Zephyrus

Members
  • Content count

    22
  • Joined

  • Last visited

About Zephyrus

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Ok, thank you so much for helping me clean out my laptop and desktop.
  2. Resetting winsock had no effect. In fact, after the reboot, I was unable to log into my account and the error stated "Windows System Notification Service failed to login. Interface is unknown". Anyways, do you think that the virus is wiped from my system or do we need to do more scans?
  3. There's a icon in the bottom right tray that states "Windows could not connect to the System Event Notification Service" when I log in. However, sometimes this error prevents me from logging in altogether as it claims that my operating system is not being recognized.
  4. Everything is running smoothly except for the system notification service I mentioned before; it has prevented me from logging on a few times by claiming that the OS is unrecognized.
  5. Everything seems to be functioning normally. Am I in the clear now or do I need to perform more scans?
  6. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=c9dc3e47ed05cf408afe86f6999caec9 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-08-09 05:08:29 # local_time=2010-08-09 01:08:29 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 277929 277929 0 0 # compatibility_mode=1024 16777191 100 0 273350 273350 0 0 # compatibility_mode=6401 16777214 66 100 0 1881550 0 0 # compatibility_mode=6912 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=133236 # found=0 # cleaned=0 # scan_time=5785
  7. Here you go: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, August 9, 2010 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, August 08, 2010 20:42:20 Records in database: 4133163 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 102660 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:26:58 No threats found. Scanned area is clean. Selected area has been scanned.
  8. Is there a post or time requirement before users are allowed to edit their own posts 'cause I don't see an edit option near the 'quote' or 'reply' buttons. Also, CureIt produced a 12MB file even though I limited the logfile size to 2MB as you requested in your instructions. So, here are the stats and I've also attached the a small portion of the original file ('cause firefox keep freezing whenever I tried copying the contents to the reply box unless you prefer I make multiple posts?) if you need to look at anything else (let me know if you need to see the rest of the entire logfile). CureIt stats: Scan statistics ----------------------------------------------------------------------------- Scanned: 24593 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1056 Kb/s Scan time: 0:54:55 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Scanned: 24593 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1036 Kb/s Scan time: 0:55:58 ============================================================================= Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:21:02 PM, on 8/8/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\WLTRAY.EXE C:\Windows\sttray.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Q\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6039 bytes
  9. The scan only detected some files in the Spybot backup that it claimed were malicious. When I tried to delete them, my PC crashed. Also, I'm getting a system notification service error that prevents me from logging on sometimes as it states that my system interface is unrecognized? I'm gonna try running the scan again as it crashed before it could save a logfile then I'll post the 2 required logs.
  10. ESET online scanner didn't find anything and the log was really short (not sure if this is normal?). ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
  11. Ok, I just started Cryptographic Service. What should I do now?
  12. Yeah, I uninstalled Ad-aware. I'm rather hesitant about uninstalling Windows Defender 'cause I read that removal can cause system errors as it is part of the Vista OS.
