Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wormradar? Unable to access Microsoft or Windows Update w/IE8browser redirect


  • This topic is locked This topic is locked
41 replies to this topic

#1 wildbill0707

wildbill0707

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 12 April 2010 - 04:17 PM

I am unable to access Microsoft Update for about 3 weeks now. IE8 cannot connect when I try to download an update, but can connect with everything else. I also ocassionally have a Windows Internet Security window popup stating "Browser under threat of infection. Windows requires permission to install online protection tool" asking to allow or not allow. If allow is hit one of the following appears;

Name: setup.exe
Type: Application 73.2 KB or 72.9KB
From: typofeltg.com or hostlibe.com

While initially filling this out my browser went blue with a message about IE8 for a split second then my computer rebooted. First time for that. I have started over with a second file download app. and from location. I have never ran or saved the file download, but can't say my wife hasn't. Any help will be greatly appreciated.


DDS (Ver_10-03-17.01) - NTFSx86
Run by bvp at 14:49:41.35 on Mon 04/12/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.888 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bvp\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/index.cfm
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-6 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-6 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-6 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-13 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-4-12 311568]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-5-27 5504]
S2 gupdate1c9efad914f0f20;Google Update Service (gupdate1c9efad914f0f20);c:\program files\google\update\GoogleUpdate.exe [2009-6-17 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-8 21504]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\pcpitstopscheduleservice.exe --> c:\program files\pcpitstop\PCPitstopScheduleService.exe [?]

=============== Created Last 30 ================

2010-04-12 19:44:43 0 ----a-w- c:\users\bvp\defogger_reenable
2010-04-12 15:03:33 0 d-----w- c:\users\bvp\appdata\roaming\IObit
2010-04-12 14:41:56 0 d-----w- c:\programdata\IObit
2010-04-12 14:41:53 0 d-----w- c:\program files\IObit
2010-04-05 14:32:46 65536 --sha-w- c:\users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TM.blf
2010-04-05 14:32:46 524288 --sha-w- c:\users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TMContainer00000000000000000002.regtrans-ms
2010-04-05 14:32:46 524288 --sha-w- c:\users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TMContainer00000000000000000001.regtrans-ms
2010-03-27 23:01:28 0 d-----w- c:\users\bvp\appdata\roaming\Sammsoft
2010-03-25 22:07:14 0 d-----w- c:\programdata\PCPitstop

==================== Find3M ====================

2010-03-13 18:57:06 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 18:57:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 18:56:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-18 09:18:34 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:18:34 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-18 09:18:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-18 09:18:34 143360 ----a-w- c:\windows\inf\infstor.dat
2009-04-08 22:37:41 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-18 14:44:27 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-08-18 14:44:27 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-08-18 14:44:27 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-08-18 14:44:27 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-05-27 15:36:38 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:50:24.14 ===============
.

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:59 AM

Posted 16 April 2010 - 02:10 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 16 April 2010 - 06:39 PM


Hi. I have the same problems as listed in my initial posting with something new. AVG has stopped an "Exploit Rogue scanner (type 1065)" twice when I opened a IE8 browser within the last day and a half. I have had several people tell me they had a problem with browser redirect while using Google. My browser redirect can happen on any web page. Thanks for your help.



DDS (Ver_10-03-17.01) - NTFSx86
Run by bvp at 16:01:12.81 on Fri 04/16/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.835 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bvp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/index.cfm
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-6 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-6 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-6 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-13 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-13 308064]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-4-12 311568]
R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-5-27 5504]
S2 gupdate1c9efad914f0f20;Google Update Service (gupdate1c9efad914f0f20);c:\program files\google\update\GoogleUpdate.exe [2009-6-17 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-8 21504]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\pcpitstopscheduleservice.exe --> c:\program files\pcpitstop\PCPitstopScheduleService.exe [?]

