Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispyware freezes


  • This topic is locked This topic is locked
28 replies to this topic

#1 mor711

mor711

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 23 March 2011 - 09:33 PM

Everytime I run any AntiMalware/Spyware the computer freezes (Avast, AVG, Malwarebytes), also Checkdisk and Backup and sometimes Windows explorer freezes. Have to power off/on for each. Tried Rkill prior to scan but unsuccessful **
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bvemd at 18:26:27.43 on Wed 03/23/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.2147 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\aestsrv.exe
C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Security\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Video\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\Security\PSI\psi_tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Security\PSI\sua.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bvemd\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080918
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\security\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\video\pixela\imagemixer 3 se\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\security\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: //mail.yahoo.com/
Trusted Zone: emc.org\dxview
Trusted Zone: emc.org\ikevpn
Trusted Zone: hrmprod
Trusted Zone: info.sys\hrmprod
Trusted Zone: yahoo.com\edit.finance
Trusted Zone: yahoo.com\groups
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\my
Trusted Zone: yahoo.com\us.mc385.mail
DPF: 09D0984B-E76E-4154-9EB4-519E25FEF7E5 - hxxps://dxview.emc.org/HRS/download/\Setup.cab
DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} - hxxp://ikemd:8001/portal/applets/SharedSession.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A988C5B-7C51-4A6A-8635-6B83BA1288B2} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://ikevpn.emc.org/+CSCOL+/relayp.cab
DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://dxview.emc.org/HRS/download/AliUpdate.cab
DPF: {47BC1B99-FC95-41D3-A188-C80EBA373017} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} - hxxp://ikemd:8001/portal/applets/mckntauth.ocx
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bvemd\appdata\roaming\mozilla\firefox\profiles\kggo3p8f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\bvemd\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XULRunner: {018937AD-209F-4C9A-AEBB-A9BB4272C49B} - c:\users\bvemd\appdata\local\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_3cbccf3d\AEstSrv.exe [2008-9-18 73728]
R2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\common files\mckesson\mig\service\AliUpdate.exe [2010-1-18 79152]
R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-11-22 20376]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-6-3 386328]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-18 453712]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-5-14 4440064]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\security\psi\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\security\psi\sua.exe [2011-1-10 399416]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-8-25 69632]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-9-18 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-9-18 224384]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-9-18 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-18 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-18 277504]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-23 133104]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-1-24 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-1-24 11088]
S3 Pxhsocadmdsi;Pxhsocadmdsi; [x]
.
=============== Created Last 30 ================
.
2021-02-01 09:58:23 -------- d-----w- c:\progra~2\Protexis
2021-02-01 09:57:01 -------- d-----w- c:\program files\Shield
2021-02-01 09:56:13 -------- d-----w- c:\program files\Utilities
2011-03-23 05:27:40 -------- d-----w- c:\windows\system32\????m????????????????????????m?????????f
2011-03-23 05:22:18 -------- d-----w- c:\users\bvemd\appdata\roaming\AVG
2011-03-23 04:44:01 -------- d-----w- c:\users\bvemd\appdata\roaming\AVG10
2011-03-23 04:41:21 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-23 04:40:19 -------- d-----w- c:\program files\AVG
2011-03-23 02:29:57 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{40b44cc6-3dc6-412d-909b-6a3e974432b6}\mpengine.dll
2011-03-21 22:12:12 -------- d-----w- c:\windows\pss
2011-03-14 20:53:18 15729552 ----a-w- c:\temp\mpas-fe.exe
2011-03-11 05:46:28 -------- d-----w- c:\progra~2\AVG10
2011-03-10 08:53:46 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-03-10 08:53:46 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-03-10 07:35:37 -------- d-sh--w- C:\found.003
2011-03-10 03:35:20 -------- d-sh--w- C:\found.002
2011-03-10 02:49:05 -------- d-sh--w- C:\found.001
2011-03-10 02:08:38 -------- d-----w- c:\progra~2\AVAST Software
2011-03-09 10:57:58 -------- d-sh--w- C:\found.000
2011-03-09 08:37:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 08:37:55 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 08:37:55 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 08:37:55 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 08:37:55 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 08:37:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 07:21:57 -------- d-----w- c:\users\bvemd\appdata\roaming\f-secure
2011-03-09 07:21:47 -------- d-----w- c:\progra~2\F-Secure
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
.
============= FINISH: 18:27:11.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:20 AM

Posted 30 March 2011 - 12:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 mor711

mor711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 30 March 2011 - 11:44 PM

Thanks for the reply Casey.

The computer just freezes with Antivirus/Malware scan. On windows, I can do occsasional Malwarebytes "Quickscan" but not "Full Scan. No Antivirus scan works.
On Safe Mode, the same thing but can do occasional quick AVG scans. Does not get stuck on any one particular file but often on "dll" and ".exe" files. I think Checkdisk now works. Recently removed "Spigot Search Settings" last month through Malwarebytes. I do have the original Windows CD. Also have Dell's "recovery" partition drive....thanks again/morris