  13. I had a bit of trouble shutting down all of AVG's functions as I turned off all its processes in task manager yet Combofix claims that on access scanning was still enabled (not sure how to shut that down). Anyways, here's the log: ComboFix 10-08-05.01 - Hongchu 08/05/2010 15:43:43.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1311 [GMT -4:00] Running from: c:\documents and settings\Hongchu\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 05:15 . 2010-08-05 05:15 388096 ----a-r- c:\documents and settings\Hongchu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\program files\Trend Micro 2010-08-05 05:09 . 2010-08-05 05:09 -------- d-----w- c:\program files\Sun 2010-08-05 05:08 . 2010-08-05 05:07 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-05 05:05 . 2010-08-05 05:07 -------- d-----w- c:\program files\Java 2010-08-04 23:41 . 2010-08-04 23:41 -------- dc----w- C:\$AVG 2010-08-04 23:40 . 2010-08-04 23:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-04 23:40 . 2010-08-04 23:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-04 23:40 . 2010-08-04 23:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-04 23:40 . 2010-08-04 23:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-08-04 23:40 . 2010-08-05 17:50 -------- d-----w- c:\windows\system32\drivers\Avg 2010-08-04 23:35 . 2010-08-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-08-04 22:19 . 2010-08-04 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-08-03 22:12 . 2010-08-03 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2010-08-03 22:09 . 2010-08-03 22:33 -------- d-----w- c:\program files\SpywareBlaster 2010-08-03 21:49 . 2004-12-23 23:14 51 ----a-w- c:\documents and settings\Hongchu\Application Data\WinPatrol\Autoexec.bat 2010-08-03 21:49 . 2002-09-03 19:36 0 ----a-w- c:\documents and settings\Hongchu\Application Data\WinPatrol\Config.sys 2010-08-03 21:49 . 2010-08-03 21:49 -------- d-----w- c:\documents and settings\Hongchu\Application Data\WinPatrol 2010-08-03 21:49 . 2010-08-03 21:49 -------- d-----w- c:\program files\BillP Studios 2010-08-03 21:17 . 2010-08-03 21:17 -------- d-----w- c:\program files\CCleaner 2010-08-03 21:05 . 2010-08-03 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure 2010-08-03 19:27 . 2010-08-03 19:27 -------- d-----w- c:\documents and settings\Zhechao\Application Data\Malwarebytes 2010-08-03 03:07 . 2010-08-04 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2010-08-03 03:07 . 2010-08-03 03:07 -------- d-----w- c:\documents and settings\Hongchu\Application Data\OnlineArmor 2010-08-03 03:06 . 2010-07-07 16:25 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-08-03 03:06 . 2010-07-07 16:25 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-08-03 03:06 . 2010-07-07 16:25 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-08-03 03:06 . 2010-08-03 03:06 -------- d-----w- c:\program files\Emsisoft 2010-08-03 02:58 . 2010-08-03 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-08-03 01:25 . 2010-08-04 14:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-08-03 01:25 . 2010-08-03 01:25 133440 ----a-w- c:\windows\system32\LnkProtect.dll 2010-08-03 01:25 . 2010-08-03 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-08-03 01:24 . 2010-08-03 01:24 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-08-02 22:43 . 2010-08-02 22:43 -------- d-----w- c:\documents and settings\Hongchu\Application Data\Malwarebytes 2010-08-02 22:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-02 22:42 . 2010-08-02 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-02 22:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-02 22:42 . 2010-08-02 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 14:05 . 2010-03-29 12:53 68000 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper.dll 2010-07-19 14:05 . 2010-03-29 12:53 350704 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe 2010-07-19 14:05 . 2010-03-29 12:53 32576 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2010-07-19 14:05 . 2010-03-29 12:53 29984 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 07:19 . 2009-10-23 01:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-08-05 07:19 . 2005-03-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-05 05:10 . 2004-01-24 03:36 -------- d-----w- c:\program files\Common Files\Java 2010-08-04 23:36 . 2008-07-04 22:06 -------- d-----w- c:\program files\AVG 2010-08-04 22:19 . 2006-11-19 23:06 -------- d-----w- c:\program files\Alwil Software 2010-08-04 21:57 . 2004-01-24 04:05 -------- d-----w- c:\program files\McAfee.com 2010-08-04 21:56 . 2004-01-24 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2010-08-04 21:52 . 2004-02-14 11:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-03 21:21 . 2006-01-20 21:58 -------- d-----w- c:\documents and settings\Hongchu\Application Data\Media Player Classic 2010-06-14 00:24 . 2008-08-19 12:40 -------- d-----w- c:\documents and settings\Hongchu\Application Data\U3 2008-08-02 15:34 . 2008-08-02 15:34 6820560 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe 2008-07-31 01:34 . 2008-07-31 01:34 54457912 ----a-w- c:\program files\avg_iswt_stf_en_8_156a1345.exe 2007-02-18 18:22 . 2006-12-21 11:26 541633984 ----a-w- c:\program files\AOEsetup.exe 2006-12-21 14:20 . 2006-12-21 07:21 36098944 ----a-w- c:\program files\avg75f_433a879.exe 2006-12-19 01:38 . 2006-12-19 01:38 10695680 -c--a-w- c:\program files\python-2.5.msi 2006-12-18 03:57 . 2006-12-18 03:56 10926906 ----a-w- c:\program files\gaim-2.0.0beta5.exe 2006-10-10 23:51 . 