=============== Created Last 30 ================

2010-04-12 20:51:05 382127691 ----a-w- c:\windows\MEMORY.DMP
2010-04-12 19:44:43 0 ----a-w- c:\users\bvp\defogger_reenable
2010-04-12 15:03:33 0 d-----w- c:\users\bvp\appdata\roaming\IObit
2010-04-12 14:41:56 0 d-----w- c:\programdata\IObit
2010-04-12 14:41:53 0 d-----w- c:\program files\IObit
2010-04-05 14:32:46 65536 --sha-w- c:\users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TM.blf
2010-04-05 14:32:46 524288 --sha-w- c:\users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TMContainer00000000000000000002.regtrans-ms
2010-04-05 14:32:46 524288 --sha-w- c:\users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TMContainer00000000000000000001.regtrans-ms
2010-03-27 23:01:28 0 d-----w- c:\users\bvp\appdata\roaming\Sammsoft
2010-03-25 22:07:14 0 d-----w- c:\programdata\PCPitstop

==================== Find3M ====================

2010-03-13 18:57:06 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 18:57:04 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 18:56:58 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53:34 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-18 09:18:34 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:18:34 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-18 09:18:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-18 09:18:34 143360 ----a-w- c:\windows\inf\infstor.dat
2009-04-08 22:37:41 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-18 14:44:27 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-08-18 14:44:27 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-08-18 14:44:27 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-08-18 14:44:27 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-05-27 15:36:38 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:01:26.75 ===============

Attached Files



#4 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 17 April 2010 - 04:35 PM

My wives' wireless laptop now appears to have the same thing going on.

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 17 April 2010 - 07:56 PM

Hi wildbill0707,




Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.

Please go to this thread to download that tool and run it as instructed in that thread before proceeding the following steps.


Step1
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  3. Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu.
    The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
  4. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  5. Click Yes to allow Combofix to continue scanning for malware.
  6. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  7. Do not mouse click on Combofix while it is running. That may cause it to stall.


Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In your next reply, please post back:


1.ComboFix log
2.MBAM log Thanks

#6 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 April 2010 - 12:28 PM

Hi sundavis,

I ran RKill, then ran ComboFix. Combofix made a log as specified. When I try to access the log at C:\ComboFix.txt and/or try to acess the internet I receive messages stating;

C:\ComboFix.txt
Illegal operation attempted on a registry key that has been marked for deletion

The same message applies for - C:\Program Files\ Internet Explorer \ iexplore.exe


I did not download Malwarebytes' before running ComboFix as I was doing them in order listed.

I am currently using a laptop to access the internet. I will wait for further instruction. Thanks.

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 18 April 2010 - 07:39 PM

Hi wildbill0707,


  1. Start > Run, and type: MSConfig . Press Enter
  2. In the General tab, Startup Selection, choose: Normal Startup-load all device drivers and services
  3. Press OK and restart your pc.

After that, please post the logs as instructed in your next reply. Thanks

#8 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 April 2010 - 08:24 PM

Hi sundavis,

Same message as before;

C:\Windows\system32\MSConfig.exe
Illegal operation attempted on a registry key that has been marked for deletion.

Eveything I have attempted to look at has given the same message including when I attempted to open my control panel. Message then was for "Explorer.exe"

What shall I try next? Thanks.

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 18 April 2010 - 08:41 PM

Hi wildbill0707,



Go to safe mode and do the following:

1.Click Start, click Run, type msconfig in the Open box, and then press ENTER.
2.Click Enable All on the Startup tab.
3.Click the Services tab, and then verify that the Enable All check box is not available. If this check box is available, click to select it.
4.In the General tab, Startup Selection, choose: Normal Startup-load all device drivers and services
5.Click OK, and then restart your computer.

If still not working, go to safe mode. Click Start, Run, and copy/paste sfc /scannow into run box and click OK.

You may drag the logs into flash drive or usb then copy/paste the logs in your next reply. Let me know how things went.

#10 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 April 2010 - 09:31 PM

Hi sundavis,

Here is the log for combofix but I cannot get to Malwarebytes because my browser is redirected everytime and I have tried both sites numerous times with redirect each time. Will wait for your reply. Should I restart my antivirus and firewall? Thanks.