here's the DDS log: "GMER" Attached.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bvemd at 15:26:28.46 on Wed 03/30/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.2261 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\aestsrv.exe
C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Windows\system32\atashost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Video\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\bvemd\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080918
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\security\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\video\pixela\imagemixer 3 se\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: //mail.yahoo.com/
Trusted Zone: emc.org\dxview
Trusted Zone: emc.org\ikevpn
Trusted Zone: hrmprod
Trusted Zone: info.sys\hrmprod
Trusted Zone: yahoo.com\edit.finance
Trusted Zone: yahoo.com\groups
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\my
Trusted Zone: yahoo.com\us.mc385.mail
DPF: 09D0984B-E76E-4154-9EB4-519E25FEF7E5 - hxxps://dxview.emc.org/HRS/download/\Setup.cab
DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} - hxxp://ikemd:8001/portal/applets/SharedSession.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A988C5B-7C51-4A6A-8635-6B83BA1288B2} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://ikevpn.emc.org/+CSCOL+/relayp.cab
DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://dxview.emc.org/HRS/download/AliUpdate.cab
DPF: {47BC1B99-FC95-41D3-A188-C80EBA373017} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} - hxxp://ikemd:8001/portal/applets/mckntauth.ocx
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bvemd\appdata\roaming\mozilla\firefox\profiles\kggo3p8f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\bvemd\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XULRunner: {018937AD-209F-4C9A-AEBB-A9BB4272C49B} - c:\users\bvemd\appdata\local\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_3cbccf3d\AEstSrv.exe [2008-9-18 73728]
R2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\common files\mckesson\mig\service\AliUpdate.exe [2010-1-18 79152]
R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-11-22 20376]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-6-3 386328]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-18 453712]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-5-14 4440064]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-8-25 69632]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-9-18 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-9-18 224384]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-9-18 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-18 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-18 277504]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-23 133104]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-1-24 16456]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-1-24 11088]
S3 Pxhsocadmdsi;Pxhsocadmdsi; [x]
.
=============== Created Last 30 ================
.
2021-02-01 09:58:23 -------- d-----w- c:\progra~2\Protexis
2021-02-01 09:57:01 -------- d-----w- c:\program files\Shield
2021-02-01 09:56:13 -------- d-----w- c:\program files\Utilities
2011-03-30 21:44:44 -------- d-----w- C:\Temp2
2011-03-29 08:42:42 -------- d-sh--w- C:\found.005
2011-03-29 03:00:35 -------- d-sh--w- C:\found.004
2011-03-27 05:38:10 446464 ----a-w- c:\temp\TFC.exe
2011-03-24 08:24:19 1006778 ----a-w- c:\temp\WiNlOgOn.exe
2011-03-24 08:24:02 1006778 ----a-w- c:\temp\uSeRiNiT.exe
2011-03-24 08:23:25 1006778 ----a-w- c:\temp\eXplorer.exe
2011-03-24 08:23:13 1006778 ----a-w- c:\temp\rkill.com
2011-03-23 05:27:40 -------- d-----w- c:\windows\system32\????m????????????????????????m?????????f
2011-03-23 05:22:18 -------- d-----w- c:\users\bvemd\appdata\roaming\AVG
2011-03-23 04:44:01 -------- d-----w- c:\users\bvemd\appdata\roaming\AVG10
2011-03-23 04:41:21 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-23 04:40:19 -------- d-----w- c:\program files\AVG
2011-03-23 02:29:57 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{40b44cc6-3dc6-412d-909b-6a3e974432b6}\mpengine.dll
2011-03-21 22:12:12 -------- d-----w- c:\windows\pss
2011-03-14 20:53:18 15729552 ----a-w- c:\temp\mpas-fe.exe
2011-03-12 19:28:40 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-03-12 19:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-11 05:46:28 -------- d-----w- c:\progra~2\AVG10
2011-03-10 08:53:46 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-03-10 08:53:46 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-03-10 07:35:37 -------- d-sh--w- C:\found.003
2011-03-10 03:35:20 -------- d-sh--w- C:\found.002
2011-03-10 02:49:05 -------- d-sh--w- C:\found.001
2011-03-10 02:08:38 -------- d-----w- c:\progra~2\AVAST Software
2011-03-09 10:57:58 -------- d-sh--w- C:\found.000
2011-03-09 08:37:56 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 08:37:55 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 08:37:55 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 08:37:55 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 08:37:55 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 08:37:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 07:21:57 -------- d-----w- c:\users\bvemd\appdata\roaming\f-secure
2011-03-09 07:21:47 -------- d-----w- c:\progra~2\F-Secure
.
==================== Find3M ====================
.
2011-02-03 04:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 15:26:55.14 ===============

Attached Files



#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:20 AM

Posted 31 March 2011 - 10:10 AM

Hello and welcome to Bleeping Computer. :)

*Please enable topic reply notification, follow step # 4 -> Here.

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please do not attach logs unless instructed.

*You must reply within 5 days otherwise this topic will be closed.


===========================================


1. We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



2. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 mor711

mor711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 31 March 2011 - 01:01 PM

Musta na...Noypi too...thanks for taking the case/Morris

Here are the OTL (List and Extras) and Security Check reports.

OTL logfile created on: 3/31/2011 10:21:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\bvemd\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 82.29 Gb Free Space | 73.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.06 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
Drive J: | 67.29 Gb Total Space | 3.75 Gb Free Space | 5.57% Space Free | Partition Type: NTFS
Drive K: | 43.94 Gb Total Space | 15.93 Gb Free Space | 36.24% Space Free | Partition Type: NTFS

