Updating error

[Andrew_Holding]

I can't update Malwarebytes & get the following error -PROGRAM_ERROR_UPDATING (0,0, Timeout)

[daledoc1]

Hello and welcome to MBAM forum, Andrew_Holding:

There can be a number of reasons for updating issues, ranging from minor database corruption, to conflicts with your AV/security software, to infection, etc..

The first troubleshooting step is to try a clean reinstall of MBAM.

Please follow these steps carefully and let us know if it resolves your issue.

Thanks!

daledoc1

----------------------------------------------

MBAM Clean Reinstallation

• If you are running MBAM PRO, please be sure you have your license ID and key available (sent via email at the time of online purchase, or in the box).
  

You can also look up your ID and Key from the Registry and copy and paste it to a Notepad document before running the mbam-clean utility.

Location for Windows x86

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

Location for Windows x64

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

• Download and run mbam-clean.exe from HERE.
  
• It will ask to restart your computer; please allow it to do so - this is very important!
  
• After the computer restarts, download the latest version of Malwarebytes' Anti-Malware from HERE, then temporarily disable your Anti-Virus and run the installer. (Ignore all 'Recommended' or 'Sponsored' software which are prominently displayed on the mirror sites -- they are ads and MBAM does not have any association with them.)
  
• If you are using MBAM PRO, you will need to reactivate (register) the program using the license ID & key.
  
• Launch the MBAM program and (if you are using MBAM PRO) set the Protection and Registration.
  
• Then go to the UPDATE tab (if not done during installation) and check for updates.
  
• Restart the computer again and verify that MBAM is in the system tray (if using the PRO version).
  
• Now set up any file exclusions, as may be required in your Anti-Virus/Internet-Security/Firewall applications, and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQs HERE, or ask and we'll explain how to do it.
  

[Andrew_Holding]

Hello and welcome to MBAM forum, Andrew_Holding:

There can be a number of reasons for updating issues, ranging from minor database corruption, to conflicts with your AV/security software, to infection, etc..

The first troubleshooting step is to try a clean reinstall of MBAM.

Please follow these steps carefully and let us know if it resolves your issue.

Thanks!

daledoc1

----------------------------------------------

MBAM Clean Reinstallation

• If you are running MBAM PRO, please be sure you have your license ID and key available (sent via email at the time of online purchase, or in the box).
  

You can also look up your ID and Key from the Registry and copy and paste it to a Notepad document before running the mbam-clean utility.

Location for Windows x86

HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware

Location for Windows x64

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

• Download and run mbam-clean.exe from HERE.
  
• It will ask to restart your computer; please allow it to do so - this is very important!
  
• After the computer restarts, download the latest version of Malwarebytes' Anti-Malware from HERE, then temporarily disable your Anti-Virus and run the installer. (Ignore all 'Recommended' or 'Sponsored' software which are prominently displayed on the mirror sites -- they are ads and MBAM does not have any association with them.)
  
• If you are using MBAM PRO, you will need to reactivate (register) the program using the license ID & key.
  
• Launch the MBAM program and (if you are using MBAM PRO) set the Protection and Registration.
  
• Then go to the UPDATE tab (if not done during installation) and check for updates.
  
• Restart the computer again and verify that MBAM is in the system tray (if using the PRO version).
  
• Now set up any file exclusions, as may be required in your Anti-Virus/Internet-Security/Firewall applications, and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQs HERE, or ask and we'll explain how to do it.
  

Thanks for the advice - I'm running the free trial but if I can sort out the updates will buy the pro version. I don't have any other anti-virus running as I have recently removed McAfee. I have followed the steps recommended but unfortunately this has not fixed the problem - but I now get a different error message 'PROGRAM_ERROR_UPDATING (404,0, HTTPStatusCode)

[Andrew_Holding]

Thanks for the advice - I'm running the free trial but if I can sort out the updates will buy the pro version. I don't have any other anti-virus running as I have recently removed McAfee. I have followed the steps recommended but unfortunately this has not fixed the problem - but I now get a different error message 'PROGRAM_ERROR_UPDATING (404,0, HTTPStatusCode)

[Firefox]

POST DDS Logs

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

• 
  When done, DDS will open two (2) logs:
  

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[daledoc1]

I don't have any other anti-virus running as I have recently removed McAfee. but I now get a different error message 'PROGRAM_ERROR_UPDATING (404,0, HTTPStatusCode)

Hi, again:

Thanks for the update.

In addition to Firefox's advice to post the DDS logs, please note that MBAM is not an anti-virus and is not a substitute for one.

