Zephyrus

Ok, thank you so much for helping me clean out my laptop and desktop.

Resetting winsock had no effect. In fact, after the reboot, I was unable to log into my account and the error stated "Windows System Notification Service failed to login. Interface is unknown". Anyways, do you think that the virus is wiped from my system or do we need to do more scans?

There's a icon in the bottom right tray that states "Windows could not connect to the System Event Notification Service" when I log in. However, sometimes this error prevents me from logging in altogether as it claims that my operating system is not being recognized.

Everything is running smoothly except for the system notification service I mentioned before; it has prevented me from logging on a few times by claiming that the OS is unrecognized.

Everything seems to be functioning normally. Am I in the clear now or do I need to perform more scans?

ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=c9dc3e47ed05cf408afe86f6999caec9 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-08-09 05:08:29 # local_time=2010-08-09 01:08:29 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=768 16777215 100 0 277929 277929 0 0 # compatibility_mode=1024 16777191 100 0 273350 273350 0 0 # compatibility_mode=6401 16777214 66 100 0 1881550 0 0 # compatibility_mode=6912 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=133236 # found=0 # cleaned=0 # scan_time=5785

Here you go: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, August 9, 2010 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, August 08, 2010 20:42:20 Records in database: 4133163 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 102660 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 01:26:58 No threats found. Scanned area is clean. Selected area has been scanned.

Is there a post or time requirement before users are allowed to edit their own posts 'cause I don't see an edit option near the 'quote' or 'reply' buttons. Also, CureIt produced a 12MB file even though I limited the logfile size to 2MB as you requested in your instructions. So, here are the stats and I've also attached the a small portion of the original file ('cause firefox keep freezing whenever I tried copying the contents to the reply box unless you prefer I make multiple posts?) if you need to look at anything else (let me know if you need to see the rest of the entire logfile). CureIt stats: Scan statistics ----------------------------------------------------------------------------- Scanned: 24593 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1056 Kb/s Scan time: 0:54:55 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Scanned: 24593 Infected: 0 Modifications: 0 Suspicious: 0 Adware: 0 Dialers: 0 Jokes: 0 Riskware: 0 Hacktools: 0 Cured: 0 Deleted: 0 Renamed: 0 Moved: 0 Ignored: 0 Scan speed: 1036 Kb/s Scan time: 0:55:58 ============================================================================= Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:21:02 PM, on 8/8/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\WLTRAY.EXE C:\Windows\sttray.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\ctfmon.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Q\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6039 bytes

The scan only detected some files in the Spybot backup that it claimed were malicious. When I tried to delete them, my PC crashed. Also, I'm getting a system notification service error that prevents me from logging on sometimes as it states that my system interface is unrecognized? I'm gonna try running the scan again as it crashed before it could save a logfile then I'll post the 2 required logs.

ESET online scanner didn't find anything and the log was really short (not sure if this is normal?). ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK

Ok, I just started Cryptographic Service. What should I do now?

Yeah, I uninstalled Ad-aware. I'm rather hesitant about uninstalling Windows Defender 'cause I read that removal can cause system errors as it is part of the Vista OS.

