Cannot install Malwarebytes or any other anti-virus

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Cannot install Malwarebytes or any other anti-virus4th February 2010, 5:00 pm

Hello. I have this pc that had a rogue anti-virus software running on it. The software was Malware Defense. I was able to successfully remove it manually in safe mode and the PC is running real smooth now, however, I still cannot load or run any anti-virus. I was able to change the file name of malwarebytes and run it, but when I do that I cannot update it. I can post any log anyone needs to see, just ask and I'll do it asap. Thanks in advance for the help!

Eric

Oh, and this what I removed:

mdefense.exe
uninstall.exe
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Malware Defense”
c:\Program Files\Malware Defense\mdext.dll
c:\Program Files\Malware Defense
%UserProfile%\Start Menu\Programs\Malware Defense

Re: Cannot install Malwarebytes or any other anti-virus4th February 2010, 8:54 pm

Download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe
Click Run Scan and let the program run uninterrupted
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Cannot install Malwarebytes or any other anti-virus DXwU4

Cannot install Malwarebytes or any other anti-virus DXwU4

Cannot install Malwarebytes or any other anti-virus VvYDg

Re: Cannot install Malwarebytes or any other anti-virus4th February 2010, 9:16 pm

OTL logfile created on: 2/4/2010 4:09:23 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.70 Gb Total Space | 2.39 Gb Free Space | 7.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.89 Gb Total Space | 0.66 Gb Free Space | 35.03% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTY1227
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/04 15:56:02 | 000,548,864 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/12 08:49:42 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/12 08:49:42 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 19:12:35 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/13 12:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 12:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 12:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 17:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 17:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/01/25 13:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008/01/25 13:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe
PRC - [2005/09/20 08:36:20 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/09/20 08:32:24 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/04/11 22:15:14 | 000,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe

========== Modules (SafeList) ==========

MOD - [2010/02/04 15:56:02 | 000,548,864 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2008/02/05 17:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/23 15:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/29 12:41:26 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/12 08:49:42 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/04/13 19:12:35 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2008/04/07 18:16:26 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/02/05 17:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 17:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 17:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/03/03 17:11:32 | 000,466,944 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/02/01 22:09:06 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/01 22:09:06 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/08/28 19:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/07 18:16:45 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/07 18:16:45 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/02/05 21:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 21:17:37 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/02/05 21:17:26 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/02/05 17:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 17:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/06/15 09:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/09/20 09:00:54 | 001,302,332 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/12/13 16:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 17:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 17:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 17:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 17:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 17:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 17:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 17:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/02/10 17:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2001/08/22 10:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 08:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 51 68 E7 C1 A5 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://sn102w.snt102.mail.live.com/default.aspx?wa=wsignin1.0|https://www.facebook.com/frankielaz?v=feed&story_fbid=190504792087#/home.php?ref=home|https://harmonia.dmv.state.ny.us/regrenewal/rrnenterreginfo.cfm|http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9090
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/04 12:40:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 20:35:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/09 07:01:50 | 000,000,000 | ---D | M]

[2008/08/30 16:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/01 17:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\extensions
[2008/11/08 17:27:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/05 09:33:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/10/24 07:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\extensions\plugin@yontoo.com
[2010/02/01 17:40:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/11 14:19:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

