Access is denied to log files created by MBAM

[ddroid]

I am trying to fix my computer that was laden with viruses. I installed MBAM and ran a scan, and it found and removed a bunch of infected files, but when the scan finished, a pop-up appeared that said access to the log file was denied. I found this strange considering that i was running in safe mode as an administrator, but i ignored it. I then installed Microsoft Security Essentials and ran a scan in safe mode overnight, but when I woke up there was a BSOD. Again, I ignored itm and tried to use the computer, but it runs at a snail's pace because MsMpEng.exe is taking up almost all the CPU. I know that MsMpEng.exe is the service for Microsoft Security Essentials, but on my other computers it doesn't use up anywhere near as much CPU.

I think there may be some virus or malware left lurking in the computer. Below is my HJT log file. Does anybody know what might be causing this??

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:17:50 PM, on 6/20/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

F:\HiJackThis.exe

C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DLPSP] "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"

O4 - HKLM\..\Run: [DLUPDR] "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')

O4 - Global Startup: VPN Client.lnk = ?

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://merchant.auctivacommerce.com/js/ImageUploader57.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.37.11/ttinst.cab

O16 - DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} (MeetUploader Control) - http://static3.meetupstatic.com/applet/MeetUploader5.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...upv2.0.0.11.cab?

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE

O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE

O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

O23 - Service: Remote - Unknown owner - C:\Program Files\Remote\Remote.exe (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9820 bytes

[sjpritch25]

You are running two anti-virus programs NOD32 and MSE. You need to remove one of them. That is what's likely causing the BSOD's

[ddroid]

I uninstalled NOD32, reinstalled MSE, and I am still getting a BSOD when I run a MSE scan in safe mode.

the stop info is:

STOP: 0x00000024 (0x001902FE, 0xF78C2B74, 0xF78C2870, 0xF73056D4)

Ntfs.sys - Address F73056D4 base at F72F4000, DateStamp 45cc56a7

[sjpritch25]

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

[ddroid]

i have already installed and run MBAM on the computer. As i said above, it finds no infected files, but it give me an "Access is denied" screen at the end of the scan when it tries to open the log files.

[sjpritch25]

Sorry my bad. I posted the wrong reply.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[ddroid]

I unplugged the comp from the internet, disabled Ad-Aware and MSE, and ran combofix

a box poped up saying that MSE might interfere with it, so i just uninstalled MSE

here's the log file from combofix:

ComboFix 10-06-21.01 - JOHN 06/21/2010 18:27:21.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.364 [GMT -4:00]

Running from: F:\ComboFix.exe

FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))

.

2010-06-21 21:57 . 2010-06-21 22:16 -------- d-----w- c:\documents and settings\JOHN\Local Settings\Application Data\ApplicationHistory

2010-06-20 21:08 . 2010-06-20 21:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2010-06-20 15:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-20 15:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-19 14:49 . 2010-06-19 14:49 -------- d-----w- c:\windows\system32\URTTEMP

2010-06-19 07:07 . 2010-06-19 07:07 -------- d-----w- c:\windows\system32\wbem\Repository

2010-06-19 05:47 . 2010-06-19 05:47 -------- d-----w- C:\found.003

2010-06-18 23:22 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-18 22:31 . 2010-06-18 22:33 -------- d-----w- c:\program files\CCleaner

2010-06-15 21:05 . 2010-06-17 22:47 -------- d-----w- c:\program files\Defraggler

2010-06-15 20:44 . 2010-06-15 20:44 -------- d-----w- c:\documents and settings\JOHN\Local Settings\Application Data\PCHealth

2010-06-14 03:30 . 2010-06-14 03:30 54904 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-14 03:26 . 2010-06-14 03:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth

2010-06-13 23:23 . 2010-06-13 17:14 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-06-13 17:14 . 2010-06-13 17:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-06-13 17:10 . 2010-06-13 17:14 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-06-13 16:36 . 2010-06-13 17:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-06-13 03:37 . 2010-06-13 03:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-06-13 03:37 . 2010-06-20 15:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-13 03:37 . 2010-06-13 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-06-13 03:37 . 2010-06-13 03:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2010-06-13 03:10 . 2010-06-13 03:10 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\PCHealth

2010-06-13 03:05 . 2004-08-04 02:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-06-13 03:05 . 2004-08-04 02:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-06-08 10:50 . 2010-06-08 10:50 -------- d-----w- C:\225cb9055520c5458e4086

2010-06-06 15:43 . 2010-06-06 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-06 15:43 . 2010-06-06 15:43 -------- d-----w- c:\program files\NOS

2010-05-28 00:14 . 2010-05-28 00:14 -------- d-----w- C:\Nexon

2010-05-28 00:14 . 2010-05-28 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS

2010-05-27 11:02 . 2010-05-28 01:07 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\PMB Files