I had a bit of trouble shutting down all of AVG's functions as I turned off all its processes in task manager yet Combofix claims that on access scanning was still enabled (not sure how to shut that down). Anyways, here's the log: ComboFix 10-08-05.01 - Hongchu 08/05/2010 15:43:43.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1311 [GMT -4:00] Running from: c:\documents and settings\Hongchu\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((( Files Created from 2010-07-05 to 2010-08-05 ))))))))))))))))))))))))))))))) . 2010-08-05 05:15 . 2010-08-05 05:15 388096 ----a-r- c:\documents and settings\Hongchu\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-05 05:15 . 2010-08-05 05:15 -------- d-----w- c:\program files\Trend Micro 2010-08-05 05:09 . 2010-08-05 05:09 -------- d-----w- c:\program files\Sun 2010-08-05 05:08 . 2010-08-05 05:07 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-05 05:05 . 2010-08-05 05:07 -------- d-----w- c:\program files\Java 2010-08-04 23:41 . 2010-08-04 23:41 -------- dc----w- C:\$AVG 2010-08-04 23:40 . 2010-08-04 23:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-04 23:40 . 2010-08-04 23:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-04 23:40 . 2010-08-04 23:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-04 23:40 . 2010-08-04 23:40 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-08-04 23:40 . 2010-08-05 17:50 -------- d-----w- c:\windows\system32\drivers\Avg 2010-08-04 23:35 . 2010-08-04 23:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-08-04 22:19 . 2010-08-04 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software 2010-08-03 22:12 . 2010-08-03 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2010-08-03 22:09 . 2010-08-03 22:33 -------- d-----w- c:\program files\SpywareBlaster 2010-08-03 21:49 . 2004-12-23 23:14 51 ----a-w- c:\documents and settings\Hongchu\Application Data\WinPatrol\Autoexec.bat 2010-08-03 21:49 . 2002-09-03 19:36 0 ----a-w- c:\documents and settings\Hongchu\Application Data\WinPatrol\Config.sys 2010-08-03 21:49 . 2010-08-03 21:49 -------- d-----w- c:\documents and settings\Hongchu\Application Data\WinPatrol 2010-08-03 21:49 . 2010-08-03 21:49 -------- d-----w- c:\program files\BillP Studios 2010-08-03 21:17 . 2010-08-03 21:17 -------- d-----w- c:\program files\CCleaner 2010-08-03 21:05 . 2010-08-03 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure 2010-08-03 19:27 . 2010-08-03 19:27 -------- d-----w- c:\documents and settings\Zhechao\Application Data\Malwarebytes 2010-08-03 03:07 . 2010-08-04 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2010-08-03 03:07 . 2010-08-03 03:07 -------- d-----w- c:\documents and settings\Hongchu\Application Data\OnlineArmor 2010-08-03 03:06 . 2010-07-07 16:25 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-08-03 03:06 . 2010-07-07 16:25 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-08-03 03:06 . 2010-07-07 16:25 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-08-03 03:06 . 2010-08-03 03:06 -------- d-----w- c:\program files\Emsisoft 2010-08-03 02:58 . 2010-08-03 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-08-03 01:25 . 2010-08-04 14:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-08-03 01:25 . 2010-08-03 01:25 133440 ----a-w- c:\windows\system32\LnkProtect.dll 2010-08-03 01:25 . 2010-08-03 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2010-08-03 01:24 . 2010-08-03 01:24 -------- d-----w- c:\program files\Hitman Pro 3.5 2010-08-02 22:43 . 2010-08-02 22:43 -------- d-----w- c:\documents and settings\Hongchu\Application Data\Malwarebytes 2010-08-02 22:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-02 22:42 . 2010-08-02 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-02 22:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-02 22:42 . 2010-08-02 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 14:05 . 2010-03-29 12:53 68000 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_Helper.dll 2010-07-19 14:05 . 2010-03-29 12:53 350704 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe.exe 2010-07-19 14:05 . 2010-03-29 12:53 32576 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll 2010-07-19 14:05 . 