Please see this Helpdesk topic: Does Malwarebytes Anti-Malware replace antivirus software?

There is additional info about this new error message here: FAQ - Section N.

I suspect -- given your updating issues and the fact that you've been without an anti-virus -- that there's a good chance you are infected.

The experts will review your DDS logs (they'll need both the DDS.txt and attach.txt logs) to determine if that is likely to be the case.

If it is, we will direct you to the right place for expert assistance with cleaning your system.

If you are infected, then you'll likely have trouble installing an anti-virus program until you are clean.

For now, I would suggest you keep your internet browsing to a bare minimum, avoid any sort of online financial transactions, and post back with those DDS logs, so that we can get you to the malware experts promptly, if need be.

Thanks,

daledoc1

PS Please use the "More Reply Options" button, rather than the "Quote" and "MultiQuote" buttons when you reply - it will make it easier for everyone to read the topic. Thanks!

[Andrew_Holding]

Hi Thanks for the posts.

I have run the scanner and logs are below:-

attach log

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 21/08/2012 23:40:00

System Uptime: 02/09/2012 14:03:02 (3 hours ago)

.

Motherboard: Dell Inc. | | 0WG864

Processor: Intel® Pentium® D CPU 3.40GHz | Microprocessor | 3391/800mhz

Processor: Intel® Pentium® D CPU 3.40GHz | Microprocessor | 3391/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 107 GiB total, 30.283 GiB free.

D: is FIXED (NTFS) - 37 GiB total, 37.165 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 22/08/2012 06:31:22 - System Checkpoint

RP2: 25/08/2012 11:49:01 - System Checkpoint

RP3: 26/08/2012 15:54:14 - System Checkpoint

RP4: 26/08/2012 17:18:36 - Removed CONNECT.

RP5: 26/08/2012 17:38:19 - Installed QuickTime

RP6: 27/08/2012 14:49:54 - Removed McAfee Virtual Technician

RP7: 28/08/2012 15:10:34 - System Checkpoint

RP8: 02/09/2012 13:02:48 - System Checkpoint

.

==== Installed Programs ======================

.

2 Player Chess

944plc32

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1.3

Adobe Shockwave Player 11.5

angusScreenSaver

AOL Spyware Protection

AOL Uninstaller (Choose which Products to Remove)

AOL You've Got Pictures Screensaver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARTEuro

Ask Toolbar

Ask Toolbar Updater

Ask.com Search Assistant 1.0.2

ATI AVIVO Codecs

ATI Catalyst Control Center

ATI Display Driver

ATI Parental Control & Encoder

Audacity 1.2.6

AXIS Media Control Embedded

BitTorrent

Blast Thru Special Edition

Bonjour

Catz 5

Clownfish for Skype

Compatibility Pack for the 2007 Office system

Conduit Engine

Conexant D850 56K V.9x DFVc Modem

Corel Photo Album 6

Counter-Strike 2D 0.1.2.0

Crispy Splasher 1.0

CustomPlay Golf 1.52

Dell CinePlayer

Dell Driver Reset Tool

Dell Photo AIO Printer 944

Dell Resource CD

Dell Support 3.2

Dell System Restore

Digital Line Detect

DirectX Media Runtime 5.1

doctor_who Screen Saver

Dominion

Dominoes Deluxe

Driving Test Success - All Tests (2008-2009)

Drone

eGames Galaxy of WinGames

eGames Mini Golf Master 2

Elmo Screen Saver Version 1.0

ESPNMotion

Frogger v1.1e

Galaxy Man

Game Chest

GemMaster Mystic

Geo Jump

getPlus®_ocx

Google Chrome

Google Earth

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Google Video Player

hairspray_screensaver

Harry Potter Order of the Phoenix Screen Saver

HD Writer AE 3.0

Hotel Giant

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

In The Night Garden Screen Saver

Indeo® software

Intel® Matrix Storage Manager

Intel® PRO Network Connections

iTunes

J2SE Runtime Environment 5.0 Update 10

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

Juxto

LazyTown ScreenSaver 6000

Learn2 Player (Uninstall Only)

Lemmings Revolution

Lexicon Special Edition

LiveUpdate 2.6 (Symantec Corporation)

MahJongg Game of Four Winds SE

Malwarebytes Anti-Malware version 1.62.0.1300

Map Button (Windows Live Toolbar)

MCU

Medal of Honor Allied Assault

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft MPEG-4 VKI Video Codec V1/V2/V3

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook 2003 with Business Contact Manager Update