ComboFix 10-04-17.07 - bvp 04/18/2010 11:41:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1134 [GMT -5:00]
Running from: c:\users\bvp\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-482663463-3541359660-2921807661-500

.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 16:50 . 2010-04-18 16:50 -------- d-----w- c:\users\bvp\AppData\Local\temp
2010-04-18 16:50 . 2010-04-18 16:50 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-04-12 15:03 . 2010-04-12 15:03 -------- d-----w- c:\users\bvp\AppData\Roaming\IObit
2010-04-12 14:41 . 2010-04-12 15:11 -------- d-----w- c:\programdata\IObit
2010-04-12 14:41 . 2010-04-12 15:03 -------- d-----w- c:\program files\IObit
2010-04-11 17:16 . 2010-04-11 17:16 -------- d-----w- c:\users\bvp\AppData\Local\IsolatedStorage
2010-03-27 23:01 . 2010-03-27 23:09 -------- d-----w- c:\users\bvp\AppData\Roaming\Sammsoft
2010-03-27 01:49 . 2010-04-05 15:53 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-25 22:07 . 2010-03-27 23:22 -------- d-----w- c:\programdata\PCPitstop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 15:54 . 2007-06-13 01:21 -------- d-----w- c:\program files\Dl_cats
2010-04-14 00:48 . 2010-04-14 00:48 -------- d-----w- c:\users\TEMP\AppData\Roaming\DellFaxCtr
2010-04-14 00:48 . 2010-04-14 00:48 101808 ----a-w- c:\users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-14 00:48 . 2010-04-14 00:48 -------- d--h--w- c:\users\TEMP\AppData\Roaming\GTek
2010-04-11 17:15 . 2007-06-10 04:03 -------- d-----w- c:\program files\TurboTax
2010-04-05 14:30 . 2006-09-17 21:33 -------- d-----w- c:\program files\Greetings Workshop
2010-03-27 23:22 . 2009-04-07 04:30 -------- d-----w- c:\program files\Dell PC Fax
2010-03-27 23:22 . 2007-07-22 00:50 -------- d-----w- c:\program files\LimeWire
2010-03-27 23:22 . 2007-05-27 07:56 -------- d-----w- c:\programdata\Roxio
2010-03-27 23:22 . 2008-04-14 00:35 -------- d-----w- c:\users\bvp\AppData\Roaming\Intuit
2010-03-27 23:22 . 2007-07-22 00:50 -------- d-----w- c:\users\bvp\AppData\Roaming\LimeWire
2010-03-27 23:22 . 2008-04-14 00:22 -------- d-----w- c:\users\Mindy\AppData\Roaming\Intuit
2010-03-27 23:22 . 2008-10-28 03:18 -------- d-----w- c:\users\Nick\AppData\Roaming\ICAClient
2010-03-13 18:57 . 2009-04-06 21:16 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-13 18:57 . 2010-03-13 18:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-13 18:57 . 2009-04-06 21:16 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-13 18:56 . 2009-04-06 21:16 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 09:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 21:33 . 2009-04-07 19:51 101808 ----a-w- c:\users\Mindy.Bill-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-05 01:09 . 2010-03-05 01:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-04 00:34 . 2007-06-15 00:49 101808 ----a-w- c:\users\bvp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-28 18:48 . 2007-06-30 17:04 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-20 23:06 . 2010-03-11 09:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 09:00 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 09:00 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-25 12:00 . 2010-02-23 21:45 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 21:45 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 21:45 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 21:45 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 21:45 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 21:45 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 21:45 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 21:45 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 21:45 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 21:45 2048 ----a-w- c:\windows\system32\tzres.dll
2007-05-27 15:36 . 2007-05-27 15:36 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-27 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:51,4e,b1,1a,d3,22,ca,01