2010-03-29 12:53 29984 ----a-w- c:\documents and settings\Zhechao\Application Data\Mozilla\Firefox\Profiles\v73vet4k.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-05 07:19 . 2009-10-23 01:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-08-05 07:19 . 2005-03-17 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-05 05:10 . 2004-01-24 03:36 -------- d-----w- c:\program files\Common Files\Java 2010-08-04 23:36 . 2008-07-04 22:06 -------- d-----w- c:\program files\AVG 2010-08-04 22:19 . 2006-11-19 23:06 -------- d-----w- c:\program files\Alwil Software 2010-08-04 21:57 . 2004-01-24 04:05 -------- d-----w- c:\program files\McAfee.com 2010-08-04 21:56 . 2004-01-24 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2010-08-04 21:52 . 2004-02-14 11:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-03 21:21 . 2006-01-20 21:58 -------- d-----w- c:\documents and settings\Hongchu\Application Data\Media Player Classic 2010-06-14 00:24 . 2008-08-19 12:40 -------- d-----w- c:\documents and settings\Hongchu\Application Data\U3 2008-08-02 15:34 . 2008-08-02 15:34 6820560 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe 2008-07-31 01:34 . 2008-07-31 01:34 54457912 ----a-w- c:\program files\avg_iswt_stf_en_8_156a1345.exe 2007-02-18 18:22 . 2006-12-21 11:26 541633984 ----a-w- c:\program files\AOEsetup.exe 2006-12-21 14:20 . 2006-12-21 07:21 36098944 ----a-w- c:\program files\avg75f_433a879.exe 2006-12-19 01:38 . 2006-12-19 01:38 10695680 -c--a-w- c:\program files\python-2.5.msi 2006-12-18 03:57 . 2006-12-18 03:56 10926906 ----a-w- c:\program files\gaim-2.0.0beta5.exe 2006-10-10 23:51 . 2006-10-10 23:51 4517296 ----a-w- c:\program files\MathType52Setup.exe 2006-10-10 22:40 . 2006-10-10 22:40 329667 -c--a-w- c:\program files\Graphmatica.zip 2006-07-14 00:10 . 2006-07-14 00:09 78562818 ----a-w- c:\program files\MTB1420_30DAY.exe 2006-01-20 21:16 . 2006-01-20 21:16 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe . ------- Sigcheck ------- Cryptography Services Error !! . ((((((((((((((((((((((((((((( SnapShot@2010-08-04_20.09.10 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll + 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll + 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll + 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll + 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll + 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll + 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll + 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll + 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll + 2009-07-12 00:54 . 2009-07-12 00:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-12 00:32 . 2009-07-12 00:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-12 00:32 . 2009-07-12 00:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-12 00:32 . 2009-07-12 00:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-12 00:32 . 2009-07-12 00:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-12 00:32 . 2009-07-12 00:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-12 00:32 . 2009-07-12 00:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2009-07-12 05:07 . 2009-07-12 05:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll + 2009-07-12 05:19 . 2009-07-12 05:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll + 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll + 2010-08-04 14:18 . 2010-08-05 00:19 1934 c:\windows\SoftwareDistribution\EventCache\{432D5BD1-23FC-4169-BE19-103F09080530}.bin + 2009-07-12 04:02 . 2009-07-12 04:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 04:05 . 2009-07-12 04:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2009-07-12 05:12 . 2009-07-12 05:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-12 05:09 . 2009-07-12 05:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-12 05:08 . 2009-07-12 05:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll + 2010-08-05 05:08 . 2010-08-05 05:07 153376 c:\windows\SYSTEM32\javaws.exe + 2010-08-05 05:08 . 2010-08-05 05:07 145184 c:\windows\SYSTEM32\javaw.exe + 2010-08-05 05:08 . 2010-08-05 05:07 145184 c:\windows\SYSTEM32\java.exe + 2010-08-05 05:09 . 