O1 HOSTS File: ([2010/02/04 09:38:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: adobe.com ([get] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adobe.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cvs.com ([cvslearnet.com] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220127086758 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 147.139.1.60 147.139.1.61
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\orarevapi.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/30 17:06:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/04 12:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Desktopicon
[2010/02/04 12:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/02/04 11:47:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/04 11:25:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/04 10:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/02/04 09:42:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/04 09:42:57 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 09:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/04 09:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/04 09:20:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/04 09:19:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/04 09:19:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/04 09:19:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/04 09:19:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/04 09:19:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/04 09:19:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/04 07:47:06 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/02/01 22:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/01 22:08:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/01 22:08:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/01 22:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/01 22:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/01 21:45:01 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/01 21:45:01 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/01 20:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2010/02/01 19:24:44 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/01/24 12:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\DVDVideoSoft
[2010/01/18 18:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Scholastic
[2010/01/07 11:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\temp
[2010/01/07 10:41:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Desktop\.picasaoriginals
[2010/01/06 19:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Unity
[2009/03/30 15:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/31 15:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/04 15:27:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/04 15:27:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/04 15:24:49 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/04 15:24:49 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/04 15:24:41 | 004,829,500 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/02/04 13:59:49 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 11:23:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/04 09:38:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/04 09:21:03 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/04 07:45:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/01 22:09:06 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/01 21:45:01 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/01 19:24:46 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/02/01 18:37:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/02/01 18:18:47 | 023,388,307 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\trd3.zip
[2010/01/31 15:29:17 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/31 15:00:12 | 000,054,240 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\21.jpg
[2010/01/30 18:21:40 | 000,000,623 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/01/30 10:04:09 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trillian.lnk
[2010/01/18 17:58:40 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\a i c your decision tab.doc
[2010/01/14 18:40:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 11:12:52 | 005,766,070 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC_3247.JPG
[2010/01/07 10:57:35 | 008,333,941 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC_3352.JPG
[2010/01/07 10:49:55 | 007,469,863 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC_3289.JPG
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/04 09:43:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 09:21:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/04 09:20:58 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/04 09:19:40 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/04 09:19:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/04 09:19:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/04 09:19:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/04 09:19:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/01 18:15:03 | 023,388,307 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\trd3.zip
[2010/01/31 15:00:08 | 000,054,240 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\21.jpg
[2010/01/18 17:58:32 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\a i c your decision tab.doc
[2010/01/07 11:12:52 | 005,766,070 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC_3247.JPG
[2010/01/07 10:57:35 | 008,333,941 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC_3352.JPG
[2010/01/07 10:49:54 | 007,469,863 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC_3289.JPG
[2009/12/21 14:14:06 | 002,148,220 | ---- | C] () -- C:\WINDOWS\System32\orarevapi.dll
[2009/12/13 19:50:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/07/14 17:07:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/10/31 09:26:21 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 12:24:06 | 000,066,482 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/09/22 11:16:56 | 000,024,583 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Comma Separated Values (Windows).ADR
[2008/09/15 10:30:02 | 000,000,623 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/09/15 10:24:23 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2008/09/15 10:24:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2008/09/15 10:24:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2008/09/15 10:24:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2008/09/15 10:24:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2008/09/15 10:24:21 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2008/09/15 10:24:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2008/09/15 10:24:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2008/09/15 10:24:18 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2008/09/09 10:51:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/31 08:01:52 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2008/08/31 08:01:52 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/08/30 17:53:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2008/02/05 17:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/01/22 06:18:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcfg.dll
[2005/05/25 12:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbtcnv4.dll
[2005/05/03 18:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2003/10/02 17:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5B56640
< End of report >

OTL Extras logfile created on: 2/4/2010 4:09:23 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 406.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.70 Gb Total Space | 2.39 Gb Free Space | 7.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.89 Gb Total Space | 0.66 Gb Free Space | 35.03% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTY1227
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.2
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"Device Control" = Device Control
"EAXSet" = Creative EAX Settings
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"lvdrivers_11.70" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math Missions Grades 3-5" = Math Missions Grades 3-5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"SPEAKER" = Creative Speaker Settings
"Trillian" = Trillian
"UnityWebPlayer" = Unity Web Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/4/2010 9:41:20 AM | Computer Name = MARTY1227 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x0000a7d8.

Error - 2/4/2010 10:07:43 AM | Computer Name = MARTY1227 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x0000a7d8.

Error - 2/4/2010 10:35:10 AM | Computer Name = MARTY1227 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x0000a7d8.

Error - 2/4/2010 3:50:49 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 2/4/2010 3:50:53 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB978551): IRMPRTIDNMinus1' could not be installed. Error code
1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/4/2010 3:51:43 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 2/4/2010 3:51:43 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB977840): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/4/2010 3:52:13 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 2/4/2010 3:52:13 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB975051): MSCONV' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/4/2010 4:09:06 PM | Computer Name = MARTY1227 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 2/4/2010 9:41:20 AM | Computer Name = MARTY1227 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x0000a7d8.

Error - 2/4/2010 10:07:43 AM | Computer Name = MARTY1227 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x0000a7d8.

Error - 2/4/2010 10:35:10 AM | Computer Name = MARTY1227 | Source = Application Error | ID = 1000
Description = Faulting application smitfraudfix.exe, version 0.0.0.0, faulting module
smitfraudfix.exe, version 0.0.0.0, fault address 0x0000a7d8.