R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 gupdate1c9efad914f0f20;Google Update Service (gupdate1c9efad914f0f20);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 133104]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-13 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-13 242696]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-05-27 5504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-04-12 19:54]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 00:41]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 00:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/index.cfm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 11:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\users\bvp\AppData\Roaming\GTek\GTUpdate\AUpdate\NMSSupport\DB\{9810E7FE-0C30-4524-B79B-EF3BADC8F7AD}.xml 794 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-18 11:52:49
ComboFix-quarantined-files.txt 2010-04-18 16:52

Pre-Run: 168,878,645,248 bytes free
Post-Run: 169,870,094,336 bytes free

- - End Of File - - 5098F584619BB564B16AAFD9FAF295D7


#11 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 18 April 2010 - 10:01 PM

Hi sundavis,

I must log off for the evening. Will be back online around 3:00PM CT Monday and will check back in then. Thanks for all your help, have a good evening and an even better day tommorrow.

Wildbill0707

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 18 April 2010 - 10:26 PM

Hi wildbill0707,



QUOTE
I cannot get to Malwarebytes because my browser is redirected everytime...

You may download MBAM from another computer and transfer it via flash drive or usb. After that, please install virus definitions manually from Here if you can't update normally.

QUOTE
Should I restart my antivirus and firewall?

Yes, please proceed.

QUOTE
I must log off for the evening...

That's ok. Take your time. thumbup2.gif Please download MBAM and run it as instructed in my previous post. After that, let's do some maintenance and hope to get it back to working order.

Step1
  1. Please download OTL and save it to your desktop.
  2. Double click on the icon on your desktop.
  3. Click the "Scan All Users" checkbox.
  4. Under the Custom Scan box paste the following bolded text:

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  5. Click the "Quick Scan" button.
  6. The scan should take just a few minutes.
  7. Copy and paste both logs back here in your next reply.
Step2

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:
    ipconfig /flushdns
7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.

and do the following afterwards.

1.Click on Start button.
2.Type Cmd in the Start Search text box.
3.Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4.Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
5.Repeat the process with netsh int ip reset
5.Restart the computer.

Step3

After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.

Open IE, select Tools > Internet Options. Select the Connections tab.
  1. If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  2. In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  3. Click OK.
  4. Click Advanced tab and click on Reset button
  5. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

If your Firefox can't work properly, you're well advised to uninstall FF completely and do a clean reinstall. You may backup Bookmark before proceeding. Please go to Here and Here .


In your next reply, please post back:

1.OTL log
2.MBAM log

Tell me if you have any remaining issues on your pc.

Edited by sundavis, 19 April 2010 - 05:35 AM.


#13 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 19 April 2010 - 09:15 PM

Hi sundavis,

I finished everything as instructed (starting AVG and Windows Firewall first) and was able to update Windows thru Windows Update in the start menu. I then opened IE8 and on my second site visit I was hit with a " gugle " redirect. Then the fake Microsoft Security Warning popped up (the same as noted earlier) stating my browser settings were at a security risk and asking me to download a security package. Now I am unable to reach Microsoft update again and I even tried the MBAM download page and it will not allow a connection. I thought we might have had it, but apparently not. Here are the logs you asked for (there were 2 from OTL). Thanks.


