My dell laptop is being taken over (Solved)

[katana]

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop

• Double-click OTMoveIt3.exe to run it.
• Copy the lines in the codebox below. ( Make sure you include :Files )

:Files
c:\documents and settings\Gadfly\Application Data\uTorrent
C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0
C:\Program Files\uTorrent
:Commands
[Purity]
[EmptyTemp]

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

[crashingdell]

So I thought my PC was working fine, but I ran moveit and now I'm back in safemode again typing this. It DID remove files, but then when it restarted and I opened up IE so I could post the log, IE never fully opened and locked up. Stopped responding. I restarted and did it again....same thing.

Anyhow, here's the log file.

damn it. I can't access the log file in same mode for some reason. back to the drawing board.

 

[crashingdell]

ONE QUESTION !!!!!

I got the log file, still here in safe mode.

When I start up in standard mode it now asks me if I want to startup using, Windows Recovery
OR
XP Media center edition.

Which one do I select. I've been selecting XP MCE...then after selecting it...windows starts.

Anyhow, Here's the move it log

========== FILES ==========
c:\documents and settings\Gadfly\Application Data\uTorrent moved successfully.
C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\tmp moved successfully.
Folder move failed. C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar scheduled to be moved on reboot.
C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file moved successfully.
C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\ext moved successfully.
Folder move failed. C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0 scheduled to be moved on reboot.
File/Folder C:\Program Files\uTorrent not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kosglue-7.0.25.0.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Quantum.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\hsperfdata_Gadfly\3148 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFB269.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFB274.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFFD5C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFFD67.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\kos-main.jar-a28c4e6-19c9f5e2.zip scheduled to be deleted on reboot.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11162008_195301

Files moved on Reboot...
C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar moved successfully.
C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0 moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Arj.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\avlib.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Avp1.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\AvpMgr.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\btimages.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\CAB.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\dmap.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\dtreg.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\FSSync.dll
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\FSSync.dll NOT unregistered.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\FSSync.dll moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\HashCont.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\HashMD5.PPL moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\HCCMP.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\ichk2.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\iChkSA.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Inflate.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kave.dll
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kave.dll NOT unregistered.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kosglue-7.0.25.0.dll
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kosglue-7.0.25.0.dll NOT unregistered.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\kosglue-7.0.25.0.dll moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\lha.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\L_llio.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MailMsg.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\mdb.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MDMAP.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MemModSc.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MemScan.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\minizip.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\MKavIO.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\msoe.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\nfio.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\NTFSstrm.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prLoader.dll
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prLoader.dll NOT unregistered.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prLoader.dll moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\prseqio.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\PrUtil.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\Quantum.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\rar.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\ScanningProcess.exe moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\sfdb.PPL moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\TempFile.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\thpimpl.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\UniArc.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\UnLZX.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\UnStored.ppl moved successfully.
C:\DOCUME~1\Gadfly\LOCALS~1\Temp\jkos-Gadfly\binaries\WDiskIO.ppl moved successfully.
File C:\DOCUME~1\Gadfly\LOCALS~1\Temp\hsperfdata_Gadfly\3148 not found!
File C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFB269.tmp not found!
File C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFB274.tmp not found!
File C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFFD5C.tmp not found!
File C:\DOCUME~1\Gadfly\LOCALS~1\Temp\~DFFD67.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\Documents and Settings\Gadfly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\kos-main.jar-a28c4e6-19c9f5e2.zip not found!

 

[katana]

When I start up in standard mode it now asks me if I want to startup using, Windows Recovery
OR
XP Media center edition.

Which one do I select. I've been selecting XP MCE...then after selecting it...windows starts.

Recovery Console was installed by Combofix and is for when you get badly infected. ( this is no slur on you, malware is getting very nasty )
You should select XP Media center edition and boot normally.

Please reboot and see if IE is working properly in your normal account.

 

[crashingdell]

Sorry for not being clear. I AM using xp media when I boot up. IE does not work when I do that. So I am typing in safemode right now. It's the only way it works. Prior to running moveit, IE worked fine in standard mode.

 

[katana]

Nothing that OTMI removed should alter IE,

Please try running a vanilla IE as follows: (from your normal account)

• Start > All Programs > Accessories > System Tools - IE (No Add-Ons)

If IE still won't connect, then please re-run Combofix and post the log

 

[crashingdell]

didn't seem to work. Here's the log. no time to try IE again now, I can try when I get home from work.

ComboFix 08-11-16.05 - Administrator 2008-11-17 8:08:19.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1254 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\cfx.exe
.

((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.

