[F:1][D:0]-> C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\Cookies
[F:88][D:5]-> C:\Users\Paul\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:9][D:6]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 10/03/2009|18:10 - Option : [2]

--------------------\\ Scan completed at 18:10:14
[ UAC => 1 ]

#7 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 10 March 2009 - 12:43 PM

Just in case I did not explain myself properly

MBAM is not updating because it can not connect to the internet and it is saying to set my firewall to allow MBAM through.

Is it not updating because I am having to load in "Safe Mode"?

Sorry if this is a stupid question

Also because I am loading in "Safe Mode" my McAfee icon has a cross in the icon in the system tray I have tried right clicking to disable but there is no option

I have opened McAfee and all the options are set to off

Do I have to do something else to disable McAfee or is this ok?

Thanks for your support and advice

#8 emeraldnzl

Group: GeekU Moderator
Posts: 14,425
Joined: 19-November 07

Posted 10 March 2009 - 01:21 PM

Quote

MBAM is not updating because it can not connect to the internet and it is saying to set my firewall to allow MBAM through.

Is it not updating because I am having to load in "Safe Mode"?

I think it more likely that it is you firewall that is not letting it through but you never know.

I have been wondering if there is something corrupt in McAfee. It might be worth trying a re-install to see if that helps.

Meantime we will continue the search for malware.

Cracks inevitably result in infection.

Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:processes
explorer.exe

:files
C:\Users\Paul\iTunes Music\Snow Patrol\A Hundred Million Suns\02 Crack The Shutters.mp3
C:\Users\Paul\Music\Kanye West\kanye west-late registration\08 Crack Music (Feat. The Game).mp3
C:\Users\Paul\Music\Snow Patrol\A Hundred Million Suns\02 Snow Patrol - Crack The Shutters.mp3

:commands
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Copy and paste that information in your next post.

So when you return please post
OTMoveIt3 log
Kaspersky scan results

#9 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 10 March 2009 - 04:39 PM

Hi,

I can not get the Kaspersky scan to run

It downloads and installs the program

But fails when trying to update the database, I have attached the OTMoveIt3 log at the bottom that worked ok

the following message appears

Program is starting. Please wait...
Update source selected: http://www.kaspersky.com
Downloading file: packages/kos-extras.jar
Program has started.

Program database is being updated. Please wait...
Update source selected: ftp://downloads4.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Update source selected: ftp://downloads5.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Update source selected: ftp://downloads2.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Update source selected: http://downloads2.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Failed to connect to update source: downloads2.kaspersky-labs.com
Update source selected: http://downloads4.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Failed to connect to update source: downloads4.kaspersky-labs.com
Update source selected: ftp://downloads3.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Update source selected: http://downloads5.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Failed to connect to update source: downloads5.kaspersky-labs.com
Update source selected: ftp://downloads1.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Update source selected: http://downloads1.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Failed to connect to update source: downloads1.kaspersky-labs.com
Update source selected: http://downloads3.kaspersky-labs.com/
Downloading file: index/master.xml.klz
Failed to connect to update source: downloads3.kaspersky-labs.com

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Failed to connect to update source]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Users\Paul\iTunes Music\Snow Patrol\A Hundred Million Suns\02 Crack The Shutters.mp3 moved successfully.
C:\Users\Paul\Music\Kanye West\kanye west-late registration\08 Crack Music (Feat. The Game).mp3 moved successfully.
File/Folder C:\Users\Paul\Music\Snow Patrol\A Hundred Million Suns\02 Snow Patrol - Crack The Shutters.mp3 not found.
========== COMMANDS ==========
File delete failed. C:\Users\Paul\AppData\Local\Temp\etilqs_9vm1wb7FeQ2cZN3ZZdME scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\mcafee_H0eDhcfVcghFCp6 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_C8jeuFhW7a93uIg scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_Lh7bLzW6U7Lh08M scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Paul\AppData\Local\Mozilla\Firefox\Profiles\vwbmm4kj.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03102009_195639

#10 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 10 March 2009 - 04:52 PM

Forgot to say that I had removed McAfee before trying to run Kaspersky I also tried running the MBAM update but it still failed

??????

#11 emeraldnzl

Group: GeekU Moderator
Posts: 14,425
Joined: 19-November 07

Posted 10 March 2009 - 08:54 PM

Check that Windows Defender isn't enabled.

How to disable Windows Defender to prevent it from interfering with our fixes.

Go to this link for instructions on how to enable/disable Windows Defender

http://windowshelp.microsoft.com/Windows/e...1bf0dc1033.mspx

#12 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 11 March 2009 - 04:30 AM

I have checked Windows Defender and it was turned off. I even tried turning it on and then off several times, but still Kaspersky will not update???

I have also checked Windows Firewall and that is showing as off

My screen seems to be blinking every so often as well, although I think it has been doing it since I got this virus

#13 emeraldnzl

Group: GeekU Moderator
Posts: 14,425
Joined: 19-November 07

Posted 11 March 2009 - 01:10 PM

Perhaps you can get it to run in Safe Mode.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Tell me how you get one.

Note: In Vista use the administrator mode

#14 paulcole

Group: Member
Posts: 90
Joined: 11-November 08

Posted 12 March 2009 - 05:49 AM

I have been in safe mode since I got this virus, I could get the computer to start windows normally but as soon as it did I would get the blue screen appear and the only way to get rid of it would be to turn the machine off from the plug, I would then have to restart in "Safe Mode"

Although I am sending this message in normal mode and I have not got the blue screen of death yet!!!!

The only thing that i am seeing that is not right is the start bar at the bottom of the screen is a dull grey colour and very small

I have tried loading MBAM and running rhe update whilst in normal mode but still it will not update

Even though I have deleted McAfee

help

#15 emeraldnzl

Group: GeekU Moderator
Posts: 14,425
Joined: 19-November 07

Posted 12 March 2009 - 06:26 PM

Hmm...lets see if you can run this one then:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/...rweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

Blue screen of death when I try and open certain programes [Solved] - Geeks to Go Forums