Computer Name: CDLRHAWK | User Name: bvemd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 10:17:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bvemd\Desktop\OTL.exe
PRC - [2011/03/28 22:38:58 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/03/18 02:52:56 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/01/18 16:44:00 | 000,079,152 | ---- | M] (McKesson MIG) -- C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe
PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/14 10:01:24 | 004,440,064 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/08/25 10:04:18 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2008/08/25 10:01:26 | 001,486,848 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2008/08/18 08:46:08 | 000,453,712 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2008/08/18 08:45:34 | 001,186,896 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2008/07/31 19:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2008/07/31 19:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2008/07/10 18:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 18:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/07/01 22:22:34 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/07/01 22:22:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/07/01 22:22:16 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/07/01 22:22:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/30 02:14:00 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/30 02:13:54 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\stacsv.exe
PRC - [2008/06/30 02:13:48 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\AEstSrv.exe
PRC - [2008/06/15 04:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 04:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/12 06:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/06/03 13:28:50 | 000,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/06/03 13:16:30 | 000,382,232 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
PRC - [2008/05/30 01:29:28 | 000,593,920 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2008/04/11 11:28:08 | 000,372,736 | ---- | M] () -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
PRC - [2008/02/28 14:42:00 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\Video\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
PRC - [2007/04/19 03:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/03/31 10:17:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bvemd\Desktop\OTL.exe
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Pxhsocadmdsi)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 02:52:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/01/18 16:44:00 | 000,079,152 | ---- | M] (McKesson MIG) [Auto | Running] -- C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe -- (AliUpdate)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/05/14 10:01:24 | 004,440,064 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/03/06 13:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/08/25 10:04:18 | 000,069,632 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2008/08/18 08:46:08 | 000,453,712 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2008/07/31 19:41:50 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2008/07/31 19:41:50 | 000,021,352 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/07/10 18:42:14 | 000,819,200 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 18:12:40 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/30 02:13:54 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\stacsv.exe -- (STacSV)
SRV - [2008/06/30 02:13:48 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\AEstSrv.exe -- (AESTFilters)
SRV - [2008/06/15 04:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/12 06:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/06/03 13:28:50 | 000,386,328 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/06/03 13:16:30 | 000,382,232 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe -- (alssvc)
SRV - [2008/04/25 13:45:40 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/03/10 13:48:48 | 001,249,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/01/20 19:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 03:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2009/08/27 23:00:58 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/07/07 15:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 15:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/06/16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/08/06 23:42:46 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/07/23 00:16:50 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/07/23 00:16:46 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/01 22:22:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/01 22:12:12 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/01 22:12:10 | 000,043,008 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/01 22:12:10 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/30 23:47:24 | 000,224,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2008/06/30 02:14:04 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/06/24 05:16:54 | 000,168,248 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/06/22 10:45:40 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/18 03:12:50 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/06/18 03:12:48 | 000,277,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/06/04 12:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/02/20 19:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/01/20 19:21:33 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/19 03:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080918
IE - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {018937AD-209F-4C9A-AEBB-A9BB4272C49B}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/22 21:41:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/10 01:53:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 01:26:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/10/01 02:05:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bvemd\AppData\Roaming\Mozilla\Extensions
[2011/03/27 20:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bvemd\AppData\Roaming\Mozilla\Firefox\Profiles\kggo3p8f.default\extensions
[2010/04/27 21:30:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\bvemd\AppData\Roaming\Mozilla\Firefox\Profiles\kggo3p8f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/27 01:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/20 00:07:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 01:14:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 01:10:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/22 21:41:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2010/09/20 20:12:55 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\BVEMD\APPDATA\LOCAL\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/07 03:50:47 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe ()
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Security\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: //mail.yahoo.com/ ([]htt in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: emc.org ([dxview] https in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: emc.org ([ikevpn] https in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: hrmprod ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: info.sys ([hrmprod] http in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: yahoo.com ([edit.finance] http in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: yahoo.com ([groups] http in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: yahoo.com ([login] https in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: yahoo.com ([my] http in Trusted sites)
O15 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000\..Trusted Domains: yahoo.com ([us.mc385.mail] http in Trusted sites)
O16 - DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} http://ikemd:8001/portal/applets/SharedSession.dll (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A988C5B-7C51-4A6A-8635-6B83BA1288B2} https://dxview.emc.org/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://ikevpn.emc.org/+CSCOL+/relayp.cab (Reg Error: Key error.)
O16 - DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} https://dxview.emc.org/HRS/download/AliUpdate.cab (Reg Error: Key error.)
O16 - DPF: {47BC1B99-FC95-41D3-A188-C80EBA373017} https://dxview.emc.org/hrs/download/Setup.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} http://ikemd:8001/portal/applets/mckntauth.ocx (Reg Error: Key error.)
O16 - DPF: 09D0984B-E76E-4154-9EB4-519E25FEF7E5 https://dxview.emc.org/HRS/download/\Setup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.20.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2291348649-2389572445-1617005422-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\bvemd\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\bvemd\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{30027bcf-9cc8-11dd-ac9d-002170ae7395}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\{622f2218-c701-11de-a92b-002170ae7395}\Shell - "" = AutoRun
O33 - MountPoints2\{622f2218-c701-11de-a92b-002170ae7395}\Shell\AutoRun\command - "" = F:\SimpliSafe.exe
O33 - MountPoints2\{7b5a7d99-d164-11de-b0b2-002170ae7395}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5a7d99-d164-11de-b0b2-002170ae7395}\Shell\AutoRun\command - "" = F:\SimpliSafe.exe
O33 - MountPoints2\{914644fb-95b4-11dd-92d8-002170ae7395}\Shell - "" = AutoRun
O33 - MountPoints2\{914644fb-95b4-11dd-92d8-002170ae7395}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{aeaa564f-6c31-11df-91ad-002170ae7395}\Shell - "" = AutoRun
O33 - MountPoints2\{aeaa564f-6c31-11df-91ad-002170ae7395}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2021/02/01 02:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2021/02/01 02:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Shield
[2021/02/01 02:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Utilities
[2011/03/31 10:17:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\bvemd\Desktop\OTL.exe
[2011/03/30 14:44:44 | 000,000,000 | ---D | C] -- C:\Temp2
[2011/03/29 01:42:42 | 000,000,000 | -HSD | C] -- C:\found.005
[2011/03/28 20:00:35 | 000,000,000 | -HSD | C] -- C:\found.004
[2011/03/27 01:10:07 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/27 01:10:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/27 01:10:07 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/22 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\bvemd\AppData\Roaming\AVG
[2011/03/22 22:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/22 22:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/03/22 21:44:01 | 000,000,000 | ---D | C] -- C:\Users\bvemd\AppData\Roaming\AVG10
[2011/03/22 21:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/03/22 21:41:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/03/22 21:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/21 15:12:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/14 13:24:39 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\bvemd\Desktop\fsbl.exe
[2011/03/10 22:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/03/10 00:35:37 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/03/09 20:35:20 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/03/09 19:49:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/03/09 19:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/03/09 03:57:58 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/03/09 01:37:56 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 01:37:55 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 01:37:55 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 01:37:55 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/09 00:21:57 | 000,000,000 | ---D | C] -- C:\Users\bvemd\AppData\Roaming\f-secure
[2011/03/09 00:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