2010-05-27 11:02 . 2010-05-27 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2010-05-27 11:01 . 2010-05-27 11:01 -------- d-----w- c:\program files\Pando Networks

2010-05-23 14:58 . 2010-05-23 14:58 -------- d-----w- c:\documents and settings\Jack\Application Data\Office Genuine Advantage

2010-05-23 00:03 . 2010-06-09 10:52 -------- d-----w- c:\program files\Guild Wars

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-21 20:11 . 2008-11-30 00:49 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-06-20 23:06 . 2007-02-09 21:35 -------- d-----w- c:\program files\ESET

2010-06-18 23:49 . 2008-05-14 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-14 03:20 . 2007-07-13 20:41 -------- d-----w- c:\program files\Steam

2010-06-13 17:09 . 2009-04-05 22:09 -------- d-----w- c:\program files\Lavasoft

2010-06-13 17:08 . 2009-04-05 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-06-05 22:03 . 2010-02-25 17:29 -------- d-----w- c:\program files\Microsoft Silverlight

2010-05-28 00:14 . 2010-05-28 00:14 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

2010-05-28 00:14 . 2010-05-28 00:14 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll

2010-05-28 00:14 . 2010-05-28 00:14 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll

2010-05-28 00:14 . 2010-05-28 00:14 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll

2010-05-28 00:14 . 2010-05-28 00:14 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll

2010-05-28 00:14 . 2010-05-28 00:14 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe

2010-05-21 18:14 . 2009-11-18 02:54 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-20 00:36 . 2010-05-20 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-05-18 22:51 . 2007-02-11 03:16 -------- d-----w- c:\program files\Google

2010-05-06 10:41 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-06 01:45 . 2010-05-05 23:50 -------- d-----w- c:\documents and settings\Jack\Application Data\TS3Client

2010-05-02 05:56 . 2006-02-28 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:51 . 2006-02-28 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840]

"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-28 160592]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{176130BC-99A1-41FE-A78B-56045E33AD70}\Icon3E5562ED7.ico [2008-10-9 6144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-09-09 06:18 57344 -c--a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

2006-07-13 13:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2006-07-20 21:04 847872 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-06-22 03:20 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wextract_cleanup0]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"58982:TCP"= 58982:TCP:Pando Media Booster

"58982:UDP"= 58982:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/13/2010 1:10 PM 64288]

R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [4/11/2007 1:46 PM 91136]

R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [3/22/2008 2:55 PM 140184]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/25/2008 1:33 PM 24652]

R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [4/11/2007 1:44 PM 23180]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/21/2009 7:50 PM 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]

S2 Remote;Remote;c:\program files\Remote\Remote.exe --> c:\program files\Remote\Remote.exe [?]

S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [3/10/2006 3:55 PM 39424]

S3 jatmlano;jatmlano;\??\c:\docume~1\Jack\LOCALS~1\Temp\jatmlano.sys --> c:\docume~1\Jack\LOCALS~1\Temp\jatmlano.sys [?]

S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [11/10/2009 12:13 PM 4736]

S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [3/5/2008 9:17 PM 513152]

S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [3/5/2008 9:17 PM 3768]

S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [11/10/2009 12:13 PM 8960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 08:18]

2010-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-06-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-11 21:10]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 23:49]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 23:49]

2010-06-21 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{0E186B57-1837-46F0-AFCE-B7E1B1FD45F0}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{AD4B59E8-ED27-450C-BBA8-27B7F6734822}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.google.com/ig

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static3.meetupstatic.com/applet/MeetUploader5.cab

.

.

------- File Associations -------

.

txtfile=%windir%\NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-21 18:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2240)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-21 18:45:49

ComboFix-quarantined-files.txt 2010-06-21 22:45

ComboFix2.txt 2010-06-19 14:19

Pre-Run: 79,679,188,992 bytes free

Post-Run: 79,674,454,016 bytes free

- - End Of File - - 1367B413F153108013054E633EEC6AA8

[sjpritch25]

Go to Start ---> Run ---> copy and paste the following into the box

chkdsk c: /f

Let me know if it fixed a bunch of errors. I think that BSOD may be do to errors on your disk.

[ddroid]

it didn't say that it fixed any errors

[ddroid]

i reinstalled MSE and ran another full scan in safe mode overnight. when I woke up, there was a BSOD with the message KERNEL_STACK_INPAGE_ERROR and a stop message of

STOP: 0x00000077 (0xC000009C, 0xC000009C, 0x00000000, 0x0025D000)

[ddroid]

Do you have any idea what might be causing this??

[sjpritch25]

did you run chdsk?

[ddroid]

chkdsk ran without finding any errors

[sjpritch25]

Sorry for the delay

Go to Start ---> Run ---> Copy and paste the following into the box

sfc /scannow.

Let me know if it finds any corrupt system files. If it does, go ahead and let it replace them.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!