2010-08-05 05:09 386048 c:\windows\Installer\d84ad.msi + 2010-08-05 05:07 . 2010-08-05 05:07 676352 c:\windows\Installer\d84a8.msi + 2010-08-05 05:05 . 2010-08-05 05:05 533504 c:\windows\Installer\d84a4.msi + 2010-08-04 22:21 . 2010-08-04 22:21 219648 c:\windows\Installer\911ea.msi + 2010-08-04 23:35 . 2010-08-04 23:35 424448 c:\windows\Installer\254308.msi + 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll + 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll + 2009-07-12 00:46 . 2009-07-12 00:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll + 2009-07-12 00:46 . 2009-07-12 00:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll + 2010-08-05 05:15 . 2010-08-05 05:15 1094656 c:\windows\Installer\d84b5.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "reg_nuvision_ax"="NUVision.ax" [X] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-04 2065760] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-08-04 23:40 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2005-03-17 18:45 40960 -c--a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Unigraphics License Server (uglmd)"=2 (0x2) "MSC.Licensing 9.2"=2 (0x2) "AvSynMgr"=2 (0x2) "ALG"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CommonFiles\\intel\\AnsysWBU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CommonFiles\\Solving\\intel\\ANSYS.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CAD Integration\\intel\\ActivePIMgrU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CAD Integration\\intel\\ReaderHostU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\AISOL\\CE\\intel\\CEExeServerU.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\CommonFiles\\TCL\\bin\\intel\\tclsh.exe"= "c:\\Program Files\\ANSYS Inc\\v90\\CommonFiles\\TCL\\bin\\intel\\wish.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\att-nap\\McciBrowser.exe"= "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [8/4/2010 7:40 PM 216400] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [8/4/2010 7:40 PM 243024] R1 OADevice;OADriver;c:\windows\SYSTEM32\DRIVERS\OADriver.sys [8/2/2010 11:06 PM 236104] R1 OAmon;OAmon;c:\windows\SYSTEM32\DRIVERS\OAmon.sys [8/2/2010 11:06 PM 22600] R1 OAnet;OAnet;c:\windows\SYSTEM32\DRIVERS\OAnet.sys [8/2/2010 11:06 PM 28232] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [8/6/2005 3:12 PM 659456] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/4/2010 7:38 PM 308136] R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [8/2/2010 11:06 PM 1283400] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1181328] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [8/26/2007 8:39 PM 39048] S3 NUVision;NUVision II Video Service;c:\windows\SYSTEM32\DRIVERS\nuvvid2.sys [1/2/2005 1:21 PM 153760] S3 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [8/2/2010 11:06 PM 3364680] S4 MSC.Licensing 9.2;MSC.Licensing 9.2;c:\msc.software\MSC.Licensing\9.2\lmgrd.exe --> c:\msc.software\MSC.Licensing\9.2\lmgrd.exe [?] S4 Ras182c;Ras182c; [x] S4 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe --> c:\program files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe [?] . Contents of the 'Scheduled Tasks' folder 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2010-08-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:04] 2004-01-30 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56] 2010-08-05 c:\windows\Tasks\User_Feed_Synchronization-{DFBED0C1-D760-4B38-9722-A0B96D128FDC}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 17:58] . . ------- Supplementary Scan ------- . uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch FF - ProfilePath - c:\documents and settings\Hongchu\Application Data\Mozilla\Firefox\Profiles\c6ic764u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-05 15:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2335361412-830609641-1874313668-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2010-08-05 15:55:03 ComboFix-quarantined-files.txt 2010-08-05 19:55 ComboFix2.txt 2010-08-04 22:47 ComboFix3.txt 2010-08-04 20:12 Pre-Run: 12,674,330,624 bytes free Post-Run: 12,670,803,968 bytes free - - End Of File - - F7479897D73B41350F7D3F4080DFBE0E

