Using Malawarebytes Software to Remove System Security Virus

========== FILES ==========
c:\windows\system32\kjnd moved successfully.
c:\windows\system32\drivers\str.sys moved successfully.
c:\windows\system32\drivers\fqatsaefywj.sys moved successfully.
C:\Windows Antivirus Pro.lnk moved successfully.
C:\Windows Antivirus Pro moved successfully.
LoadLibrary failed for c:\windows\system32\msxml.dll
c:\windows\system32\msxml.dll NOT unregistered.
c:\windows\system32\msxml.dll moved successfully.
c:\programdata\19687354 moved successfully.
File/Folder c:\progra~2\19687354* not found.
c:\windows\tacb5700.exe moved successfully.
c:\windows\cigx6623.exe moved successfully.
c:\windows\system32\drivers\tqtliriephuxoecv.sys moved successfully.
c:\windows\system32\winset.ini moved successfully.
c:\windows\wupgk3410.exe moved successfully.
c:\program files\FrostWire moved successfully.
c:\program files\AskBarDis\bar\Settings moved successfully.
c:\program files\AskBarDis\bar\bin moved successfully.
c:\program files\AskBarDis\bar moved successfully.
c:\program files\AskBarDis moved successfully.
========== SERVICES/DRIVERS ==========

Service\Driver wjhfavyatbmf deleted successfully.

Service\Driver Viewpoint Manager Service deleted successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 08022009_202541

Can I delete DDS? It said one time use.

BUMP

Hello.
Please run DDS again and post a fresh log, just making sure it's gone now.

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Mary at 13:36:21.53 on Wed 08/05/2009
Internet Explorer: 7.0.6000.16890
Microsoft Windows Vista Home Premium 6.0.6000.0.1252.1.1033.18.958.386 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\System32\mshta.exe
C:\Windows\System32\temp.exe
C:\Windows\System32\mshta.exe
C:\Program Files\Safari\Safari.exe
C:\Users\Mary\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uWindow Title = Internet Explorer provided by Dell
uSearch Bar =
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071005
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN helper: {91704c3f-a675-4e0e-9fb7-b03e005edda7} - systran.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: : {bf98dd74-148c-4a86-a6f3-7571f810d650} - c:\windows\temp\~66A7.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON NX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieda.exe /fu "c:\windows\temp\E_S8D4A.tmp" /EF "HKCU"
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SBC_McciTrayApp] c:\program files\sbc\update\SST.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [PrivacyCenter] c:\program files\privacycenter\protector.exe -startup
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {5199201E-60B4-11DE-85CF-260556D89593} - c:\program files\privacycenter\protector.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://config.skillcheck.com/onlinetesting/icaclients/win32/10.0/onlinetesting.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-7-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-7-28 72944]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-5 29744]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-7-28 7408]

=============== Created Last 30 ================

2009-08-04 04:16 1,148,928 a------- c:\windows\system32\temp.exe
2009-08-04 04:16 --d----- c:\program files\PrivacyCenter
2009-08-02 20:25 --d----- C:\_OTM
2009-08-02 15:50 40,448 a------- c:\windows\system32\systran.dll
2009-08-01 18:28 131,400 a---h--- c:\windows\system32\mlfcache.dat
2009-08-01 17:55 --dsh--- c:\users\mary\appdata\roaming\lowsec
2009-08-01 08:48 4 a------- c:\windows\system32\bincd32.dat
2009-07-31 21:40 --d----- c:\program files\Trend Micro
2009-07-29 14:54 --d----- C:\!KillBox
2009-07-29 01:24 143,360 a------- c:\windows\system32\dunzip32.dll
2009-07-28 19:02 --dsh--- C:\found.001
2009-07-28 18:25 --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-28 18:25 --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-28 18:23 --d----- c:\users\mary\appdata\roaming\SUPERAntiSpyware.com
2009-07-28 18:23 --d----- c:\program files\SUPERAntiSpyware
2009-07-28 18:22 --d----- c:\program files\common files\Wise Installation Wizard
2009-07-28 18:18 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 18:18 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-28 18:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 16:30 a-d----- c:\programdata\TEMP
2009-07-28 10:00 --d----- c:\program files\IEToolbar
2009-07-18 20:53 --d----- c:\programdata\UDL
2009-07-18 20:53 --d----- c:\progra~2\UDL
2009-07-18 20:50 --d----- c:\program files\Epson Software
2009-07-18 20:41 86,528 a------- c:\windows\system32\E_FLBEDA.DLL
2009-07-18 20:41 78,848 a------- c:\windows\system32\E_FD4BEDA.DLL
2009-07-18 20:41 --d----- c:\programdata\EPSON
2009-07-18 20:41 --d----- c:\progra~2\EPSON
2009-07-18 20:39 71,680 a------- c:\windows\system32\escwiad.dll
2009-07-18 20:39 --d----- c:\program files\epson
2009-07-18 20:38 44 a------- c:\windows\EPNX100.ini
2009-07-16 11:11 --d----- c:\users\mary\Tracing
2009-07-15 07:03 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-15 07:03 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 07:02 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 07:02 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-15 07:02 24,064 a------- c:\windows\system32\lpk.dll
2009-07-15 07:02 10,240 a------- c:\windows\system32\dciman32.dll