Error - 2/4/2010 3:50:49 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 2/4/2010 3:50:53 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Office 2003 (KB978551): IRMPRTIDNMinus1' could not be installed. Error code
1603. Windows Installer can create logs to help troubleshoot issues with installing
software packages. Use the following link for instructions on turning on logging
support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/4/2010 3:51:43 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 2/4/2010 3:51:43 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Update
for Outlook 2003: Junk E-mail Filter (KB977840): OUTLFLTR' could not be installed.
Error code 1603. Windows Installer can create logs to help troubleshoot issues
with installing software packages. Use the following link for instructions on turning
on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/4/2010 3:52:13 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1706.
Setup cannot find the required files. Check your connection to the network, or
CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft
Office\OFFICE11\1033\SETUP.CHM.

Error - 2/4/2010 3:52:13 PM | Computer Name = MARTY1227 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB975051): MSCONV' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 2/4/2010 4:09:06 PM | Computer Name = MARTY1227 | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 9.0.0.2018, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/4/2010 3:52:28 PM | Computer Name = MARTY1227 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Security Update for Microsoft Office 2003 (KB975051).

Error - 2/4/2010 3:54:47 PM | Computer Name = MARTY1227 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/4/2010 3:55:53 PM | Computer Name = MARTY1227 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm OMCI

Error - 2/4/2010 4:06:29 PM | Computer Name = MARTY1227 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/4/2010 4:08:58 PM | Computer Name = MARTY1227 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/4/2010 4:08:58 PM | Computer Name = MARTY1227 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/4/2010 4:17:28 PM | Computer Name = MARTY1227 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVG Free WatchDog service
to connect.

Error - 2/4/2010 4:17:28 PM | Computer Name = MARTY1227 | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%1053

Error - 2/4/2010 4:28:44 PM | Computer Name = MARTY1227 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/4/2010 4:28:44 PM | Computer Name = MARTY1227 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

< End of report >

Re: Cannot install Malwarebytes or any other anti-virus4th February 2010, 9:57 pm

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\orarevapi.dll ()
[2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Cannot install Malwarebytes or any other anti-virus4th February 2010, 10:01 pm

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\ deleted successfully.
C:\WINDOWS\system32\orarevapi.dll moved successfully.
C:\WINDOWS\system32\A3d.dll moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 02042010_170015

I still cannot load any anti-virus, unfortunately.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 1:21 pm

Bump. I appreciate all the help I have gotten thus far. Does anyone have any other ideas for me try? Thanks!

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 4:48 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Next,

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 6:39 pm

OK, this is what I got. I really appreciate you helping me with this!