So what scans would you like me to run now?

So, I ended up installing AVG free as avast free was not functioning properly after I installed it. I was only able to uninstall Adobe Reader; does that mean that the security updates are also automatically uninstalled? Viewpoint Media Player was the only Viewpoint program in the Add/Remove program list. Here are the MBAM and DDS logs you requested: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4382 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 8/4/2010 9:42:53 PM mbam-log-2010-08-04 (21-42-53).txt Scan type: Quick scan Objects scanned: 180116 Time elapsed: 11 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Hongchu at 19:45:11.67 on Wed 08/04/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1417 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Emsisoft\Online Armor\OAcat.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgscanx.exe C:\Documents and Settings\Hongchu\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [reg_nuvision_ax] c:\windows\system32\Regsvr32 /s NUVision.ax mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [setDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [@OnlineArmor GUI] "c:\program files\emsisoft\online armor\OAui.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123220491828 DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxsrvc.dll SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\emsisoft\online~1\oaevent.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hongchu\applic~1\mozilla\firefox\profiles\c6ic764u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLL FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLL ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-4 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-4 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-4 243024] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-8-2 236104] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-8-2 22600] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-8-2 28232] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe [2005-8-6 659456] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-4 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-8-2 1283400] RUnknown aswFsBlk;aswFsBlk; [x] RUnknown aswSP;aswSP; [x] S2 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-8-2 3364680] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-8-26 39048] S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2005-1-2 153760] S4 MSC.Licensing 9.2;MSC.Licensing 9.2;c:\msc.software\msc.licensing\9.2\lmgrd.exe --> c:\msc.software\msc.licensing\9.2\lmgrd.exe [?] S4 Ras182c;Ras182c; [x] S4 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe --> c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe [?] =============== Created Last 30 ================ 2010-08-04 23:41:15 0 dc-h--w- C:\$AVG 2010-08-04 23:40:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-08-04 23:40:50 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-08-04 23:40:41 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-08-04 23:40:28 0 d-----w- c:\windows\system32\drivers\Avg 2010-08-04 23:35:45 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-08-04 22:34:07 0 dc----w- C:\ComboFix 2010-08-04 22:19:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-08-04 19:50:27 0 dcsha-r- C:\cmdcons 2010-08-04 19:34:15 98816 ----a-w- c:\windows\sed.exe 2010-08-04 19:34:15 77312 ----a-w- c:\windows\MBR.exe 2010-08-04 19:34:15 256512 ----a-w- c:\windows\PEV.exe 2010-08-04 19:34:15 161792 ----a-w- c:\windows\SWREG.exe 2010-08-03 22:09:12 0 d-----w- c:\program files\SpywareBlaster 2010-08-03 21:49:16 0 d-----w- c:\docume~1\hongchu\applic~1\WinPatrol 2010-08-03 21:49:08 0 d-----w- c:\program files\BillP Studios 2010-08-03 21:17:38 0 d-----w- c:\program files\CCleaner 2010-08-03 21:05:22 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-08-03 03:07:39 0 d-----w- c:\docume~1\hongchu\applic~1\OnlineArmor 2010-08-03 03:07:39 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor 2010-08-03 03:06:53 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-08-03 03:06:53 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-08-03 03:06:53 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-08-03 03:06:47 0 d-----w- c:\program files\Emsisoft 2010-08-03 02:58:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-08-03 01:25:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-08-03 01:25:08 133440 ----a-w- c:\windows\system32\LnkProtect.dll 2010-08-03 01:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-08-03 01:24:59 0 d-----w- c:\program files\Hitman Pro 3.5 2010-08-02 22:43:00 0 d-----w- c:\docume~1\hongchu\applic~1\Malwarebytes 2010-08-02 22:42:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-02 22:42:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-02 22:42:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-02 22:42:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 14:02:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Mozilla Firefox ==================== Find3M ==================== 2008-08-02 15:34:27 6820560 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe 2008-07-31 01:34:45 54457912 ----a-w- c:\program files\avg_iswt_stf_en_8_156a1345.exe 2007-02-18 18:22:23 541633984 ----a-w- c:\program files\AOEsetup.exe 2006-12-21 14:20:30 36098944 ----a-w- c:\program files\avg75f_433a879.exe 2006-12-19 01:38:47 10695680 -c--a-w- c:\program files\python-2.5.msi 2006-12-18 03:57:02 10926906 ----a-w- c:\program files\gaim-2.0.0beta5.exe 2006-10-10 23:51:41 4517296 ----a-w- c:\program files\MathType52Setup.exe 2006-10-10 22:40:38 329667 -c--a-w- c:\program files\Graphmatica.zip 2006-07-14 00:10:06 78562818 ----a-w- c:\program files\MTB1420_30DAY.exe 2006-01-20 21:16:34 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe ============= FINISH: 19:46:30.34 ===============