2008-11-17 08:07 . 2008-11-17 08:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-16 19:53 . 2008-11-16 19:53 <DIR> d-------- C:\_OTMoveIt
2008-11-15 10:54 . 2008-11-15 10:54 <DIR> d-------- c:\program files\test
2008-11-15 10:46 . 2004-08-10 05:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-15 10:46 . 2004-08-10 05:00 4,224 --a------ c:\windows\system32\dllcache\beep.sys
2008-11-15 10:38 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 10:38 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 10:37 . 2008-11-15 10:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 10:37 . 2008-11-15 10:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 20:39 . 2008-11-14 20:40 <DIR> d-------- C:\rsit
2008-11-12 21:02 . 2008-11-12 21:18 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-12 21:02 . 2008-11-12 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 15:28 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 15:28 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 16:25 . 2008-11-16 20:36 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-09 16:25 . 2008-11-09 16:25 1,409 --a------ c:\windows\QTFont.for
2008-10-23 14:16 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 13:56 . 2008-10-18 13:59 <DIR> d-------- c:\program files\FileZilla FTP Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 23:11 --------- d-----w c:\program files\Trend Micro
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 18:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-18 18:47 --------- d-----w c:\program files\GlobalSCAPE
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-06 18:59 --------- d-----w c:\program files\TradeDominator
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 00:38 --------- d-----w c:\program files\RealVNC
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 08:24 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-10 17:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081020080811\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-15_11.44.52.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-15 16:43:25 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-16 11:12:17 192,184 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-17 01:03:29 192,184 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-22 185896]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-08 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
--a------ 2005-12-07 16:05 1537696 c:\program files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2006-11-21 13:02 1807960 c:\program files\Trend Micro\Internet Security 14\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-04-23 11:43 228088 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-16 c:\windows\Tasks\User_Feed_Synchronization-{E14903A5-8CD0-4F6D-8286-8317D2832BD0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-OE_OEM - c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 08:10:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-17 8:11:34
ComboFix-quarantined-files.txt 2008-11-17 13:11:31
ComboFix2.txt 2008-11-15 18:12:07
ComboFix3.txt 2008-11-15 17:48:49
ComboFix4.txt 2008-11-15 16:45:41

Pre-Run: 11,496,525,824 bytes free
Post-Run: 11,483,602,944 bytes free

172 --- E O F --- 2008-11-15 16:48:40

 

[katana]

didn't seem to work. Here's the log. no time to try IE again now, I can try when I get home from work.

Let me know how you get on

 

[crashingdell]

In standard IE is still not responding.

 

[katana]

Please try repairing IE with the instructions HERE

 

[crashingdell]

This is the most recent combo fix log. I was able to run it in standard mode. Now I'll also try and repair IE

 

[crashingdell]

Followed your link, reset IE. No help. Still starts fine in safemode and non responsive in Standard mode. It starts to load, pulls up the program, but the screen stays blank. No page can not be displayed....just blank.

I did however notice something flash quickly when I shut it down that said dwinn.exe (or something close to that) could not initialize.

That's where we sit now.

 

[crashingdell]

Wondering if there is a way I can undo the changes I made with moveit in order to get my IE working again. Unless you have other suggestions.

 

[crashingdell]

reran spybot s&d. Don't know what happened, it detected virtumonde, I removed it and now IE works.

 

[katana]

That's very curious, let's have a look what it found

Spybot Report
Please retrieve the last scan that you did with Spybot

1. Open Spybot S&D
2. Click Mode (on the top bar)
3. Put a check next to Advanced. Click Yes at the prompt.
4. Click Tools (left hand column near the bottom)
5. Click View Report (left hand column near the top)
6. Put a tick next to
   • Include results of last check in report
     (make sure that the rest are unchecked)
7. Click View Report (top of page)
8. Click Export (top of page)
9. Save the report to your desktop

Please post this report in your reply

Please post a fresh HJT log also.

 

[crashingdell]

Spybot does not show a report. There is nothing there. Why would that be?
Also, I am noticing that one of the add ons to my IE is no longer there. LOKI used to be on my IE, it's not there any longer (which is fine because I didn't use it anyhow).

 

[katana]

I have no idea why the spybot report isn't there or where the addon has gone ??

Anyway, do you have any problems now ?

 

[crashingdell]

As far as I can tell, It's working well now. Do I consider this a done issue? And if so do I keep all of those other programs on my computer (ie. Combo fix, moveit, hijackthis, malwarebytes, etc.)

 

[katana]

If you have no problems, then yes this is a "done issue"

And if so do I keep all of those other programs on my computer

I thought you were transferring your files to the new computer and sending this one back to Dell ?

If this is the case, I recommend that you format the disc before you return it.
That way you know you have removed any personal data.

If you aren't sending it back, please let me know and then we can clean up the tools.

 

[crashingdell]

Sorry for the confusion. No, I am keeping this computer. It's my Primary machine. I just want to make sure it's in good working order. And KAtana, you have been an incredible help. I WILL be making a donation.