Microsoft Office Outlook Connector

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft Speech API 3.0

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works 6-9 Converter

Microsoft XNA Framework Redistributable 4.0

MobileMe Control Panel

Modem Helper

MSN

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

Nectar Search Toolbar for Chrome

NetWaiting

NVIDIA Drivers

NVIDIA PhysX

OneCare Advisor (Windows Live Toolbar)

OpenAL

OpenMG Limited Patch 4.4-06-13-19-01

OpenMG Secure Module 4.4.00

Otto

Pando Media Booster

PC Connectivity Solution

PC Utility Kit

Petz 3

Pirates Of The Caribbean At Worlds End Screen Saver

Pokemon Online 2.0.05d

Pokemon Online version 1.0.51

Popup Blocker (Windows Live Toolbar)

Puppy Luv

QuickTime

RealPlayer Basic

Roll

RollerCoaster Tycoon 2

RollerCoaster Tycoon 3

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Safari

SAMSUNG CDMA Modem Driver Set

SAMSUNG Mobile Modem V2 Software

SAMSUNG Mobile USB Modem 1.0 Software

Screensavers Installer Version 2

SearchAssist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sega Smash Pack

Segoe UI

Skype Toolbars

Skype™ 5.1

Smart Menus (Windows Live Toolbar)

Sonic Activation Module

Sonic Encoders

Space Solitaire

SpeedTouch USB Software

System Requirements Lab

System Requirements Lab CYRI

The Oxbridge Reference Collection

The Simpsons Movie Screen Saver

The Sims Makin' Magic

Theme Hospital

Tiscali Internet

Tiscali Music Downloads

Total Recall

Tots TV Screen Saver

tunnel Screen Saver

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update Rollup 2 for Windows XP Media Center Edition 2005

URL Assistant

Ventrilo Client

VideoEgg Publisher

Viewpoint Media Player

VirtualCom driver

WA Update v3.50 beta2

Wanadoo Europe Installer

WebFldrs XP

Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)

Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)

Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Favorites for Windows Live Toolbar

Windows Live Mail

Windows Live Messenger

Windows Live Outlook Toolbar (Windows Live Toolbar)

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Toolbar Feed Detector (Windows Live Toolbar)

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Format Runtime

Windows Media Player 11

Windows PowerShell 1.0

Windows XP Media Center Edition 2005 KB908246

Worms Armageddon

WWRY Screensaver

XviD MPEG-4 Video Codec

YouTube Downloader 2.5.3

.

==== Event Viewer Messages From Past Week ========

.

27/08/2012 11:00:19, error: PlugPlayManager [11] - The device Root\LEGACY_MFESMFK\0000 disappeared from the system without first being prepared for removal.

27/08/2012 11:00:19, error: PlugPlayManager [11] - The device Root\LEGACY_MFERKDK\0000 disappeared from the system without first being prepared for removal.

27/08/2012 11:00:18, error: PlugPlayManager [11] - The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without first being prepared for removal.

27/08/2012 11:00:18, error: PlugPlayManager [11] - The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without first being prepared for removal.

27/08/2012 11:00:18, error: PlugPlayManager [11] - The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without first being prepared for removal.

27/08/2012 10:25:15, error: DCOM [10000] - Unable to start a DCOM Server: {CDECC4C3-7377-11D3-9A6C-00C04FF40D52}. The error: "%3" Happened while starting this command: c:\PROGRA~1\mcafee.com\shared\mghtml.exe -Embedding

26/08/2012 18:56:00, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/08/2012 18:56:00, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/08/2012 18:56:00, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/08/2012 18:56:00, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/08/2012 18:56:00, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/08/2012 18:56:00, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

26/08/2012 18:12:55, error: BITS [16391] - The BITS job list is not in a recognized format. It may have been created by a different version of BITS. The job list has been cleared.

26/08/2012 17:28:06, error: Service Control Manager [7038] - The Apache2.2 service was unable to log on as .\SingleClick Admin with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

26/08/2012 17:28:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

26/08/2012 17:28:06, error: Service Control Manager [7000] - The Remote Access Media Server service failed to start due to the following error: The service did not start due to a logon failure.

26/08/2012 17:28:06, error: Service Control Manager [7000] - The Remote Access DB service failed to start due to the following error: The system cannot find the path specified.

26/08/2012 17:01:45, error: NetBT [4321] - The name "LT1193 :0" could not be registered on the Interface with IP address 192.168.1.4. The machine with the IP address 192.168.1.3 did not allow the name to be claimed by this machine.

26/08/2012 15:40:28, error: Service Control Manager [7022] - The Remote Access DB service hung on starting.

26/08/2012 00:24:00, error: NetBT [4321] - The name "MATT-PC :0" could not be registered on the Interface with IP address 192.168.1.3. The machine with the IP address 192.168.1.4 did not allow the name to be claimed by this machine.