==================== Find3M ====================

2009-08-01 03:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-01 03:00 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 20:46 86,016 a------- c:\windows\inf\infstor.dat
2009-07-18 07:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 07:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 07:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 07:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 07:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 05:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 03:34 48,128 a------- c:\windows\system32\mshtmler.dll
2008-12-11 04:29 174 a--sh--- c:\program files\desktop.ini
2008-11-20 18:08 20 ----h--- c:\programdata\PKP_DLdu.DAT
2008-11-20 18:08 20 ----h--- c:\progra~2\PKP_DLdu.DAT
2008-06-11 03:11 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:47 603,648 a----r-- c:\users\mary\appdata\roaming\sdra64.exe
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-10-05 18:55 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:38:08.53 ===============

Run another Malwarebytes scan for me and post the log back here.

Malwarebytes' Anti-Malware 1.39
Database version: 2524
Windows 6.0.6000

8/5/2009 6:28:00 PM
mbam-log-2009-08-05 (18-28-00).txt

Scan type: Quick Scan
Objects scanned: 106741
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf98dd74-148c-4a86-a6f3-7571f810d650} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf98dd74-148c-4a86-a6f3-7571f810d650} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkNeighborhood\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\{5199201e-60b4-11de-85cf-260556d89593} (Rogue.SecretService) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91704c3f-a675-4e0e-9fb7-b03e005edda7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91704c3f-a675-4e0e-9fb7-b03e005edda7} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\privacycenter (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\~66A7.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Program Files\PrivacyCenter\protector.exe (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.

Hello.
One more time, then this should be okay.

• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\temp.exe
  c:\program files\PrivacyCenter
  C:\!KillBox
  C:\found.***
  c:\users\mary\appdata\roaming\lowsec
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\windows\system32\temp.exe moved successfully.
c:\program files\PrivacyCenter moved successfully.
C:\!KillBox\Logs moved successfully.
C:\!KillBox moved successfully.
C:\found.000\dir0000.chk moved successfully.
C:\found.000 moved successfully.
C:\found.001 moved successfully.
c:\users\mary\appdata\roaming\lowsec moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 08062009_112520

We can remove OTMoveIt now.

• Please double-click OTM.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt, do the same for the reboot prompt.
  

How is the machine running now?

Ok I did as instructed! xD

How do I make sure everything is finally ok?

Enable Mcafee again, and surf around, see what happens. Just be careful what sites you visit.

HAHA um what kind of sites should I stay away from?

Just don't go on anything you don't normally go on.

Ok!

I have been web surfing and everything seems good ^^ YAY!

Now I was wondering what do I do with all these programs I had to download?

You can delete them if you want, I would keep HijackThis and Malwarebytes though

Okay! Thank you SOOOOOOOOOOOOOOOO much!

I am SOOOOOOOOOOOOOOOOOOOO Happy!

You are SOOOOOOOOOOOOO smart!

^^

Last thing can i delete this software called "Registry Mechanic" or should that be on my computer?

If you didn't install it then yes delete it.

Okay done! But since I restarted my computer now it keeps shutting down and a blue screen appears T___T So I have my computer in Safe mode with networking right now. what do I do to fix this?

Does the blue screen give you any info, like a .sys file name perhaps?

well I can't really get any info. Its barely there for like one second then restarts the computer.

G to the Start Menu and right click "My Computer" > Properties.

Then go into the Advancted tab. Now under "Startup and recovery", there is a settings button. Open that up and untick "Restart automatically"

Press ok.
Now when it blue screens, it won't reboot. Let me know what happens next time you get the BSOD.

should I write all the info i see?

Yes, we may need it.

okay here is what I saw:

A problem has been detected and windows has shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates, Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove of disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical information:
*** STOP: 0x0000008E(0xC0000005,0x8A2CE28F,0x96F3C040,0x00000000)

Collecting data for crash dump...
Initializing disk for crash duump...
Beginning dump of physical memory.
Dumping physical memory to disk: 100
Physical memory dump complete.
contact your system admin or technical support group for further assistance.

This seems like a hardware problem, I am not good with hardware I would open a topic in the hardware section.

Okay thanks anyways.