2006-10-10 23:51 4517296 ----a-w- c:\program files\MathType52Setup.exe 2006-10-10 22:40 . 2006-10-10 22:40 329667 -c--a-w- c:\program files\Graphmatica.zip 2006-07-14 00:10 . 2006-07-14 00:09 78562818 ----a-w- c:\program files\MTB1420_30DAY.exe 2006-01-20 21:16 . 2006-01-20 21:16 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe . ------- Sigcheck ------- Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot@2010-08-04_20.09.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2009-07-12 00:54 . 2009-07-12 00:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll + 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll + 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll + 2010-08-04 14:18 . 2010-08-05 00:19 1934 c:\windows\SoftwareDistribution\EventCache\{432D5BD1-23FC-4169-BE19-103F09080530}.bin + 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2009-07-12 05:12 . 2009-07-12 05:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-12 05:09 . 2009-07-12 05:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-12 05:08 . 2009-07-12 05:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll + 2010-08-05 05:08 . 2010-08-05 05:07 153376 c:\windows\SYSTEM32\javaws.exe + 2010-08-05 05:08 . 2010-08-05 05:07 145184 c:\windows\SYSTEM32\javaw.exe + 2010-08-05 05:08 . 2010-08-05 05:07 145184 c:\windows\SYSTEM32\java.exe + 2010-08-05 05:09 . 2010-08-05 05:09 386048 c:\windows\Installer\d84ad.msi + 2010-08-05 05:07 . 2010-08-05 05:07 676352 c:\windows\Installer\d84a8.msi + 2010-08-05 05:05 . 2010-08-05 05:05 533504 c:\windows\Installer\d84a4.msi + 2010-08-04 22:21 . 2010-08-04 22:21 219648 c:\windows\Installer\911ea.msi + 2010-08-04 23:35 . 2010-08-04 23:35 424448 c:\windows\Installer\254308.msi + 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll + 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll + 2010-08-05 05:15 . 2010-08-05 05:15 1094656 c:\windows\Installer\d84b5.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "reg_nuvision_ax"="NUVision.ax" [X] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-04 2065760] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-08-04 23:40 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2005-03-17 18:45 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Unigraphics License Server (uglmd)"=2 (0x2) "MSC.Licensing 9.2"=2 (0x2) "AvSynMgr"=2 (0x2) "ALG"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CommonFiles\\Solving\\intel\\ANSYS.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CE\\intel\\CEExeServerU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\CommonFiles\\TCL\\bin\\intel\\wish.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\att-nap\\McciBrowser.exe"= "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [8/4/2010 7:40 PM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [8/4/2010 7:40 PM 243024] R1 OADevice;OADriver;c:\windows\SYSTEM32\DRIVERS\OADriver.sys [8/2/2010 11:06 PM 236104] R1 OAmon;OAmon;c:\windows\SYSTEM32\DRIVERS\OAmon.sys [8/2/2010 11:06 PM 22600] R1 OAnet;OAnet;c:\windows\SYSTEM32\DRIVERS\OAnet.sys [8/2/2010 11:06 PM 28232] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [8/6/2005 3:12 PM 659456] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/4/2010 7:38 PM 308136] R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [8/2/2010 11:06 PM 1283400] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [8/26/2007 8:39 PM 39048] S3 NUVision;NUVision II Video Service;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [1/2/2005 1:21 PM 153760] S3 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [8/2/2010 11:06 PM 3364680] S4 MSC.Licensing 9.2;MSC.Licensing 9.2;c:\msc.software\MSC.Licensing\9.2\lmgrd.exe --> c:\msc.software\MSC.Licensing\9.2\lmgrd.exe [?] S4 Ras182c;Ras182c; [x] S4 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe --> c:\program files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe [?] . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2004-01-30 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56] 2010-08-05 c:\windows\Tasks\User_Feed_Synchronization-{DFBED0C1-D760-4B38-9722-A0B96D128FDC}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 17:58] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch FF - ProfilePath - c:\documents and settings\Hongchu\Application Data\Mozilla\Firefox\Profiles\c6ic764u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 15:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2335361412-830609641-1874313668-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2010-08-05 15:55:03 ComboFix-quarantined-files.txt 2010-08-05 19:55 ComboFix2.txt 2010-08-04 22:47 ComboFix3.txt 2010-08-04 20:12 Pre-Run: 12,674,330,624 bytes free Post-Run: 12,670,803,968 bytes free - - End Of File - - F7479897D73B41350F7D3F4080DFBE0E