OTL logfile created on: 4/19/2010 5:59:16 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\bvp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 157.97 Gb Free Space | 70.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILL-PC
Current User Name: bvp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/19 17:44:13 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\bvp\Desktop\OTL.exe
PRC - [2010/04/14 15:18:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/13 13:57:04 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/13 13:57:04 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/13 13:57:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/13 13:56:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/13 13:56:58 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/26 19:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/18 07:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/09/26 10:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2006/09/22 09:35:58 | 000,045,056 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/04/19 17:44:13 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\bvp\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (PCPitstop Scheduling)
SRV - [2010/03/13 13:57:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/13 13:56:58 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-482663463-3541359660-2921807661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/index.cfm
IE - HKU\S-1-5-21-482663463-3541359660-2921807661-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-482663463-3541359660-2921807661-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-482663463-3541359660-2921807661-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/04/14 20:13:41 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\Mozilla\Extensions
[2009/04/14 20:13:41 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-482663463-3541359660-2921807661-1001..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-482663463-3541359660-2921807661-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-482663463-3541359660-2921807661-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-482663463-3541359660-2921807661-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCMaticVer Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/19 17:44:12 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\bvp\Desktop\OTL.exe
[2010/04/19 17:30:23 | 000,000,000 | ---D | C] -- C:\Users\bvp\AppData\Roaming\Malwarebytes
[2010/04/19 17:29:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/19 17:29:57 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/19 17:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/19 17:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/18 11:52:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/18 11:52:51 | 000,000,000 | ---D | C] -- C:\Users\bvp\AppData\Local\temp
[2010/04/18 11:52:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/18 11:39:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/18 11:39:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/18 11:39:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/18 11:39:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/18 11:32:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/18 11:32:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/16 16:10:33 | 000,000,000 | ---D | C] -- C:\Users\bvp\Desktop\gmer
[2010/04/12 15:51:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/04/12 11:13:38 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\bvp\Desktop\HijackThis.exe
[2010/04/12 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\bvp\AppData\Roaming\IObit
[2010/04/12 10:02:28 | 007,184,528 | ---- | C] (IObit ) -- C:\Users\bvp\Desktop\asc-setup.exe
[2010/04/12 09:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/04/12 09:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/04/12 09:34:54 | 008,116,768 | ---- | C] (IObit ) -- C:\Users\bvp\Desktop\is360setup141.exe
[2010/04/11 12:16:56 | 000,000,000 | ---D | C] -- C:\Users\bvp\AppData\Local\IsolatedStorage
[2009/04/06 22:37:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2009/04/06 22:37:32 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2009/04/06 22:37:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2009/04/06 22:37:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2009/04/06 22:37:31 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2009/04/06 22:37:31 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2009/04/06 22:37:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2009/04/06 22:37:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2009/04/06 22:37:30 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2009/04/06 22:37:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2009/04/06 22:37:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2009/04/06 22:37:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll

========== Files - Modified Within 14 Days ==========

[2010/04/19 17:58:37 | 001,835,008 | -HS- | M] () -- C:\Users\bvp\ntuser.dat
[2010/04/19 17:44:13 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\bvp\Desktop\OTL.exe
[2010/04/19 17:43:12 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/19 17:43:12 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/19 17:43:12 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/19 17:39:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/19 17:39:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/04/19 17:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 17:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/19 17:38:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/19 17:38:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/19 17:38:04 | 000,524,288 | -HS- | M] () -- C:\Users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TMContainer00000000000000000001.regtrans-ms
[2010/04/19 17:38:04 | 000,065,536 | -HS- | M] () -- C:\Users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TM.blf
[2010/04/19 17:37:45 | 002,273,851 | -H-- | M] () -- C:\Users\bvp\AppData\Local\IconCache.db
[2010/04/19 17:30:01 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/19 17:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/19 15:50:20 | 059,049,411 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/18 11:50:34 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/18 10:49:06 | 003,919,755 | R--- | M] () -- C:\Users\bvp\Desktop\ComboFix.exe
[2010/04/18 10:38:39 | 000,363,520 | ---- | M] () -- C:\Users\bvp\Desktop\rkill.com
[2010/04/16 16:10:02 | 000,284,915 | ---- | M] () -- C:\Users\bvp\Desktop\gmer.zip
[2010/04/16 16:01:01 | 000,525,824 | ---- | M] () -- C:\Users\bvp\Desktop\dds.scr
[2010/04/12 15:51:05 | 382,127,691 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/04/12 14:44:43 | 000,000,000 | ---- | M] () -- C:\Users\bvp\defogger_reenable
[2010/04/12 11:13:41 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\bvp\Desktop\HijackThis.exe
[2010/04/12 10:22:40 | 000,000,133 | ---- | M] () -- C:\Users\bvp\Desktop\IObit Freeware.url
[2010/04/12 10:03:36 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/12 10:02:34 | 007,184,528 | ---- | M] (IObit ) -- C:\Users\bvp\Desktop\asc-setup.exe
[2010/04/12 09:41:56 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/04/12 09:35:02 | 008,116,768 | ---- | M] (IObit ) -- C:\Users\bvp\Desktop\is360setup141.exe
[2010/04/11 12:19:07 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/08 17:31:44 | 000,001,784 | ---- | M] () -- C:\Windows\System32\Support.xml

