Inactive PC crashes in the same place when runing Avira/Norton

Status
Not open for further replies.

nihi

Posts: 8   +0
Hello,

I firstly tried to have full system scan by Norton but PC crashes, then I uninstalled Norton & used Avira, but same thing happens. I totally tried 4 times separately with these 2 anti-virus progams.

Every time my PC crashes when scaning "C:\windows\winsxs\manifests\x86_microsoft-windows-hal_31bf3856ad364e35_6.0.6001.18000_none_ab8fa4".

I continued the 8-step & logs as below.

Thank you for your help~

Nihi

----------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org


Database version: 5844

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

2/23/2011 12:28:16 AM
mbam-log-2011-02-23 (00-28-16).txt

Scan type: Quick scan
Objects scanned: 146678
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{A1DD29ED-2598-48E9-9793-64A9CD08AC94} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-23 00:57:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: o8h0cqui.exe; Driver: C:\Users\hmfung\AppData\Local\Temp\awryrpog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4204] ntdll.dll!LdrLoadDll 777693A8 5 Bytes JMP 008B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5964] USER32.dll!TrackPopupMenu 778914F3 4 Bytes JMP 64492342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


-----------------------------------------------------------

DDS (Ver_10-12-12.02) - NTFSx86
Run by hmfung at 0:58:33.28 on Wed 02/23/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3025.1675 [GMT 1:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Windows\system32\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\hmfung\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://hk.fujitsu.com/pc
mDefault_Page_URL = hxxp://hk.fujitsu.com/pc
uInternet Settings,ProxyOverride = *.local
BHO: WebThunder Browser Helper: {00000aaa-a363-466e-bef5-9bb68697aa7f} - c:\program files\thunder network\webthunder\WebThunderBHO_Now.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [PSUtility] c:\program files\fujitsu\psutility\TrayManager.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [Skytel] Skytel.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\hmfung\appdata\roaming\mozilla\firefox\profiles\ulepel1f.default\
FF - plugin: c:\program files\common files\thunder network\kankan\npDapCtrlFirefox.2.0.5901.12.(309).dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Dictionnaire français «Moderne»: fr-moderne@dictionaries.addons.mozilla.org - %profile%\extensions\fr-moderne@dictionaries.addons.mozilla.org

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2008-6-26 12712]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-22 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-22 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-22 61960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2008-2-1 62760]
R2 SFR.DashBoard.Service;SFR.DashBoard.Service;c:\program files\sfr\gestionnaire de connexion\SFR.DashBoard.Service.exe [2010-12-2 18272]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2008-4-28 5632]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-5-1 3660800]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-2-5 47448]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-1-22 41560]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LvIBTSvr;Logitech IBT Service;c:\program files\common files\logishrd\lvibtsvr\LvIBTSvr.exe [2007-4-3 76576]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2009-2-22 3872]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-2 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2010-12-2 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\ZTEusbvoice.sys [2010-12-2 105088]

=============== Created Last 30 ================

2011-02-22 23:33:49 -------- d-----w- c:\users\hmfung\appdata\local\CrashDumps
2011-02-22 23:18:49 709456 ----a-w- c:\windows\isRS-000.tmp
2011-02-22 23:18:09 -------- d-----w- c:\users\hmfung\appdata\roaming\Malwarebytes
2011-02-22 23:17:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-22 23:17:51 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-22 23:17:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-22 23:17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-22 22:13:51 -------- d-----w- c:\users\hmfung\appdata\roaming\Avira
2011-02-22 22:09:53 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-22 22:09:52 -------- d-----w- c:\program files\Avira
2011-02-22 22:09:52 -------- d-----w- c:\progra~2\Avira
2011-02-22 19:53:20 -------- d-----w- c:\progra~2\Norton
2011-02-22 19:53:08 -------- d-----w- c:\progra~2\NortonInstaller
2011-02-22 19:06:36 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{363956a2-aa80-40f1-bf0c-7be3ebb09332}\mpengine.dll
2011-02-15 21:10:01 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-02-15 21:10:00 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-02-15 00:02:07 -------- d-----w- c:\program files\iPod
2011-02-14 13:54:16 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-02-14 13:54:15 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-02-14 13:54:15 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-02-14 13:54:15 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-02-14 13:54:15 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-02-14 13:54:15 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-02-14 13:54:10 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-14 13:54:07 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-14 13:54:07 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-14 13:54:06 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-14 13:54:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 0:58:50.26 ===============



-----------------------------------------------------------
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 1/14/2009 11:56:10 AM
System Uptime: 2/23/2011 12:19:31 AM (0 hours ago)