========== Files - Modified Within 30 Days ==========

[2011/03/31 10:17:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\bvemd\Desktop\OTL.exe
[2011/03/31 09:55:44 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/31 09:55:44 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/31 09:54:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/31 09:50:20 | 000,383,476 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/31 09:50:20 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/31 09:50:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 09:50:02 | 000,383,476 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/31 09:50:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/31 09:49:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/30 20:59:20 | 110,445,849 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/30 20:58:52 | 000,123,714 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/03/30 15:21:46 | 000,625,664 | ---- | M] () -- C:\Users\bvemd\Desktop\dds.scr
[2011/03/29 02:00:17 | 000,027,648 | ---- | M] () -- C:\Users\bvemd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 01:40:32 | 000,001,356 | ---- | M] () -- C:\Users\bvemd\AppData\Local\d3d9caps.dat
[2011/03/27 01:27:00 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/24 12:02:13 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/03/23 18:23:58 | 000,000,000 | ---- | M] () -- C:\Users\bvemd\defogger_reenable
[2011/03/23 17:04:15 | 000,293,019 | ---- | M] () -- C:\Users\bvemd\Desktop\gmer.zip
[2011/03/23 17:02:24 | 000,050,477 | ---- | M] () -- C:\Users\bvemd\Desktop\Defogger.exe
[2011/03/22 22:07:41 | 000,001,004 | -HS- | M] () -- C:\Windows\System32\sys_drv.dat
[2011/03/22 21:42:35 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/21 22:38:07 | 001,006,764 | ---- | M] () -- C:\Users\bvemd\Desktop\rkill2.com
[2011/03/21 13:52:07 | 000,000,000 | ---- | M] () -- C:\Users\bvemd\AppData\Local\WavXMapDrive.bat
[2011/03/14 13:11:06 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\bvemd\Desktop\fsbl.exe
[2011/03/10 01:53:49 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/10 01:09:52 | 000,030,720 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2011/03/09 19:08:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/09 18:25:40 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/03/30 20:59:20 | 110,445,849 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/30 20:58:52 | 000,123,714 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/03/30 15:21:43 | 000,625,664 | ---- | C] () -- C:\Users\bvemd\Desktop\dds.scr
[2011/03/23 18:23:58 | 000,000,000 | ---- | C] () -- C:\Users\bvemd\defogger_reenable
[2011/03/23 17:04:15 | 000,293,019 | ---- | C] () -- C:\Users\bvemd\Desktop\gmer.zip
[2011/03/23 17:02:24 | 000,050,477 | ---- | C] () -- C:\Users\bvemd\Desktop\Defogger.exe
[2011/03/22 21:42:35 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/21 22:38:03 | 001,006,764 | ---- | C] () -- C:\Users\bvemd\Desktop\rkill2.com
[2011/03/10 01:53:49 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/09 18:25:40 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 03:36:54 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/11/28 03:36:54 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/08 14:43:33 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/11/05 21:00:49 | 000,000,036 | ---- | C] () -- C:\Users\bvemd\AppData\Local\housecall.guid.cache
[2010/10/20 21:41:17 | 000,000,010 | ---- | C] () -- C:\Users\bvemd\AppData\Roaming\install
[2010/10/20 21:24:47 | 000,000,182 | ---- | C] () -- C:\Users\bvemd\AppData\Roaming\10450.bat
[2010/10/20 21:24:39 | 000,000,183 | ---- | C] () -- C:\Users\bvemd\AppData\Roaming\5264.bat
[2010/09/20 20:13:02 | 000,000,120 | ---- | C] () -- C:\Users\bvemd\AppData\Local\Psuwoxiredoxira.dat
[2010/09/20 20:13:02 | 000,000,000 | ---- | C] () -- C:\Users\bvemd\AppData\Local\Mvuzogovi.bin
[2010/01/24 03:08:25 | 000,461,368 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/01/24 03:08:25 | 000,016,456 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/01/24 03:08:25 | 000,011,088 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/01/04 02:44:54 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/12/26 02:31:15 | 001,657,376 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2009/12/26 02:31:15 | 000,449,056 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2009/12/26 02:31:15 | 000,267,296 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2009/12/26 02:31:14 | 001,724,416 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2009/12/26 02:31:14 | 001,507,328 | ---- | C] () -- C:\Windows\System32\nView.dll
[2009/12/26 02:31:14 | 001,101,824 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2009/12/26 02:31:14 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2009/11/22 01:26:04 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/09/10 23:28:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 23:28:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 23:27:15 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/28 00:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/07/18 23:03:34 | 000,001,356 | ---- | C] () -- C:\Users\bvemd\AppData\Local\d3d9caps.dat
[2009/06/29 23:17:48 | 000,000,023 | ---- | C] () -- C:\Windows\bo9440cn.ini
[2009/06/12 09:40:04 | 000,000,307 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/06/12 09:40:04 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/06/12 00:36:16 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/06/12 00:36:16 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd9440cn.dat
[2009/06/12 00:36:16 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/06/05 08:48:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009/06/05 08:48:28 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/06/05 08:48:27 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
[2009/06/05 08:48:26 | 000,000,098 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/06/05 08:48:25 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/06/05 08:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/06/05 08:47:12 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/10/08 02:40:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/07 21:05:22 | 000,383,476 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/07 02:03:20 | 000,001,004 | -HS- | C] () -- C:\Windows\System32\sys_drv.dat
[2008/10/07 01:52:54 | 000,383,476 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/07 01:49:20 | 000,000,129 | ---- | C] () -- C:\Users\bvemd\AppData\Roaming\Skin.flk
[2008/10/05 23:20:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/27 00:42:00 | 000,027,648 | ---- | C] () -- C:\Users\bvemd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 00:01:50 | 000,000,000 | ---- | C] () -- C:\Users\bvemd\AppData\Local\WavXMapDrive.bat
[2008/09/18 07:06:07 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/09/18 04:24:25 | 000,157,008 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2008/09/18 04:22:49 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2008/07/28 16:03:06 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2008/06/13 09:18:56 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll
[2008/06/13 09:18:56 | 000,507,904 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll
[2008/06/13 09:18:54 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll
[2008/06/13 09:18:54 | 000,507,904 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll
[2008/06/13 09:18:52 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2008/06/13 09:18:52 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2008/06/13 09:18:52 | 000,507,904 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2008/06/13 09:18:50 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2008/06/13 09:18:50 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2008/06/13 09:18:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2008/06/13 09:18:48 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2008/06/13 09:18:46 | 000,561,152 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2008/06/13 09:18:44 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2008/06/13 09:18:44 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2008/06/13 09:18:42 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2008/06/13 09:16:16 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll
[2008/05/30 07:38:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2008/05/30 07:38:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2008/05/30 07:37:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2008/05/30 07:37:24 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2008/05/30 07:37:22 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2008/05/30 07:37:20 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2008/05/30 07:37:18 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2008/05/30 07:37:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2008/05/30 07:37:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2008/05/30 07:37:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2008/05/30 07:37:12 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2008/05/30 07:37:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2008/05/30 07:37:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2008/05/30 07:37:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2008/05/30 07:37:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2008/05/14 15:40:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2008/03/24 10:47:02 | 000,000,012 | ---- | C] () -- C:\Users\bvemd\AppData\Roaming\userdic.tlx
[2008/03/18 11:02:52 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll
[2008/02/25 10:04:48 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2008/02/03 15:11:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/01/20 19:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/09 15:01:48 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007/04/19 03:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll
[2007/04/19 03:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll
[2006/11/02 05:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:46:27 | 000,256,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,595,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,101,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 09:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/06/30 10:58:44 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 10:58:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2004/09/10 10:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 10:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Files - Unicode (All) ==========
[2011/03/22 22:27:40 | 000,000,000 | ---D | M](C:\Windows\System32\????m????????????????????????m?????????f) -- C:\Windows\System32\湩獧牴慥m㼿䑟␿慢楳彣瑳楲杮瑳敲浡㼀弿㽄戤獡捩獟牴湩獧牴慥m㼿䙟␿慢楳彣楦敬畢f
[2011/03/22 22:27:40 | 000,000,000 | ---D | C](C:\Windows\System32\????m????????????????????????m?????????f) -- C:\Windows\System32\湩獧牴慥m㼿䑟␿慢楳彣瑳楲杮瑳敲浡㼀弿㽄戤獡捩獟牴湩獧牴慥m㼿䙟␿慢楳彣楦敬畢f
[2011/03/22 22:27:40 | 000,000,000 | ---- | M] ()(C:\Windows\System32\????m????????????????????????m?????????fnmsrvc.exe.11.2.9195.1-ship-1300858060.dmp) -- C:\Windows\System32\湩獧牴慥m㼿䑟␿慢楳彣瑳楲杮瑳敲浡㼀弿㽄戤獡捩獟牴湩獧牴慥m㼿䙟␿慢楳彣楦敬畢fnmsrvc.exe.11.2.9195.1-ship-1300858060.dmp
[2011/03/22 22:27:40 | 000,000,000 | ---- | C] ()(C:\Windows\System32\????m????????????????????????m?????????fnmsrvc.exe.11.2.9195.1-ship-1300858060.dmp) -- C:\Windows\System32\湩獧牴慥m㼿䑟␿慢楳彣瑳楲杮瑳敲浡㼀弿㽄戤獡捩獟牴湩獧牴慥m㼿䙟␿慢楳彣楦敬畢fnmsrvc.exe.11.2.9195.1-ship-1300858060.dmp