========== Files Created - No Company Name ==========

[2010/04/19 17:30:01 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/18 11:39:31 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/18 11:39:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/18 11:39:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/18 11:39:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/18 10:49:02 | 003,919,755 | R--- | C] () -- C:\Users\bvp\Desktop\ComboFix.exe
[2010/04/18 10:38:36 | 000,363,520 | ---- | C] () -- C:\Users\bvp\Desktop\rkill.com
[2010/04/16 16:10:01 | 000,284,915 | ---- | C] () -- C:\Users\bvp\Desktop\gmer.zip
[2010/04/16 16:00:57 | 000,525,824 | ---- | C] () -- C:\Users\bvp\Desktop\dds.scr
[2010/04/12 15:51:05 | 382,127,691 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/12 14:44:43 | 000,000,000 | ---- | C] () -- C:\Users\bvp\defogger_reenable
[2010/04/12 10:03:38 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/04/12 10:03:36 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/04/12 10:03:36 | 000,000,133 | ---- | C] () -- C:\Users\bvp\Desktop\IObit Freeware.url
[2010/04/12 09:41:56 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2010/04/11 12:19:07 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2009.lnk
[2010/04/05 09:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TMContainer00000000000000000002.regtrans-ms
[2010/04/05 09:32:46 | 000,524,288 | -HS- | C] () -- C:\Users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TMContainer00000000000000000001.regtrans-ms
[2010/04/05 09:32:46 | 000,065,536 | -HS- | C] () -- C:\Users\bvp\ntuser.dat{1ec15d90-39fa-11df-8480-0019d179a4f3}.TM.blf
[2010/02/28 13:50:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/18 17:43:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/06 23:31:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2009/04/06 23:31:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2009/04/06 22:37:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2009/04/06 22:37:31 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2009/04/06 22:37:30 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2009/04/06 22:37:30 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2009/04/06 22:37:30 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2009/04/06 22:37:30 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2009/04/06 22:37:30 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2009/04/06 22:37:29 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2009/04/06 22:37:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2009/04/06 22:37:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2009/04/06 22:13:50 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/04/06 19:09:07 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2009/04/06 19:09:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2009/04/06 19:09:07 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2009/04/06 19:09:07 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll
[2009/04/06 19:09:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2009/04/06 19:09:04 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2009/04/06 15:09:40 | 001,835,008 | -HS- | C] () -- C:\Users\bvp\ntuser.dat
[2009/04/06 15:09:40 | 001,572,864 | -HS- | C] () -- C:\Users\bvp\ntuser.dat_previous
[2009/04/06 15:09:40 | 000,524,288 | -HS- | C] () -- C:\Users\bvp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/04/06 15:09:40 | 000,524,288 | -HS- | C] () -- C:\Users\bvp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/04/06 15:09:40 | 000,262,144 | ---- | C] () -- C:\Users\bvp\ntuser.dat.LOG1
[2009/04/06 15:09:40 | 000,065,536 | -HS- | C] () -- C:\Users\bvp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/04/06 15:09:40 | 000,000,020 | -HS- | C] () -- C:\Users\bvp\ntuser.ini
[2009/04/06 15:09:40 | 000,000,000 | ---- | C] () -- C:\Users\bvp\ntuser.dat.LOG2
[2007/09/07 12:35:15 | 000,017,089 | ---- | C] () -- C:\Users\bvp\AppData\Roaming\UserTile.png
[2007/06/30 10:15:26 | 000,000,710 | ---- | C] () -- C:\Users\bvp\AppData\Roaming\wklnhst.dat
[2007/06/14 19:39:32 | 000,524,288 | -HS- | C] () -- C:\Users\bvp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002 (2).regtrans-ms
[2007/06/14 19:39:32 | 000,524,288 | -HS- | C] () -- C:\Users\bvp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001 (2).regtrans-ms
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/06 22:44:10 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\AVG9
[2008/10/14 17:24:59 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/12 10:03:33 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\IObit
[2010/03/27 18:22:29 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\LimeWire
[2008/01/10 16:02:14 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\Pirateville
[2010/03/27 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\Sammsoft
[2007/06/30 10:15:27 | 000,000,000 | ---D | M] -- C:\Users\bvp\AppData\Roaming\Template
[2009/03/31 23:30:14 | 000,000,000 | ---D | M] -- C:\Users\Mindy\AppData\Roaming\LimeWire
[2007/09/21 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Mindy\AppData\Roaming\Template
[2009/04/07 15:43:45 | 000,000,000 | ---D | M] -- C:\Users\Mindy.Bill-PC\AppData\Roaming\Template
[2010/03/27 18:22:09 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ICAClient
[2009/01/18 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\LimeWire
[2010/04/19 17:39:01 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/04/19 17:37:55 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< :Commands >