.

==== End Of File ===========================

dds log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.2180

Run by Andrew at 17:54:05 on 2012-09-02

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.188 [GMT 1:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\Common Files\AOL\1232904073\ee\AOLSoftware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Clownfish\Clownfish.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\dlcdcoms.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061010

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5061010

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mDefault_Search_URL = hxxp://www.google.com/ie

mSearch Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\prxtbBro2.dll

TB: Brothersoft Toolbar: {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - c:\program files\brothersoft\prxtbBro2.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "c:\documents and settings\becky\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Clownfish] "c:\program files\clownfish\Clownfish.exe"

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [DLCDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCDtime.dll,_RunDLLEntry@16

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [speedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [NPSStartup]

mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 944\memcard.exe"

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [dlcdmon.exe] "c:\program files\dell photo aio printer 944\dlcdmon.exe"

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"

mRun: [HostManager] c:\program files\common files\aol\1232904073\ee\AOLSoftware.exe

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

dRunOnce: [RunNarrator] Narrator.exe

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bdarem~1.lnk - c:\program files\usb tv\em28xx\BDARemote.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe

IE: &Search

IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Peggle%20Nights/Images/stg_drm.ocx

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230296713453

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345469201437

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Peggle%20Nights/Images/armhelper.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{593A063A-B756-4490-922A-E2B3026D0D63} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EDD9B07B-DDC4-46D4-93AD-DB5B91406981} : NameServer = 192.168.0.1

Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: whlphe.dll tfrexi.dll nyuqhx.dll ebdkpg.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli scecli

.

============= SERVICES / DRIVERS ===============

.

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-10-6 54752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-2 655944]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-2 22344]

S0 sppqy;sppqy;c:\windows\system32\drivers\vrfugrz.sys --> c:\windows\system32\drivers\vrfugrz.sys [?]

S2 Apache2.2;Remote Access Media Server;"c:\program files\common files\singleclick systems\apache\bin\httpd.exe" -k runservice --> c:\program files\common files\singleclick systems\apache\bin\httpd.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dsl-db;Remote Access DB;"c:\program files\common files\singleclick systems\mysql\bin\mysqld.exe" --defaults-file="c:\program files\common files\singleclick systems\mysql\my.ini" dsl-db --> c:\program files\common files\singleclick systems\mysql\bin\mysqld.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [2011-4-15 29184]

S3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2011-6-21 4096]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-6-1 36608]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]

S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006]

S3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-09-02 13:34:59 -------- d-----w- c:\documents and settings\andrew\application data\Malwarebytes

2012-09-02 13:34:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-02 13:34:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-02 13:34:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-08-28 20:42:35 -------- d-----w- c:\program files\common files\PC Utility Kit

2012-08-28 20:42:34 -------- d-----w- c:\program files\PC Utility Kit

2012-08-28 20:42:34 -------- d-----w- c:\documents and settings\all users\application data\PC Utility Kit

2012-08-26 16:40:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-08-26 16:40:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-08-26 16:40:29 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-08-26 16:40:28 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-08-21 22:38:59 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll

2012-08-21 22:37:59 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll

2012-08-21 22:36:55 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll

2012-08-21 22:35:58 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll

2012-08-21 22:32:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2012-08-21 22:32:33 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe

2012-08-21 21:57:32 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2012-08-21 21:57:32 24661 ----a-w- c:\windows\system32\spxcoins.dll

2012-08-21 21:57:32 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2012-08-21 21:57:32 13312 ----a-w- c:\windows\system32\irclass.dll

2012-08-21 21:57:26 22339 ----a-r- c:\windows\SET282.tmp

2012-08-21 21:57:26 10559 ----a-r- c:\windows\SET283.tmp

2012-08-21 21:57:08 13753 ----a-r- c:\windows\SET23F.tmp

2012-08-21 21:57:06 1086058 ----a-r- c:\windows\SET233.tmp

2012-08-21 21:57:05 106147 ----a-r- c:\windows\SET230.tmp

2012-08-20 15:25:12 19569 ----a-w- c:\windows\000001_.tmp

2012-08-20 15:05:01 331805736 ----a-w- c:\windows\WindowsXP-KB936929-SP3-x86-ENU.exe

2012-08-19 20:42:31 -------- d-----w- c:\program files\iPod

2012-08-19 20:42:21 -------- d-----w- c:\program files\iTunes

2012-08-19 20:41:18 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-08-19 20:41:18 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2012-08-19 20:39:14 -------- d-----w- c:\program files\Bonjour

2012-08-12 22:53:45 -------- d-----w- c:\documents and settings\andrew\application data\Nectar Search Toolbar for Chrome

.