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >




CHECKUP
Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
AVG PC Tuneup 2011
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
CCleaner
Java™ 6 Update 24
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.4.3
Japanese Fonts Support For Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.14) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgnsx.exe
``````````End of Log````````````


EXTRAS:
OTL Extras logfile created on: 3/31/2011 10:21:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\bvemd\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 82.29 Gb Free Space | 73.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.06 Gb Free Space | 50.61% Space Free | Partition Type: NTFS
Drive J: | 67.29 Gb Total Space | 3.75 Gb Free Space | 5.57% Space Free | Partition Type: NTFS
Drive K: | 43.94 Gb Total Space | 15.93 Gb Free Space | 36.24% Space Free | Partition Type: NTFS

Computer Name: CDLRHAWK | User Name: bvemd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A85A78B-2003-41E7-8258-A5A52CA054DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{0C850686-857C-4D48-9F9B-57D68B1490D3}" = lport=137 | protocol=17 | dir=in | app=system |
"{27ECA7DE-F73A-4A07-AAF4-8B94FAD6B1D9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2CE4EE69-BF68-425C-B76D-CF001559B797}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EE3707D-1C8B-4FCC-A15B-426EE49379B6}" = rport=137 | protocol=17 | dir=out | app=system |
"{315E4BD3-4EE1-4197-A390-6E45681677FA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{440BE357-CFCB-4C83-A0A9-090BA10D6AE5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4B24DC63-1436-477D-B029-FCCCFD33F7D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{4BE0E5D1-78D2-41D6-ACEA-93EE5D9002D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{65091FEC-2282-41DE-B2C6-FDAEADF4E21A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7886D0FF-0AC6-4CC4-8AC4-CBBEF88CCC9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C0D7B74-13DF-4398-B731-5F1D1AC43899}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{977BC828-6318-4B59-9050-2608360E3C43}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99049BAF-E0E9-4817-8B15-D286FE2E2473}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A286B04E-6BBA-4F96-A2B2-291AE0927A23}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8727D2A-7F97-447F-9DE2-4B9C47D3C506}" = rport=138 | protocol=17 | dir=out | app=system |
"{B88F6065-65C3-4C29-B4C2-7FE42B2BCFFC}" = rport=139 | protocol=6 | dir=out | app=system |
"{C1DFA9A0-7D87-4447-A59E-FBD231609B33}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053F98FD-CF63-4BFE-8C61-ED6BA9ED4838}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19E0ABBD-425A-48DE-8513-C185A41B9366}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1A2B05A7-0E59-41EC-B64C-7C3E12578287}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{268EF5BD-E930-412B-B1BD-D4A4FF4E06F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B378B70-823B-401F-AC07-EC5380B8DCBE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4996D6BE-9210-4FC8-8049-A896CD6593F4}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{5A39034A-8739-4EA9-A80B-B36EE8F237BE}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{5A661A8B-E7F5-43B2-914E-E80AC9091F99}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76405F4E-9601-4ABB-8DDC-6BFAD80DC70D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{83E4EC78-B6F8-4829-996C-57FEB0D8D055}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{908890BA-F35E-4630-AA0B-9EE3A1728FA2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A2B2DF26-D464-4A90-8117-14E7108ABF9C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{BFCDD21E-4F36-472E-A3C6-054A07290B45}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C4090A8A-D3E9-435E-A5D6-050ACA8935A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6226581-88ED-4561-A6FD-9D6E55B1B3A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D247B59E-5049-48CB-83A2-C2644B39677D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{DDDD0A0F-395C-4B23-9C5B-96B1342781DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FA157FB4-0613-4C64-8ED2-459B584136A9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{FFCF06BB-9ED9-4F06-986F-E8D86A79BE88}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{3197FCB0-414F-461B-8120-A20B5C3E4262}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{374655D7-FBA6-46AC-A874-F2E6C3B15B46}F:\system\apps\736d6172-7470-6373-6f6c-7574696f5162\exec\spywarefree.exe" = protocol=6 | dir=in | app=f:\system\apps\736d6172-7470-6373-6f6c-7574696f5162\exec\spywarefree.exe |
"TCP Query User{3889D198-78C9-4DDE-B45D-945FDA411245}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{3A8F511B-8492-4835-831B-3FD623E6AB80}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{65B10B49-79E6-4F6F-816B-8D7127229162}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{69E9FB9B-C3FF-450B-9A6C-8EEFFFCF51C3}F:\simplisafe.exe" = protocol=6 | dir=in | app=f:\simplisafe.exe |
"TCP Query User{B31768A2-416C-482F-AD47-0C31F1C128EA}F:\simplisafe.exe" = protocol=6 | dir=in | app=f:\simplisafe.exe |
"TCP Query User{F150E900-DB09-48E7-8AF2-72458C61B4AD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2484C71C-5B2E-4974-8106-E21239D404DF}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{4ADF3C4C-1811-4E60-A90E-A6AC52E8E044}F:\system\apps\736d6172-7470-6373-6f6c-7574696f5162\exec\spywarefree.exe" = protocol=17 | dir=in | app=f:\system\apps\736d6172-7470-6373-6f6c-7574696f5162\exec\spywarefree.exe |
"UDP Query User{4D08DA48-19D6-4C45-9023-A2E228FE56AF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7CF8D069-2535-4062-8BF0-3B89785F0755}F:\simplisafe.exe" = protocol=17 | dir=in | app=f:\simplisafe.exe |
"UDP Query User{87F1F946-D4D5-4B56-AC01-E1E74457B4CC}F:\simplisafe.exe" = protocol=17 | dir=in | app=f:\simplisafe.exe |
"UDP Query User{DDD0038E-618C-44B6-8AD3-DF4D1D3F8077}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DE864D58-0249-4E85-91EC-CA914507DE30}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E27DF3FB-B375-4A9D-9756-B3AF509187FF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{041F04B1-F985-44E8-A070-C3EB1A39369F}" = Dell ControlPoint Connection Manager
"{066D25F6-8B8B-433C-88B4-EDF41D604E7E}" = Broadcom USH Host Components
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 24
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{3393CDDB-27F0-4869-BED4-BE478598F0FF}" = Dell Control Point
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{558B86E5-CFAC-447C-99EE-5BB1C068706D}" = NTRU TCG Software Stack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}" = Wave Infrastructure Installer
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{82C19692-571C-45D2-BAF2-278225787A35}" = ImageMixer 3 SE
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel® PROSet/Wireless WiFi Software
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C50191F1-F4D1-48FD-8936-9B954A8734C5}" = HRS 11.6 Distributed
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2008F41-9E8E-4CA8-BBB0-83CC620C31FB}" = Dell ControlPoint System Manager
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE88F38C-81C3-4C22-AAED-D2BD8D090F80}" = Horizon Medical Imaging Update Service
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"7-Zip" = 7-Zip 4.65
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.02.02.0603)
"Dell Webcam Central" = Dell Webcam Central
"Free HD Converter_is1" = Free HD Converter V 1.7
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 13.0.42.0
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"SyncBack_is1" = SyncBack
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VLC media player" = VLC media player 1.1.5
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2291348649-2389572445-1617005422-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:20 AM