So, can you tell if the PC restore was effective in wiping out all of the malware/virus(es) I had? Which programs would you suggest I uninstall? I'll uninstall Defender but my understanding was that Malwarebytes, ad-aware, and spybot all target different types of malicious files. I currently have Comodo firewall installed as I read that windows firewall is rather weak and possibly responsible for the original infection. Is it safe/necessary to uninstall Comodo at this point? Do we need to run some more scans that require it to be uninstalled?

Hi, I just ran and updated Combofix. ComboFix 10-08-04.04 - Q 08/04/2010 17:01:37.1.2 - x86 Microsoft

I scanned my desktop with avast and malwarebytes which both detected some trojan downloaders and other types of malware. However, I also suspect that it may have one or more viruses as Mcafee has been compromised. Enclosed are the MBAM, DDS, and GMER logs. Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4382 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 8/2/2010 10:35:05 PM mbam-log-2010-08-02 (22-35-05).txt Scan type: Full scan (C:\|) Objects scanned: 317411 Time elapsed: 3 hour(s), 48 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\5.0\msvcirt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\5.0\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\5.0\msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2335361412-830609641-1874313668-1009\Dc32.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully. DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Hongchu at 18:53:24.31 on Tue 08/03/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1178 [GMT -4:00] AV: avast! antivirus 4.8.1335 [VPS 100803-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Emsisoft\Online Armor\OAcat.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\Motive\McciCMService.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\program files\mcafee.com\shared\mghtml.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\WINDOWS\system32\rundll32.exe c:\PROGRA~1\mcafee.com\shared\mghtml.exe C:\Documents and Settings\Hongchu\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {D017A1A4-51FE-686D-883E-896573BFFC91} - No File TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [sonic RecordNow!] uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [reg_nuvision_ax] c:\windows\system32\Regsvr32 /s NUVision.ax mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [setDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe /autorun mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [MCAgentExe] c:\program files\mcafee.com\agent\mcagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123220491828 DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\windows\system32\kbdinmalw.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hongchu\applic~1\mozilla\firefox\profiles\c6ic764u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=00beb7e1-3517-493b-9cc6-bee153e4d6f0&s=&ipc= FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLL FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLL FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\naifsrec.sys [2001-4-30 4512] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-26 114768] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-8-2 236104] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-8-2 22600] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-8-2 28232] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe [2005-8-6 659456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-26 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-26 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2004-1-24 102400] R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-8-2 1283400] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-26 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-26 352920] R3 NaiFiltr;NaiFiltr;c:\program files\common files\network associates\mcshield\naifiltr.sys [2001-4-30 24480] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-8-26 39048] S3 McShield;McShield;c:\program files\common files\network associates\mcshield\Mcshield.exe [2001-4-30 229499] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2004-10-12 245760] S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2005-1-2 153760] S3 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-8-2 3364680] S4 AvSynMgr;AVSync Manager;c:\program files\network associates\virusscan\Avsynmgr.exe [2001-4-30 155665] S4 MSC.Licensing 9.2;MSC.Licensing 9.2;c:\msc.software\msc.licensing\9.2\lmgrd.exe --> c:\msc.software\msc.licensing\9.2\lmgrd.exe [?] S4 Ras182c;Ras182c; [x] S4 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe --> c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe [?] =============== Created Last 30 ================ 2010-08-03 22:09:12 0 d-----w- c:\program files\SpywareBlaster 2010-08-03 21:49:16 0 d-----w- c:\docume~1\hongchu\applic~1\WinPatrol 2010-08-03 21:49:08 0 d-----w- c:\program files\BillP Studios 2010-08-03 21:17:38 0 d-----w- c:\program files\CCleaner 2010-08-03 21:05:22 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-08-03 03:07:39 0 d-----w- c:\docume~1\hongchu\applic~1\OnlineArmor 2010-08-03 03:07:39 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor 2010-08-03 03:06:53 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-08-03 03:06:53 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-08-03 03:06:53 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-08-03 03:06:47 0 d-----w- c:\program files\Emsisoft 2010-08-03 02:58:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-08-03 01:25:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-08-03 01:25:08 133440 ----a-w- c:\windows\system32\LnkProtect.dll 2010-08-03 01:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-08-03 01:24:59 0 d-----w- c:\program files\Hitman Pro 3.5 2010-08-02 22:43:00 0 d-----w- c:\docume~1\hongchu\applic~1\Malwarebytes 2010-08-02 22:42:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-02 22:42:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-02 22:42:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-02 22:42:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 14:02:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Mozilla Firefox ==================== Find3M ==================== 2008-08-02 15:34:27 6820560 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe 2008-07-31 01:34:45 54457912 ----a-w- c:\program files\avg_iswt_stf_en_8_156a1345.exe 2007-02-18 18:22:23 541633984 ----a-w- c:\program files\AOEsetup.exe 2006-12-21 14:20:30 36098944 ----a-w- c:\program files\avg75f_433a879.exe 2006-12-19 01:38:47 10695680 -c--a-w- c:\program files\python-2.5.msi 2006-12-18 03:57:02 10926906 ----a-w- c:\program files\gaim-2.0.0beta5.exe 2006-10-10 23:51:41 4517296 ----a-w- c:\program files\MathType52Setup.exe 2006-10-10 22:40:38 329667 -c--a-w- c:\program files\Graphmatica.zip 2006-07-14 00:10:06 78562818 ----a-w- c:\program files\MTB1420_30DAY.exe 2006-01-20 21:16:34 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe ============= FINISH: 18:53:52.70 =============== Attach.txt log: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/30/2004 2:23:49 AM System Uptime: 8/3/2010 3:26:37 PM (3 hours ago) Motherboard: Dell Computer Corp. | | 0G1548 Processor: Intel