< [purity] >

< [resethosts] >

< [emptytemp] >

< [EMPTYFLASH] >

< [Reboot] >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 717 bytes -> C:\Users\bvp\Documents\Bill Fishing.eml:OECustomProperty
< End of report >



OTL Extras logfile created on: 4/19/2010 5:59:16 PM - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\bvp\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 157.97 Gb Free Space | 70.91% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.99 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BILL-PC
Current User Name: bvp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0851E5E7-CAA0-4435-A500-8C611A1F0D2D}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{1BA45486-9D1D-431B-A1C0-3A799EC03FDA}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{DBE01608-7EFB-4857-A2D2-49E8DE202F42}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{E69E4613-72E4-4B77-A7C5-2E94088717B1}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06574CA0-412C-4BF4-8D51-DC068B0C7E20}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{0DFAC3F5-2684-40D5-8EE2-4BC4D979EC32}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13F25A58-4DF8-453D-965F-1B1CEFD206FF}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{17C10346-96D1-4572-8EFC-97D21D111E2A}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{2B3E42E9-13E4-428E-96B4-ED14B7F664E6}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{374328E5-3F5E-482C-8E59-375B93D870EB}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{4E6EC10D-1776-4791-880C-6D5624192120}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{585BBC6B-F8F1-4104-A1EF-253B38E35C0F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{59504DC6-208F-4AD0-9B38-EC2E18E943BD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{84208168-7570-4849-9FA1-9B6498358F6D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86D636E0-AA7D-415A-9115-1B7AA226BD53}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{8A6818AA-8732-4EF3-B306-8308A752B5E7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9CB19E1B-358A-472E-8D52-8C860E34333B}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{AC826F42-7CF6-4DB3-9E1E-8684A25A7CE9}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{BE4E95C5-58D3-47D3-8D4B-A98D7F9DEFA6}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{C5C95AD7-F9C1-4487-A910-D8DAA071C504}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{D2F2F369-D105-4182-8808-392C3034EF94}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{D69B5BE7-4C79-4778-B270-993586596A3F}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{F92886CB-5813-4C23-83F0-146279884EB1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"TCP Query User{5D1FFAB3-F602-4D8A-86A4-2C642D53CEAF}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{85233ECD-F460-4A6B-A0CE-33CEDAC703E6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0F8AC602-CC89-47E8-A59B-A20FA3FA7E7A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D6AE5C35-8BB4-44DD-BC2A-002C251EF205}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv™ Software
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{397EF8BA-A868-43AF-9E75-AF26C32954B2}" = TurboTax 2008 wmoiper
"{3A2EEF40-EAA2-012B-AE15-000000000000}" = TurboTax 2009 wmoiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CD22E980-3E4F-11DF-B0D7-005056806466}" = Google Earth Plug-in
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Dell Fax Solutions" = Fax Solutions
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Intel® Configuration Center" = Intel® Viiv™ Software
"IObit Security 360_is1" = IObit Security 360
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2010 1:22:44 PM | Computer Name = Bill-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/11/2010 1:22:45 PM | Computer Name = Bill-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/11/2010 1:22:49 PM | Computer Name = Bill-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/11/2010 1:22:49 PM | Computer Name = Bill-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/11/2010 6:18:20 PM | Computer Name = Bill-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/12/2010 8:33:34 AM | Computer Name = Bill-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 4/12/2010 8:33:44 AM | Computer Name = Bill-PC | Source = Application Error | ID = 1000
Description = Faulting application fm3032.exe, version 0.1.35.8, time stamp 0x45264688,
faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000005, fault offset 0x00067605, process id 0x5d0, application start time
0x01cada3c5e6d51a0.