Posted 01 April 2011 - 04:59 AM

Hi there kabayan, nice to meet you here :)

AVG is conflicting with combofix so we need to temporary remove it.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 mor711

mor711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 01 April 2011 - 11:43 AM

Kabayan, I removed AVG. FWIW, after Combofix finished and came back fo windows, I couldn't start Internet Explorer (there was a pop up saying there was an entry in the registry which marked IE for deletion). I restarted windows and IE worked fine...regards/morris.

Heres the log:



ComboFix 11-03-31.05 - bvemd 04/01/2011 9:08.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.2376 [GMT -7:00]
Running from: c:\temp2\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bvemd\AppData\Local\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}
c:\users\bvemd\AppData\Local\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}\chrome.manifest
c:\users\bvemd\AppData\Local\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}\chrome\content\_cfg.js
c:\users\bvemd\AppData\Local\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}\chrome\content\overlay.xul
c:\users\bvemd\AppData\Local\{018937AD-209F-4C9A-AEBB-A9BB4272C49B}\install.rdf
c:\users\bvemd\AppData\Roaming\.#
c:\users\bvemd\AppData\Roaming\.#\MBX@C28@2E1F18.###
c:\users\bvemd\AppData\Roaming\.#\MBX@C28@2E1F28.###
c:\users\bvemd\AppData\Roaming\install
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2021-02-01 09:58 . 2021-02-01 09:58 -------- d-----w- c:\programdata\Protexis
2021-02-01 09:57 . 2011-03-23 05:10 -------- d-----w- c:\program files\Shield
2021-02-01 09:56 . 2010-08-10 05:05 -------- d-----w- c:\program files\Utilities
2011-04-01 16:12 . 2011-04-01 16:12 -------- d-----w- c:\users\mai\AppData\Local\temp
2011-04-01 16:12 . 2011-04-01 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 16:12 . 2011-04-01 16:12 -------- d-----w- c:\users\joshua & mark\AppData\Local\temp
2011-04-01 16:12 . 2011-04-01 16:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-30 21:44 . 2011-04-01 15:46 -------- d-----w- C:\Temp2
2011-03-29 08:42 . 2011-03-29 08:42 -------- d-----w- C:\found.005
2011-03-29 03:00 . 2011-03-29 03:00 -------- d-----w- C:\found.004
2011-03-27 05:38 . 2011-03-27 05:38 446464 ----a-w- c:\temp\TFC.exe
2011-03-24 08:24 . 2011-03-24 08:24 1006778 ----a-w- c:\temp\WiNlOgOn.exe
2011-03-24 08:24 . 2011-03-24 08:24 1006778 ----a-w- c:\temp\uSeRiNiT.exe
2011-03-24 08:23 . 2011-03-24 08:23 1006778 ----a-w- c:\temp\eXplorer.exe
2011-03-24 08:23 . 2011-03-24 08:23 1006778 ----a-w- c:\temp\rkill.com
2011-03-23 05:27 . 2011-03-23 05:27 -------- d-----w- c:\windows\system32\MMF~1
2011-03-23 04:44 . 2011-03-23 04:44 -------- d-----w- c:\users\bvemd\AppData\Roaming\AVG10
2011-03-23 04:40 . 2011-03-23 05:21 -------- d-----w- c:\program files\AVG
2011-03-23 02:29 . 2011-02-23 17:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40B44CC6-3DC6-412D-909B-6A3E974432B6}\mpengine.dll
2011-03-14 20:53 . 2011-03-14 20:53 15729552 ----a-w- c:\temp\mpas-fe.exe
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-11 05:46 . 2011-04-01 16:01 -------- d-----w- c:\programdata\AVG10
2011-03-10 08:53 . 2011-02-20 01:42 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-03-10 08:53 . 2011-02-20 01:42 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-03-10 07:35 . 2011-03-10 07:35 -------- d-----w- C:\found.003
2011-03-10 03:35 . 2011-03-10 03:35 -------- d-----w- C:\found.002
2011-03-10 02:49 . 2011-03-10 02:49 -------- d-----w- C:\found.001
2011-03-10 02:08 . 2011-03-22 00:13 -------- d-----w- c:\programdata\AVAST Software
2011-03-09 10:57 . 2011-03-09 10:57 -------- d-----w- C:\found.000
2011-03-09 08:37 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 08:37 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 08:37 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 08:37 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 08:37 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 08:37 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 07:21 . 2011-03-09 07:21 -------- d-----w- c:\users\bvemd\AppData\Roaming\f-secure
2011-03-09 07:21 . 2011-03-09 07:21 -------- d-----w- c:\programdata\F-Secure
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 20:52 . 2008-09-27 07:01 0 ----a-w- c:\users\bvemd\AppData\Local\WavXMapDrive.bat
2011-02-24 04:08 . 2011-01-05 01:04 0 ----a-w- c:\users\joshua & mark\AppData\Local\WavXMapDrive.bat
2011-02-05 18:34 . 2008-10-17 10:06 0 ----a-w- c:\users\mai\AppData\Local\WavXMapDrive.bat
2011-02-03 04:40 . 2010-11-08 04:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:11 . 2009-10-05 19:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 08:47 . 2011-02-09 06:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 06:45 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2009-11-08 17:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2009-11-08 17:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-27 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-02 196608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-05-30 593920]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-08-25 1486848]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" [2008-04-11 372736]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-02 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-08 65536]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Security\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"nwiz"="nwiz.exe" [2009-06-11 1657376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-5 113664]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-8-18 1186896]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-9-18 50688]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\Video\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-10-22 253952]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-24 1154848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-05-30 14:37 180224 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2008-06-24 12:16 79160 ----a-w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-30 04:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-30 04:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 20:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2008-06-24 12:16 243000 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-18 11:42 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-05-14 22:42 99328 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 133104]
R3 AsfAlrt;AsfAlrt Service;c:\windows\system32\Drivers\AsfAlrt.sys [2007-04-19 42832]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-22 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-22 11088]
R3 Pxhsocadmdsi;Pxhsocadmdsi; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\aestsrv.exe [2008-06-30 73728]
S2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\Common Files\McKesson\MIG\Service\AliUpdate.exe [2010-01-18 79152]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-06-03 386328]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-08-01 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-08-01 21352]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-08-18 453712]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4440064]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-08-25 69632]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2008-07-23 32808]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-07-01 224384]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-07 3662848]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-18 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-06-18 277504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-12 00:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 17:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 09:24]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 09:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: //mail.yahoo.com/