Hey, I just completed a PC restore which reset everything on my laptop back to the original factory condition. I think that took care of the file in question but just to be sure, I'm gonna download Combofix and run the script you instructed but do I need to include the forum link in the text file? In the meantime, would you mind taking a look at the DDS, MBAM, and GMER logs from my desktop which is also infected with malware and one or more viruses which have compromised McAfee as well as cut down the PC's video memory? Malwarebytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4382 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 8/2/2010 10:35:05 PM mbam-log-2010-08-02 (22-35-05).txt Scan type: Full scan (C:\|) Objects scanned: 317411 Time elapsed: 3 hour(s), 48 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\5.0\msvcirt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\5.0\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Autodesk Shared\GIS\ImportExport\5.0\msvcrt.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2335361412-830609641-1874313668-1009\Dc32.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully. DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Hongchu at 18:53:24.31 on Tue 08/03/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1178 [GMT -4:00] AV: avast! antivirus 4.8.1335 [VPS 100803-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Emsisoft\Online Armor\OAcat.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\Motive\McciCMService.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe c:\program files\mcafee.com\shared\mghtml.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\WINDOWS\system32\rundll32.exe c:\PROGRA~1\mcafee.com\shared\mghtml.exe C:\Documents and Settings\Hongchu\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {D017A1A4-51FE-686D-883E-896573BFFC91} - No File TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [sonic RecordNow!] uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [VSOCheckTask] "c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" /checktask mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [reg_nuvision_ax] c:\windows\system32\Regsvr32 /s NUVision.ax mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [setDefPrt] c:\program files\brother\brmfl05c\BrStDvPt.exe mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe /autorun mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot mRun: [MCAgentExe] c:\program files\mcafee.com\agent\mcagent.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB} IE: {925DAB62-F9AC-4221-806A-057BFB1014AA} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123220491828 DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\windows\system32\kbdinmalw.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hongchu\applic~1\mozilla\firefox\profiles\c6ic764u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - hxxp://my.freeze.com/?AcquisitionID=00beb7e1-3517-493b-9cc6-bee153e4d6f0&s=&ipc= FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava11.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava12.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava13.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava14.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJava32.dll FF - plugin: c:\program files\java\j2re1.4.2\bin\NPJPI142.DLL FF - plugin: c:\program files\java\j2re1.4.2\bin\NPOJI610.DLL FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R0 NaiFsRec;NaiFsRec;c:\windows\system32\drivers\naifsrec.sys [2001-4-30 4512] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-26 114768] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-8-2 236104] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-8-2 22600] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-8-2 28232] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\progra~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe [2005-8-6 659456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-26 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-26 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2004-1-24 102400] R2 OAcat;Online Armor Helper Service;c:\program files\emsisoft\online armor\oacat.exe [2010-8-2 1283400] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-26 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-26 352920] R3 NaiFiltr;NaiFiltr;c:\program files\common files\network associates\mcshield\naifiltr.sys [2001-4-30 24480] S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-8-26 39048] S3 McShield;McShield;c:\program files\common files\network associates\mcshield\Mcshield.exe [2001-4-30 229499] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2004-10-12 245760] S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2005-1-2 153760] S3 SvcOnlineArmor;Online Armor;c:\program files\emsisoft\online armor\oasrv.exe [2010-8-2 3364680] S4 AvSynMgr;AVSync Manager;c:\program files\network associates\virusscan\Avsynmgr.exe [2001-4-30 155665] S4 MSC.Licensing 9.2;MSC.Licensing 9.2;c:\msc.software\msc.licensing\9.2\lmgrd.exe --> c:\msc.software\msc.licensing\9.2\lmgrd.exe [?] S4 Ras182c;Ras182c; [x] S4 Unigraphics License Server (uglmd);Unigraphics License Server (uglmd);c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe --> c:\program files\ugs\license servers\ugnxflexlm\lmgrd.exe [?] =============== Created Last 30 ================ 2010-08-03 22:09:12 0 d-----w- c:\program files\SpywareBlaster 2010-08-03 21:49:16 0 d-----w- c:\docume~1\hongchu\applic~1\WinPatrol 2010-08-03 21:49:08 0 d-----w- c:\program files\BillP Studios 2010-08-03 21:17:38 0 d-----w- c:\program files\CCleaner 2010-08-03 21:05:22 0 d-----w- c:\docume~1\alluse~1\applic~1\RegCure 2010-08-03 03:07:39 0 d-----w- c:\docume~1\hongchu\applic~1\OnlineArmor 2010-08-03 03:07:39 0 d-----w- c:\docume~1\alluse~1\applic~1\OnlineArmor 2010-08-03 03:06:53 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys 2010-08-03 03:06:53 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys 2010-08-03 03:06:53 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys 2010-08-03 03:06:47 0 d-----w- c:\program files\Emsisoft 2010-08-03 02:58:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-08-03 01:25:19 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2010-08-03 01:25:08 133440 ----a-w- c:\windows\system32\LnkProtect.dll 2010-08-03 01:25:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2010-08-03 01:24:59 0 d-----w- c:\program files\Hitman Pro 3.5 2010-08-02 22:43:00 0 d-----w- c:\docume~1\hongchu\applic~1\Malwarebytes 2010-08-02 22:42:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-02 22:42:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-02 22:42:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-02 22:42:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-19 14:02:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Mozilla Firefox ==================== Find3M ==================== 2008-08-02 15:34:27 6820560 ----a-w- c:\program files\FirefoxGoogleToolbarSetup.exe 2008-07-31 01:34:45 54457912 ----a-w- c:\program files\avg_iswt_stf_en_8_156a1345.exe 2007-02-18 18:22:23 541633984 ----a-w- c:\program files\AOEsetup.exe 2006-12-21 14:20:30 36098944 ----a-w- c:\program files\avg75f_433a879.exe 2006-12-19 01:38:47 10695680 -c--a-w- c:\program files\python-2.5.msi 2006-12-18 03:57:02 10926906 ----a-w- c:\program files\gaim-2.0.0beta5.exe 2006-10-10 23:51:41 4517296 ----a-w- c:\program files\MathType52Setup.exe 2006-10-10 22:40:38 329667 -c--a-w- c:\program files\Graphmatica.zip 2006-07-14 00:10:06 78562818 ----a-w- c:\program files\MTB1420_30DAY.exe 2006-01-20 21:16:34 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe ============= FINISH: 18:53:52.70 =============== Attach.txt log: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 1/30/2004 2:23:49 AM System Uptime: 8/3/2010 3:26:37 PM (3 hours ago) Motherboard: Dell Computer Corp. | | 0G1548 Processor: Intel