==================== Find3M ====================

.

2012-07-15 21:34:45 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-15 21:34:44 476976 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-15 21:34:44 472880 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-15 21:34:23 0 ----a-w- c:\windows\system32\REN137.tmp

2012-07-15 21:34:23 0 ----a-w- c:\windows\system32\REN136.tmp

2012-07-15 21:34:23 0 ----a-w- c:\windows\system32\REN135.tmp

2012-07-15 10:41:46 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-07-05 20:21:21 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-05 20:21:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2009-10-27 19:28:59 4727808 ----a-w- c:\program files\Works632_en-US.msi

2008-10-30 13:33:37 67167528 ----a-w- c:\program files\iTunes801Setup.exe

2008-10-26 16:34:46 183 ----a-w- c:\program files\run_mod.bat

2008-10-26 16:34:46 167 ----a-w- c:\program files\run_studiomdl.bat

2008-10-26 16:34:46 162 ----a-w- c:\program files\run_hlmv.bat

2008-10-26 16:34:46 105 ----a-w- c:\program files\run_hammer.bat

.

============= FINISH: 17:57:10.85 ===============

[daledoc1]

Hi, again:

I'm neither qualified nor authorized to review the DDS logs for malware advice.

(We'll need to wait for an MBAM staffer to the check them.)

However, given the combination of your inability to update MBAM (as well as the specific error codes you're getting), the lack of a real-time anti-virus program, and the use of P2P file-sharing programs (torrents), it's a pretty safe bet that your system is infected.

The best suggestion is to have a qualified malware expert take a look at your system for cleaning.

We cannot work on malware detection/removal in this particular sub-section.

However, help is just around the cyber corner, so to speak.

Please read below for instructions how to proceed.

IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.

IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:

OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum.

OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.

OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.

OPTION 1:

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  
• Then please start a new post in the Malware Removal Forum.
  
• -->>You've already run DDS, which is the first step. So, you'll want to include the logs in your new topic, with a brief description of the computer problem.
  
• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.
  

• When starting your new post, please note the following:
  
• Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  
• Please COPY/PASTE the requested logs directly into your post, rather than attaching them.
  
• Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  
• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.
  

OPTION 2:

If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them here.

OPTION 3:

If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site here.

Please be patient – someone will assist you as soon as possible.

Thank you very much,

daledoc1

[Andrew_Holding]

Hi Daledoc1

Thanks for your help on this. I may have an infection - but I should probably outline the events that led up to this.

A day or so after my McAfee subscription expired - my daughter tried to install service pack3 for windows XP (apparently the new I Pod Nano needs this to sync properly!

Windows wouldn't start up following this - and despite trying to reconfigure various .dll files etc. in the end I had to resort to the windows system disc - although I used the repair option - I went through the same process as re-installing windows. Although this got windows running - I couldn't open McAfee at all and had to remove it completely. That day my Netgear router died - and I have installed an old D-Link wireless router. Although I sometimes can get a browser connection this seems to be intermittent at best. The honest answer is I don't know if I have a windows issue, router issue / some kind of conflict - or a virus!

Thanks again for your help - I will follow the recommended steps

Andrew

[daledoc1]

Thanks for the update.

The malware experts will help you to sort it all out & to get a proper antivirus installed.

For the sake of efficiency, when you start your new topic in the malware removal section, please include in your first post:

1) A brief description of the current issues;

2) The same 2 DDS logs that you posted here;

3) Perhaps a link back to this topic: http://forums.malwar...howtopic=115213

Then, please wait for an expert to reply -- please don't post back to the new topic or bump it too soon.

Otherwise it will look as if you are already being helped, and it may be overlooked.

While you're waiting for help, I wouldn't go online with the infected system, especially since you have no active antivirus.

You'll also more than likely be asked by your helper to remove bittorrent, as per the piracy policy, and because filesharing is a terrific way to get (re-)infected.

Good luck!

daledoc1

[Firefox]

Please follow the advice from daledoc1 from post above, #8 and choose one of the options.

[AdvancedSetup]

Yes, the computer is infected and needs to be cleaned.

AppInit_DLLs: whlphe.dll tfrexi.dll nyuqhx.dll ebdkpg.dll

[daledoc1]

@ AdvancedSetup: Thanks for the confirmation.

@ Firefox: Yup, the OP has indeed started a new topic in the malware removal section: http://forums.malwar...howtopic=115251

So, this topic can probably be closed?

daledoc1