Trusted Zone: emc.org\dxview
Trusted Zone: emc.org\ikevpn
Trusted Zone: hrmprod
Trusted Zone: info.sys\hrmprod
Trusted Zone: yahoo.com\edit.finance
Trusted Zone: yahoo.com\groups
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\my
Trusted Zone: yahoo.com\us.mc385.mail
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: 09D0984B-E76E-4154-9EB4-519E25FEF7E5 - hxxps://dxview.emc.org/HRS/download/\Setup.cab
DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} - hxxp://ikemd:8001/portal/applets/SharedSession.dll
DPF: {1A988C5B-7C51-4A6A-8635-6B83BA1288B2} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://dxview.emc.org/HRS/download/AliUpdate.cab
DPF: {47BC1B99-FC95-41D3-A188-C80EBA373017} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} - hxxp://ikemd:8001/portal/applets/mckntauth.ocx
FF - ProfilePath - c:\users\bvemd\AppData\Roaming\Mozilla\Firefox\Profiles\kggo3p8f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
MSConfigStartUp-avast - c:\program files\Security\avast6\avastUI.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2880)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\STacSV.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-04-01 09:18:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-01 16:18
.
Pre-Run: 87,781,732,352 bytes free
Post-Run: 87,246,798,848 bytes free
.
- - End Of File - - 6B22E5C485555932D49047AB18E1DA4A

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:20 AM

Posted 01 April 2011 - 11:49 PM

How's the computer running after that Combofix run?

Did you try to replace the following files:

c:\temp\WiNlOgOn.exe
c:\temp\uSeRiNiT.exe
c:\temp\eXplorer.exe



1. We need to execute a ComboFix script.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy-paste the text in the code box below into it:

Driver::
Pxhsocadmdsi

4. Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



2. Please run Malwarebytes Anti-Malware. Go to update tab and download all updates and then perform a full scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 mor711

mor711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 02 April 2011 - 03:49 AM

Hello Sempai,

After yesterday's Combofix (before reading your latest reply).
I reinstalled AVG. AVG froze on the intial scan and had to hard boot.
Malwarebytes "MBAM" worked again on Quickscan (NO infected files). Didn't try "Full Scan" as I know it'll freeze.
To answer you question, no I did not replace any of the Rkill Files (Winlogon, uerinit, explorer.exe)

After reading your post:
Removed AVG
Disabled Windows Defender
Turned off malware protection on Windows security center (Virus and Spyware).
Added the CFS Script to Combofix which first made an update and automatically ran.

When it came back to windows, I couldn't open MBAM (pop-up says its marked for deletion, I guess this is a Combofix thing)
I restarted window, MBAM opened and immediately updated it's database.
Tried to do a full scan of C: which again froze the PC (needed hard boot), No MBAM log of this.
FWIW, Noticed it froze on another.dll file (DellUCM.resourses.dll) same where AVG froze today but different from the prior scans. There were NO MBAM prompts on what to do to any file.
Came back to windows and this time tried Quickscan which again worked. The log is Below.


Just so were in sync, I'm no longer installing or removing anything until I hear from you.
thanks/morris :whistle:




Combofix with CBScript
ComboFix 11-04-01.01 - bvemd 04/01/2011 23:27:35.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3571.2453 [GMT -7:00]
Running from: c:\temp2\ComboFix.exe
Command switches used :: c:\temp2\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\zip32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Pxhsocadmdsi
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2021-02-01 09:58 . 2021-02-01 09:58 -------- d-----w- c:\programdata\Protexis
2021-02-01 09:57 . 2011-03-23 05:10 -------- d-----w- c:\program files\Shield
2021-02-01 09:56 . 2010-08-10 05:05 -------- d-----w- c:\program files\Utilities
2011-04-02 06:33 . 2011-04-02 06:33 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-04-02 06:33 . 2011-04-02 06:33 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-04-02 06:33 . 2011-04-02 06:33 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-04-02 06:33 . 2011-04-02 06:33 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-04-02 06:33 . 2011-04-02 06:33 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-04-02 06:31 . 2011-04-02 06:31 -------- d-----w- c:\users\mai\AppData\Local\temp
2011-04-02 06:31 . 2011-04-02 06:31 -------- d-----w- c:\users\joshua & mark\AppData\Local\temp
2011-04-02 06:31 . 2011-04-02 06:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-02 06:31 . 2011-04-02 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 06:31 . 2011-04-02 06:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-01 16:46 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{311C8BCB-8A64-44DA-A512-41565A7A3DFC}\mpengine.dll
2011-03-30 21:44 . 2011-04-02 06:27 -------- d-----w- C:\Temp2
2011-03-29 08:42 . 2011-03-29 08:42 -------- d-----w- C:\found.005
2011-03-29 03:00 . 2011-03-29 03:00 -------- d-----w- C:\found.004
2011-03-27 05:38 . 2011-03-27 05:38 446464 ----a-w- c:\temp\TFC.exe
2011-03-24 08:24 . 2011-03-24 08:24 1006778 ----a-w- c:\temp\WiNlOgOn.exe
2011-03-24 08:24 . 2011-03-24 08:24 1006778 ----a-w- c:\temp\uSeRiNiT.exe
2011-03-24 08:23 . 2011-03-24 08:23 1006778 ----a-w- c:\temp\eXplorer.exe
2011-03-24 08:23 . 2011-03-24 08:23 1006778 ----a-w- c:\temp\rkill.com
2011-03-23 05:27 . 2011-03-23 05:27 -------- d-----w- c:\windows\system32\MMF~1
2011-03-23 04:44 . 2011-03-23 04:44 -------- d-----w- c:\users\bvemd\AppData\Roaming\AVG10
2011-03-23 04:40 . 2011-03-23 05:21 -------- d-----w- c:\program files\AVG
2011-03-14 20:53 . 2011-03-14 20:53 15729552 ----a-w- c:\temp\mpas-fe.exe
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 19:28 . 2011-03-12 19:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-11 05:46 . 2011-04-02 05:57 -------- d-----w- c:\programdata\AVG10
2011-03-10 08:53 . 2011-02-20 01:42 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-03-10 08:53 . 2011-02-20 01:42 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-03-10 07:35 . 2011-03-10 07:35 -------- d-----w- C:\found.003
2011-03-10 03:35 . 2011-03-10 03:35 -------- d-----w- C:\found.002
2011-03-10 02:49 . 2011-03-10 02:49 -------- d-----w- C:\found.001
2011-03-10 02:08 . 2011-03-22 00:13 -------- d-----w- c:\programdata\AVAST Software
2011-03-09 10:57 . 2011-03-09 10:57 -------- d-----w- C:\found.000
2011-03-09 08:37 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 08:37 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 08:37 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 08:37 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 08:37 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 08:37 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 07:21 . 2011-03-09 07:21 -------- d-----w- c:\users\bvemd\AppData\Roaming\f-secure
2011-03-09 07:21 . 2011-03-09 07:21 -------- d-----w- c:\programdata\F-Secure
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 20:52 . 2008-09-27 07:01 0 ----a-w- c:\users\bvemd\AppData\Local\WavXMapDrive.bat
2011-02-24 04:08 . 2011-01-05 01:04 0 ----a-w- c:\users\joshua & mark\AppData\Local\WavXMapDrive.bat
2011-02-05 18:34 . 2008-10-17 10:06 0 ----a-w- c:\users\mai\AppData\Local\WavXMapDrive.bat