ComboFix 10-02-05.01 - Owner 02/05/2010 13:21:35.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.401 [GMT -5:00]
Running from: E:\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Desktopicon
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 18:09 . 2010-02-05 18:09 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-04 21:42 . 2010-02-04 21:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Search Settings
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-04 17:31 . 2010-02-04 17:34 -------- d-----w- c:\program files\Unlocker
2010-02-04 16:58 . 2010-02-04 16:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-04 15:19 . 2010-02-04 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-04 14:45 . 2010-02-04 14:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-04 14:42 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 14:42 . 2010-02-04 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 14:42 . 2010-02-04 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 14:42 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 13:23 . 2010-02-05 18:09 -------- d-----w- c:\documents and settings\Administrator
2010-02-04 12:47 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-04 12:47 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-02 03:09 . 2010-02-04 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-02 02:45 . 2010-02-02 03:09 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-02 02:45 . 2010-02-02 02:45 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-02 01:57 . 2010-02-02 01:57 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2010-02-02 00:06 . 2010-02-02 00:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-18 23:56 . 2010-01-18 23:56 -------- d-----w- c:\program files\Scholastic
2010-01-07 00:15 . 2010-01-07 00:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 17:58 . 2008-09-02 18:13 -------- d-----w- c:\program files\Java
2010-02-04 22:04 . 2009-12-05 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-04 16:49 . 2010-02-04 14:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-02 20:02 . 2009-11-11 13:00 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-02 00:10 . 2008-08-30 21:52 -------- d-----w- c:\program files\Trillian
2010-02-01 23:37 . 2009-12-14 00:50 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-01-30 23:21 . 2008-09-15 15:45 -------- d-----w- c:\program files\Dl_cats
2010-01-22 08:21 . 2009-11-29 20:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-25 13:26 . 2009-07-29 20:09 -------- d-----w- c:\program files\sz8058
2009-12-25 03:18 . 2009-04-17 03:07 36928 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-12-25 03:07 . 2009-12-25 02:44 -------- d-----w- c:\program files\iTunes
2009-12-25 02:59 . 2008-08-31 15:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-12-25 02:46 . 2009-12-25 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 02:44 . 2008-08-31 15:00 -------- d-----w- c:\program files\iPod
2009-12-25 02:44 . 2009-03-07 13:16 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 02:41 . 2009-12-25 02:41 -------- d-----w- c:\program files\Bonjour
2009-12-25 02:39 . 2008-08-31 15:03 -------- d-----w- c:\program files\QuickTime
2009-12-21 19:14 . 2009-12-21 19:14 2148220 ----a-w- c:\windows\system32\orarevapi.dll
2009-12-21 19:14 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-08 21:29 . 2008-10-06 12:18 43528 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-25 18:02 . 2010-02-02 03:12 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8461312]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "c:\program files\Windows Live\Toolbar\wltcore.dll" [2009-02-06 1068904]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"P17Helper"="P17.dll" [2005-05-03 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/29/2009 3:31 PM 54752]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 9:45 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 9:45 PM 30104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com\get
Trusted Zone: adobe.com\www
Trusted Zone: cvs.com\cvslearnet.com
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sn102w.snt102.mail.live.com/default.aspx?wa=wsignin1.0|https://www.facebook.com/frankielaz?v=feed&story_fbid=190504792087#/home.php?ref=home|https://harmonia.dmv.state.ny.us/regrenewal/rrnenterreginfo.cfm|http://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
WebBrowser-{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 13:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe >>UNKNOWN [0x83475F93]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76dbf28
\Driver\ACPI -> ACPI.sys @ 0xf764ecb8
\Driver\atapi -> atapi.sys @ 0xf7606852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf74fabb0
PacketIndicateHandler -> NDIS.sys @ 0xf7507a21
SendHandler -> NDIS.sys @ 0xf74e587b

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\_VOIDd.sys]
"imagepath"="\systemroot\system32\drivers\_VOIDxwysoqmnjy.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1344)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-02-05 13:37:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-05 18:37
ComboFix2.txt 2010-02-04 16:25
ComboFix3.txt 2010-02-04 14:34

Pre-Run: 2,665,562,112 bytes free
Post-Run: 3,184,685,056 bytes free

- - End Of File - - F5E940123E25D4FFE22A27A8B25E4C8E

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 6:42 pm

Hello.
Are you having browser troubles? I see a proxy set, but I can't tell by who or what.

Let me know.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 6:44 pm

In fact I am. I just discovered that IE stops responding and on top of that, it looks like I have the google redirect (a nice touch to my day).

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 7:01 pm

Hello.
Thought so.

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Next,

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local

Firefox::
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 2

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\_VOIDd.sys]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 8:06 pm

Alrighty, here is what you asked for. As for why I am not running any anti-virus, that is my problem. For whatever reason, I cannot load any. I assume it all stems from the google redirect virus that I just realized was on this pc and am not quite sure how to find and kill. It's become very frustrating to say the least.