  14. So what scans would you like me to run now?
  15. So, I ended up installing AVG free as avast free was not functioning properly after I installed it. I was only able to uninstall Adobe Reader; does that mean that the security updates are also automatically uninstalled? Viewpoint Media Player was the only Viewpoint program in the Add/Remove program list. Here are the MBAM and DDS logs you requested: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4382 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 8/4/2010 9:42:53 PM mbam-log-2010-08-04 (21-42-53).txt Scan type: Quick scan Objects scanned: 180116 Time elapsed: 11 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Hongchu at 19:45:11.67 on Wed 08/04/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1417 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Emsisoft\Online Armor\OAcat.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgscanx.exe C:\Documents and Settings\Hongchu\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [reg_nuvision_ax] c:\windows\system32\Regsvr32 /s NUVision.ax mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [setDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\OAui.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123220491828 DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hongchu\applic~1\mozilla\firefox\profiles\c6ic764u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLL FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLL ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-4 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-4 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-4 243024] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-8-2 236104] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-8-2 22600] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-8-2 28232] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe [2005-8-6 659456] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-4 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-8-2 1283400] RUnknown aswFsBlk;aswFsBlk; [x] RUnknown aswSP;aswSP; [x] S2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-8-2 3364680] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-8-26 39048] S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2005-1-2 153760] S4 MSC.Licensing 9.2;MSC.Licensing 9.2;c:\msc.software\msc.licensing\9.2\lmgrd.exe --> c:\msc.software\msc.licensing\9.2\lmgrd.exe [?] S4 Ras182c;Ras182c; [x] S4 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe --> c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe [?] =============== Created Last 30 ================ 2010-08-04 23:41:15 0 dc-h--w- C:\$AVG 2010-08-04 23:40:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-04 23:40:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-04 23:40:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-04 23:40:28 0 d-----w- c:\windows\system32\drivers\Avg 2010-08-04 23:35:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-08-04 22:34:07 0 dc----w- C:\ComboFix 2010-08-04 22:19:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-08-04 19:50:27 0 dcsha-r- C:\cmdcons 2010-08-04 19:34:15 98816 ----a-w- c:\windows\sed.exe 2010-08-04 19:34:15 77312 ----a-w- c:\windows\MBR.exe 2010-08-04 19:34:15 256512 ----a-w- c:\windows\PEV.exe 2010-08-04 19:34:15 161792 ----a-w- c:\windows\SWREG.exe 2010-08-03 22:09:12 0 d-----w- c:\program files\SpywareBlaster 2010-08-03 21:49:16 0 d-----w- c:\docume~1\hongchu\applic~1\WinPatrol 2010-08-03 21:49:08 0 d-----w- c:\program files\BillP Studios 2010-08-03 21:17:38 0 d-----w- c:\program files\CCleaner 2010-08-03 21:05:22 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-08-03 03:07:39 0 d-----w- c:\docume~1\hongchu\applic~1\OnlineArmor 2010-08-03 03:07:39 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor 2010-08-03 03:06:53 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-08-03 03:06:53 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-08-03 03:06:53 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-08-03 03:06:47 0 d-----w- c:\program files\Emsisoft 2010-08-03 02:58:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-08-03 01:25:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-08-03 01:25:08 133440 ----a-w- c:\windows\system32\LnkProtect.dll 2010-08-03 01:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-08-03 01:24:59 0 d-----w- c:\program files\Hitman Pro 3.5 2010-08-02 22:43:00 0 d-----w- c:\docume~1\hongchu\applic~1\Malwarebytes 2010-08-02 22:42:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-02 22:42:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-02 22:42:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-02 22:42:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 14:02:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Mozilla Firefox ==================== Find3M ==================== 2008-08-02 15:34:27 6820560 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe 2008-07-31 01:34:45 54457912 ----a-w- c:\program files\avg_iswt_stf_en_8_156a1345.exe 2007-02-18 18:22:23 541633984 ----a-w- c:\program files\AOEsetup.exe 2006-12-21 14:20:30 36098944 ----a-w- c:\program files\avg75f_433a879.exe 2006-12-19 01:38:47 10695680 -c--a-w- c:\program files\python-2.5.msi 2006-12-18 03:57:02 10926906 ----a-w- c:\program files\gaim-2.0.0beta5.exe 2006-10-10 23:51:41 4517296 ----a-w- c:\program files\MathType52Setup.exe 2006-10-10 22:40:38 329667 -c--a-w- c:\program files\Graphmatica.zip 2006-07-14 00:10:06 78562818 ----a-w- c:\program files\MTB1420_30DAY.exe 2006-01-20 21:16:34 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe ============= FINISH: 19:46:30.34 ===============