2011-02-03 04:40 . 2010-11-08 04:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:11 . 2009-10-05 19:19 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 08:47 . 2011-02-09 06:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 06:45 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2009-11-08 17:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2009-11-08 17:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-27 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-02 196608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-05-30 593920]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-08-25 1486848]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" [2008-04-11 372736]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-02 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-08 65536]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"nwiz"="nwiz.exe" [2009-06-11 1657376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-5 113664]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-8-18 1186896]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-9-18 50688]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\Video\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-10-22 253952]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-3-24 1154848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-05-30 14:37 180224 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2008-06-24 12:16 79160 ----a-w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-30 04:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-21 02:08 963976 ----a-w- c:\program files\Security\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-30 04:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 20:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2008-06-24 12:16 243000 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 16:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-18 11:42 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-05-14 22:42 99328 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 133104]
R3 AsfAlrt;AsfAlrt Service;c:\windows\system32\Drivers\AsfAlrt.sys [2007-04-19 42832]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-22 16456]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-22 11088]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\aestsrv.exe [2008-06-30 73728]
S2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\Common Files\McKesson\MIG\Service\AliUpdate.exe [2010-01-18 79152]
S2 alssvc;Ambient Light Sensor;c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe [2008-06-03 382232]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-06-03 386328]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-08-01 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-08-01 21352]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-08-18 453712]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-05-14 4440064]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-08-25 69632]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [2008-07-23 32808]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-07-01 224384]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-07 3662848]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-18 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-06-18 277504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-12 00:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 17:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-18 09:24]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 09:24]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-23 09:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: //mail.yahoo.com/
Trusted Zone: emc.org\dxview
Trusted Zone: emc.org\ikevpn
Trusted Zone: hrmprod
Trusted Zone: info.sys\hrmprod
Trusted Zone: yahoo.com\edit.finance
Trusted Zone: yahoo.com\groups
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\my
Trusted Zone: yahoo.com\us.mc385.mail
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
DPF: 09D0984B-E76E-4154-9EB4-519E25FEF7E5 - hxxps://dxview.emc.org/HRS/download/\Setup.cab
DPF: {04B6290C-97B8-49A1-B0A3-1312254F7C54} - hxxp://ikemd:8001/portal/applets/SharedSession.dll
DPF: {1A988C5B-7C51-4A6A-8635-6B83BA1288B2} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://dxview.emc.org/HRS/download/AliUpdate.cab
DPF: {47BC1B99-FC95-41D3-A188-C80EBA373017} - hxxps://dxview.emc.org/hrs/download/Setup.cab
DPF: {EB29B81A-7351-4890-8BCE-58127C3545F9} - hxxp://ikemd:8001/portal/applets/mckntauth.ocx
FF - ProfilePath - c:\users\bvemd\AppData\Roaming\Mozilla\Firefox\Profiles\kggo3p8f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-01 23:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5352)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_3cbccf3d\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-04-01 23:37:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-02 06:37
ComboFix2.txt 2011-04-01 16:18
.
Pre-Run: 84,550,336,512 bytes free
Post-Run: 84,336,578,560 bytes free
.
- - End Of File - - 656B2302E488371174E844E448E2257A




Malwarebytes Quickscan
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6243

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/2/2011 1:03:32 AM
mbam-log-2011-04-02 (01-03-32).txt

Scan type: Quick scan
Objects scanned: 201722
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:20 AM

Posted 02 April 2011 - 06:11 AM

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 mor711

mor711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 03 April 2011 - 12:23 AM

Hi Sempai.

Tried E-Set online scanner 3x, and froze the PC each time....had to hard boot 3x.

Always froze just after the 4 minute mark, on the same file:
C: Program files\common files\Roxio Shared\9\Roxio Central\Roxio Central33\BDAV\SonicText\ITA.txt


Did disable Windows defender....thanks/morris.

#12 mor711

mor711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 03 April 2011 - 02:22 AM

The same file froze the PC when I tried to open it on windows explorer.
I deleted it (thinking its just "Italian" conversion or help file)by using DOS-CMD..
Tried E-SET again which again froze but on a different file (dell.sharedUI.resources.dll) on the same Stage 3 (16%).
When I hard booted, Checkdisk run by itself....Tried E-Set again...this time went little longer 21% (vs 16%), same stage 3,
on a different file (Adobe dll).

could this be a bunch of corrupted files? any thoughts? regards/morris

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:20 AM

Posted 03 April 2011 - 04:59 AM

I can't really tell right now if there's a corrupted file.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download Kaspersky Virus Removal Tool.
  • Save it to your desktop.  
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 mor711

mor711
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 03 April 2011 - 11:16 PM

Ran Kapersky in Safe Mode 4x.
1st attempt, scanned 7%: Found a HEUR:Trogan-Downloader.Script.generic (documents & setting...\app data\home(1).htm)..prompted me 3x to delete it...not sure if it did, since the program froze about after about 2 mins from prompt..cant find the folder file on Windows explorer.

2nd to 4th attempts..scanned only 1% and froze...no prompts..tried this on both Safe Mode and Windows....(Scans took really long time, 2-4 hrs each).

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:08:20 AM

Posted 04 April 2011 - 08:23 AM

Try this please:

Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
  • Click on I Agree.
  • If an Active X warning box will appear Click on Install.
    Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
    "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
    Click on that and select: Install Active x.
  • Now Click On Start Scan. Please wait as it might take some time.
  • If it found anything when it finished click Click here to export the scan report
  • Give the report a name and save it. The file will be a .HTML file.
  • Please attach the file to your reply.
  • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
  • Highlight the file and click Open then press the green UPLOAD button.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users