ComboFix 10-02-05.01 - Owner 02/05/2010 14:42:22.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.413 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 19:25 . 2010-02-05 19:26 -------- dc-h--w- c:\windows\ie8
2010-02-05 18:55 . 2010-02-05 18:56 -------- d-----w- C:\d6994cbadac25659d4580734a44fd1
2010-02-05 18:20 . 2010-02-05 18:37 -------- d-----w- C:\Combo-Fix
2010-02-05 18:09 . 2010-02-05 18:09 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-04 21:42 . 2010-02-04 21:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Search Settings
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-04 17:31 . 2010-02-04 17:34 -------- d-----w- c:\program files\Unlocker
2010-02-04 16:58 . 2010-02-04 16:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-04 15:19 . 2010-02-04 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-04 14:45 . 2010-02-04 14:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-04 14:42 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 14:42 . 2010-02-04 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 14:42 . 2010-02-04 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 14:42 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 13:23 . 2010-02-05 18:09 -------- d-----w- c:\documents and settings\Administrator
2010-02-04 12:47 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-04 12:47 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-02 03:09 . 2010-02-04 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-02 02:45 . 2010-02-02 03:09 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-02 02:45 . 2010-02-02 02:45 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-02 01:57 . 2010-02-02 01:57 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2010-02-02 00:06 . 2010-02-02 00:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-18 23:56 . 2010-01-18 23:56 -------- d-----w- c:\program files\Scholastic
2010-01-07 00:15 . 2010-01-07 00:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 17:58 . 2008-09-02 18:13 -------- d-----w- c:\program files\Java
2010-02-04 22:04 . 2009-12-05 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-04 16:49 . 2010-02-04 14:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-02 20:02 . 2009-11-11 13:00 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-02 00:10 . 2008-08-30 21:52 -------- d-----w- c:\program files\Trillian
2010-02-01 23:37 . 2009-12-14 00:50 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-01-30 23:21 . 2008-09-15 15:45 -------- d-----w- c:\program files\Dl_cats
2010-01-22 08:21 . 2009-11-29 20:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-25 13:26 . 2009-07-29 20:09 -------- d-----w- c:\program files\sz8058
2009-12-25 03:18 . 2009-04-17 03:07 36928 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-12-25 03:07 . 2009-12-25 02:44 -------- d-----w- c:\program files\iTunes
2009-12-25 02:59 . 2008-08-31 15:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-12-25 02:46 . 2009-12-25 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 02:44 . 2008-08-31 15:00 -------- d-----w- c:\program files\iPod
2009-12-25 02:44 . 2009-03-07 13:16 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 02:41 . 2009-12-25 02:41 -------- d-----w- c:\program files\Bonjour
2009-12-25 02:39 . 2008-08-31 15:03 -------- d-----w- c:\program files\QuickTime
2009-12-21 19:14 . 2009-12-21 19:14 2148220 ----a-w- c:\windows\system32\orarevapi.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-08 21:29 . 2008-10-06 12:18 43528 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-25 18:02 . 2010-02-02 03:12 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"= "c:\windows\system32\browseui.dll" [2008-04-14 1025024]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"= "c:\windows\system32\SHELL32.dll" [2008-06-17 8461312]
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "c:\program files\Windows Live\Toolbar\wltcore.dll" [2009-02-06 1068904]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{01e04581-4eee-11d0-bfe9-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{0e5cbf21-d15f-11d0-8301-00aa005b4383}]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]
[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"P17Helper"="P17.dll" [2005-05-03 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/29/2009 3:31 PM 54752]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 9:45 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2/1/2010 9:45 PM 30104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com\get
Trusted Zone: adobe.com\www
Trusted Zone: cvs.com\cvslearnet.com
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sn102w.snt102.mail.live.com/default.aspx?wa=wsignin1.0|https://www.facebook.com/frankielaz?v=feed&story_fbid=190504792087#/home.php?ref=home|https://harmonia.dmv.state.ny.us/regrenewal/rrnenterreginfo.cfm|http://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 14:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files:

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe >>UNKNOWN [0x839D25F3]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf789bf28
\Driver\ACPI -> ACPI.sys @ 0xf780ecb8
\Driver\atapi -> atapi.sys @ 0xf77c6852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf76babb0
PacketIndicateHandler -> NDIS.sys @ 0xf76c7a21
SendHandler -> NDIS.sys @ 0xf76a587b

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\_VOIDd.sys]
"imagepath"="\systemroot\system32\drivers\_VOIDxwysoqmnjy.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4556)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\Rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-02-05 14:58:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-05 19:58
ComboFix2.txt 2010-02-05 18:37
ComboFix3.txt 2010-02-04 16:25
ComboFix4.txt 2010-02-04 14:34

Pre-Run: 3,164,282,880 bytes free
Post-Run: 3,175,489,536 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DC0F5E22FC5DBB9735460CC6D906A790

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 8:31 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Registry keys to delete:
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\_VOIDd.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 8:55 pm

Here is the nest one for you:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

hȋdden driver "_VOIDd.sys" found!
ImagePath: \systemroot\system32\drivers\_VOIDxwysoqmnjy.sys
Start Type: 1 (System)

Rootkit scan completed.

Registry key "HKEY_LOCAL_MACHINE\System\ControlSet002\Services\_VOIDd.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 9:07 pm

Hmm, Combofix isn't even seeing this infection.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
_VOIDd.sys

Files to delete:
C:\WINDOWS\system32\drivers\_VOIDxwysoqmnjy.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

Under "Input script here:", paste in the script from the quote box above.
Leave the ticked box "Scan for rootkit" ticked.
Then tick "Disable any rootkits found"
Now click on the Execute to begin execution of the script.
Answer "Yes" twice when prompted.