Error - 4/12/2010 11:04:19 AM | Computer Name = Bill-PC | Source = VSS | ID = 8194
Description =

Error - 4/12/2010 4:01:40 PM | Computer Name = Bill-PC | Source = Perflib | ID = 1010
Description =

Error - 4/12/2010 4:51:33 PM | Computer Name = Bill-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 8/20/2009 1:26:58 PM | Computer Name = Bill-PC | Source = HTTP | ID = 15016
Description =

Error - 8/21/2009 10:41:27 PM | Computer Name = Bill-PC | Source = DCOM | ID = 10010
Description =

Error - 8/24/2009 10:04:44 PM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =

Error - 8/25/2009 6:25:42 PM | Computer Name = Bill-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 8/25/2009 10:54:57 PM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =

Error - 8/26/2009 11:24:54 PM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =

Error - 8/28/2009 1:40:43 PM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =

Error - 8/29/2009 6:20:05 PM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =

Error - 9/4/2009 11:04:02 AM | Computer Name = Bill-PC | Source = bowser | ID = 8003
Description =

Error - 9/7/2009 3:50:20 PM | Computer Name = Bill-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4009

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

4/19/2010 5:36:46 PM
mbam-log-2010-04-19 (17-36-46).txt

Scan type: Quick scan
Objects scanned: 146085
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{dfabe349-e330-4c2b-a877-082c62784d49}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.161.105 93.188.166.105 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\bvp\Desktop\Defogger.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\sed.exe (Trojan.Agent) -> Quarantined and deleted successfully.


#14 wildbill0707

wildbill0707
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 19 April 2010 - 10:00 PM

Hi sundavis,

I was wondering if before we try something else or new if it would be alright if I removed IObit Security and Advanced System Care as I downloaded those items before contacting you in hopes one would cure my computers ailment. I also wanted to point out that when I disabled AVG for the running of ComboFix it was very difficult to figure out how to disable (followed AVG's instructions). While running ComboFix it stated that my AVG antivirus and anti-spyware were still running, then continued on it's scan. I hope after figuring out this problem that I can get recommendations for security items from you. Must log out for the evening. Thanks for your help.

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:59 PM

Posted 20 April 2010 - 12:27 AM

Hi wildbill0707,



QUOTE
if it would be alright if I removed IObit Security and Advanced System Care

Yes, you may remove those if you feel comfortable. It seemed something might go wrong. Have you ever reset your router? What's the name or model of router you're using now?

You had Online Protection Tool trojan onboard. It's vital to reset your router. Otherwise, the rogue may come and go. Please unplug your internet access before proceeding.


Step1


1.Please rerun MBAM as instructed in my previous post. You should rerun it after you can perform updating virus definitions afterwards.

2.Obtain an IP address and DNS servers automatically-->Go to Here if you don't know how.

3.Redo ipconfig /flushdns

4.Open IE, select Tools > Internet Options. Select the Connections tab. If you are using LAN, click "LAN Settings" button. Uncheck all checkmarks in that page. Click OK twice and close the IE.

5.Please redo the hard reset your router one more time.


Step2

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :regfind
    ave.exe
    av.exe
    :filefind
    *ave.exe*
    *av.exe*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


In your next reply, please post back:

1.MBAM log
2.SystemLook log

Tell me how things went.

Edited by sundavis, 20 April 2010 - 12:33 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users