JavaRa didn't create or open a logfile after I ran it even after I checked open logfile on the additional tasks menu. Does this mean that I don't have any older versions cause I also tried to manually search for the javara.log file but couldn't find anything? Here's my combo-fix log: ComboFix 10-08-01.01 - Q 08/01/2010 21:48:09.1.2 - x86 Microsoft

I've identified the file rundll32 "C:\Users\Q\AppData\Roaming\dbnmpntwf.dll" as a possible source of the virus/malware. Whenever I try to run this file by hijackthis or combofix, it keeps coming back. Enclosed are my Malwarebytes, DDS, and GMER logs: Malwarebytes log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4381 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18828 8/2/2010 2:32:13 PM mbam-log-2010-08-02 (14-32-13).txt Scan type: Quick scan Objects scanned: 132216 Time elapsed: 9 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS: DDS (Ver_10-03-17.01) - NTFSx86 Run by Q at 1:00:51.07 on Mon 08/02/2010 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_20 Microsoft

Hi, I recently downloaded a DNS hijack virus or google redirect virus that was disguised as a keygen program. I first noticed it when I clicked certain google search links and was redirected to spam or ad sites (possibly malicious ones but also sites like bing). However, I wasn't able to find the TDSSserv.sys file that's symptomatic of most google redirect viruses so I'm not sure if this virus I have is new or something. Neither avast nor spybot picked it up but I downloaded malwarebytes last night and it identified a rootkit and some other malicious files in my local temp folders as well as my registry. During the malwarebytes scan (and currently) I am no longer being redirected to spam sites (one of which actually routed me to a 64.x.x.x.x site with a message titled "old session or bad record") but while I was restarting my computer to complete the malwarebytes scan, the virus attempted to run the executable keygen file I first downloaded as an administrator. Therefore, I'm not sure if I have fully eliminated this redirect virus which is why I've come here to seek the help of more experienced users. I even downloaded tdsskiller just now but it didn't identify anything either. Enclosed is my hijackthis logfile which I'm publishing in the hopes that someone will provide me with a way to ensure that all traces of the virus are eliminated from my laptop.