The Avenger will automatically do the following:
It will Restart your computer.
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

3. Please copy/paste the content of c:\avenger.txt into your reply.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 9:20 pm

I think it's working now!! I was able to install AVG and run malwarebytes!! Even IE is running! Thank you sooooo much!! Would you reccomend AVG or the other anti-virus software you suggested?

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\_VOIDd.sys" not found!
Deletion of driver "_VOIDd.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\drivers\_VOIDxwysoqmnjy.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 10:20 pm

Please re-run Combofix now.

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 11:17 pm

ComboFix 10-02-05.02 - Owner 02/05/2010 17:59:51.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.351 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\_VOIDmainqt.dll
c:\windows\system32\_VOIDouljmtjtdo.dll
c:\windows\system32\drivers\nnxfg.sys
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mbuehv

((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 21:05 . 2010-02-05 21:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-05 21:05 . 2010-02-05 21:05 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-05 21:05 . 2010-02-05 21:05 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-05 21:05 . 2010-02-05 21:05 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-05 21:05 . 2010-02-05 22:08 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-05 19:41 . 2010-02-05 19:58 -------- d-----w- C:\Combo-Fix2328C
2010-02-05 19:25 . 2010-02-05 19:26 -------- dc-h--w- c:\windows\ie8
2010-02-05 18:55 . 2010-02-05 18:56 -------- d-----w- C:\d6994cbadac25659d4580734a44fd1
2010-02-05 18:20 . 2010-02-05 18:37 -------- d-----w- C:\Combo-Fix
2010-02-05 18:09 . 2010-02-05 18:09 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-02-04 21:42 . 2010-02-04 21:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Search Settings
2010-02-04 18:03 . 2010-02-04 18:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-04 17:31 . 2010-02-04 17:34 -------- d-----w- c:\program files\Unlocker
2010-02-04 16:58 . 2010-02-04 16:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-04 15:19 . 2010-02-04 15:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-02-04 14:45 . 2010-02-04 14:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-04 14:42 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 14:42 . 2010-02-04 19:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 14:42 . 2010-02-04 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-04 14:42 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 14:34 . 2010-02-05 19:58 1572 ----a-w- c:\windows\system32\_VOIDshsyst.dll
2010-02-04 13:23 . 2010-02-05 21:05 -------- d-----w- c:\documents and settings\Administrator
2010-02-04 12:47 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-04 12:47 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-02 03:09 . 2010-02-04 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-02 00:06 . 2010-02-02 00:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-02 00:06 . 2010-02-04 13:02 248 ----a-w- c:\windows\system32\_VOIDadwynhhdaw.dat
2010-01-18 23:56 . 2010-01-18 23:56 -------- d-----w- c:\program files\Scholastic
2010-01-07 00:15 . 2010-01-07 00:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 22:43 . 2009-12-14 00:50 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2010-02-05 21:04 . 2009-12-05 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-05 17:58 . 2008-09-02 18:13 -------- d-----w- c:\program files\Java
2010-02-05 17:53 . 2010-02-02 00:08 1536 ----a-w- c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
2010-02-05 17:53 . 2010-02-02 00:08 1536 ----a-w- c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
2010-02-04 16:49 . 2010-02-04 14:45 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-02 20:02 . 2009-11-11 13:00 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-02 00:10 . 2008-08-30 21:52 -------- d-----w- c:\program files\Trillian
2010-01-30 23:21 . 2008-09-15 15:45 -------- d-----w- c:\program files\Dl_cats
2010-01-22 08:21 . 2009-11-29 20:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-25 13:26 . 2009-07-29 20:09 -------- d-----w- c:\program files\sz8058
2009-12-25 03:18 . 2009-04-17 03:07 36928 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-12-25 03:07 . 2009-12-25 02:44 -------- d-----w- c:\program files\iTunes
2009-12-25 02:59 . 2008-08-31 15:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-12-25 02:46 . 2009-12-25 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-25 02:44 . 2008-08-31 15:00 -------- d-----w- c:\program files\iPod
2009-12-25 02:44 . 2009-03-07 13:16 -------- d-----w- c:\program files\Common Files\Apple
2009-12-25 02:41 . 2009-12-25 02:41 -------- d-----w- c:\program files\Bonjour
2009-12-25 02:39 . 2008-08-31 15:03 -------- d-----w- c:\program files\QuickTime
2009-12-21 19:14 . 2009-12-21 19:14 2148220 ----a-w- c:\windows\system32\orarevapi.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-08 21:29 . 2008-10-06 12:18 43528 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-25 18:02 . 2010-02-02 03:12 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"P17Helper"="P17.dll" [2005-05-03 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-05 21:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/5/2010 4:05 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/5/2010 4:05 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/5/2010 4:04 PM 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11/29/2009 3:31 PM 54752]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com\get
Trusted Zone: adobe.com\www
Trusted Zone: cvs.com\cvslearnet.com
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sn102w.snt102.mail.live.com/default.aspx?wa=wsignin1.0|https://www.facebook.com/frankielaz?v=feed&story_fbid=190504792087#/home.php?ref=home|https://harmonia.dmv.state.ny.us/regrenewal/rrnenterreginfo.cfm|http://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\rprqk1d5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 18:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1116)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2010-02-05 18:16:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-05 23:16
ComboFix2.txt 2010-02-05 19:58
ComboFix3.txt 2010-02-05 18:37
ComboFix4.txt 2010-02-04 16:25
ComboFix5.txt 2010-02-05 22:58

Pre-Run: 2,703,470,592 bytes free
Post-Run: 2,891,476,992 bytes free

- - End Of File - - 93288B8DDEF84DB0D0D0EF4DCA69E394

Re: Cannot install Malwarebytes or any other anti-virus5th February 2010, 11:21 pm

Hello.

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTM.exe to run it.
Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
c:\windows\system32\_VOIDshsyst.dll
c:\windows\system32\_VOIDadwynhhdaw.dat
c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Re: Cannot install Malwarebytes or any other anti-virus6th February 2010, 3:51 am

LoadLibrary failed for c:\windows\system32\_VOIDshsyst.dll
c:\windows\system32\_VOIDshsyst.dll moved successfully.
c:\windows\system32\_VOIDadwynhhdaw.dat moved successfully.
LoadLibrary failed for c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll moved successfully.
File/Folder c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll not found.

OTM by OldTimer - Version 3.1.8.0 log created on 02052010_225101

Re: Cannot install Malwarebytes or any other anti-virus6th February 2010, 8:11 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Re: Cannot install Malwarebytes or any other anti-virus6th February 2010, 10:34 pm

It's running smooth. Thanks again for all your help! I really do apprecaite at all.

Re: Cannot install Malwarebytes or any other anti-virus7th February 2010, 1:14 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: Cannot install Malwarebytes or any other anti-virus7th February 2010, 4:20 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=816afb8d7d510944971d423472de79f5
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-02-07 02:57:50
# local_time=2010-02-07 09:57:50 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 4601833 4601833 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=55193
# found=2
# cleaned=0
# scan_time=2918
C:\Documents and Settings\Owner\My Documents\jesse's kitten\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AB application C935DAA3387CCF8CF10C16C04201C4D0 I
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application 25BACC8B5EFF6CE21247AA497A76899B I

Re: Cannot install Malwarebytes or any other anti-virus7th February 2010, 7:57 pm

Delete these two files:

C:\Documents and Settings\Owner\My Documents\jesse's kitten\SetupGamevance.exe
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe

How is the machine running now?

Re: Cannot install Malwarebytes or any other anti-virus7th February 2010, 8:04 pm

It's running great!

Cannot install Malwarebytes or any other anti-virus

descriptionCannot install Malwarebytes or any other anti-virus4th February 2010, 5:00 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus4th February 2010, 8:54 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus4th February 2010, 9:16 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus4th February 2010, 9:57 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus4th February 2010, 10:01 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 1:21 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 4:48 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 6:39 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 6:42 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 6:44 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 7:01 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 8:06 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 8:31 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 8:55 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 9:07 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 9:20 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 10:20 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 11:17 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus5th February 2010, 11:21 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus6th February 2010, 3:51 am

descriptionRe: Cannot install Malwarebytes or any other anti-virus6th February 2010, 8:11 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus6th February 2010, 10:34 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus7th February 2010, 1:14 am

descriptionRe: Cannot install Malwarebytes or any other anti-virus7th February 2010, 4:20 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus7th February 2010, 7:57 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus7th February 2010, 8:04 pm

descriptionRe: Cannot install Malwarebytes or any other anti-virus