Motherboard: FUJITSU | | FJNB1E6
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Onboard | 1600/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 61.504 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 103.946 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP426: 12/31/2010 10:12:10 AM - Scheduled Checkpoint
RP427: 12/31/2010 2:46:32 PM - Windows Update
RP428: 1/1/2011 1:31:57 PM - Scheduled Checkpoint
RP429: 1/4/2011 7:13:42 PM - Windows Update
RP430: 1/6/2011 12:11:22 PM - Scheduled Checkpoint
RP431: 1/7/2011 9:39:57 AM - Windows Update
RP432: 2/14/2011 2:49:02 PM - Windows Update
RP433: 2/14/2011 3:22:41 PM - Windows Update
RP434: 2/15/2011 12:59:01 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP435: 2/15/2011 12:59:29 AM - Device Driver Package Install: Apple Network adapters
RP436: 2/15/2011 1:04:58 PM - Windows Update
RP437: 2/15/2011 2:19:10 PM - Windows Update
RP438: 2/16/2011 7:54:15 PM - Scheduled Checkpoint
RP439: 2/17/2011 8:46:10 PM - Windows Update
RP440: 2/18/2011 1:02:36 PM - Windows Update
RP441: 2/20/2011 12:32:40 PM - Scheduled Checkpoint
RP442: 2/21/2011 8:53:27 PM - Scheduled Checkpoint
RP443: 2/22/2011 8:06:20 PM - Windows Update
RP444: 2/22/2011 8:25:22 PM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Bonjour
Chinese Simplified Fonts Support For Adobe Reader 8
CyberLink PowerDirector
D3DX10
Fujitsu Display Manager
Fujitsu Hardware Diagnostics Tool
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Fujitsu WebCam
Gestionnaire de Connexion SFR 3.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Inst5657
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iSilo
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 23
Java(TM) 6 Update 6
Junk Mail filter update
LifeBook Application Panel
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (French) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (French) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
MobileMe Control Panel
Mozilla Firefox (3.6.13)
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
O2Micro Flash Memory Card Windows Driver
OmniPass 5.01.04
OpenOffice.org 3.2
OZ711 SCR Driver V3.0.1.4
PC Connectivity Solution
Power Saving Utility
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator LJ
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shock Sensor Utility
Skype Toolbars
Skype™ 4.2
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live FolderShare
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/23/2011 12:09:09 AM, Error: Service Control Manager [7034] - The Softex OmniPass Service service terminated unexpectedly. It has done this 1 time(s).
2/23/2011 12:02:42 AM, Error: EventLog [6008] - The previous system shutdown at 11:56:16 PM on 2/22/2011 was unexpected.
2/22/2011 9:36:29 PM, Error: EventLog [6008] - The previous system shutdown at 9:31:55 PM on 2/22/2011 was unexpected.
2/22/2011 11:20:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/22/2011 11:14:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SFR.DashBoard.Service service to connect.
2/22/2011 11:14:02 PM, Error: Service Control Manager [7000] - The SFR.DashBoard.Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/22/2011 11:10:19 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
2/22/2011 11:01:31 PM, Error: EventLog [6008] - The previous system shutdown at 10:47:37 PM on 2/22/2011 was unexpected.
2/22/2011 10:40:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® PROSet/Wireless Registry Service service to connect.
2/22/2011 10:40:04 PM, Error: Service Control Manager [7000] - The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/22/2011 10:39:41 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 258
2/22/2011 10:38:37 PM, Error: EventLog [6008] - The previous system shutdown at 10:33:42 PM on 2/22/2011 was unexpected.
2/22/2011 10:19:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:10:30 PM on 2/22/2011 was unexpected.
2/21/2011 8:22:07 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016EA8890C4. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2/19/2011 2:56:52 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0016EA8890C4. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the malware- but you need to do some housekeeping first:

1. Go to the Control Panel> Add/Remove Programs> Uninstall Java v6u6 and Java v6u18, Java V623. Update to current v6u24: Check this site .Java Updates The Java updates don't overwrite the previous version, so you must uninstall it each time as it is a vulnerability for the system.

2. While in Add/Remove Programs, look for anything associated with Thunder Network, "Thunder" download manager, WebThunder Browser Helper or anything listed under xunlei.com. This program comes bundled with spyware and the home site itself is not a safe site.

After the uninstalls, use Windows Explorer( Windows key +E)> My Computer> Local Drive Programs> look for and do a right click> Delete on any folders for the same above listings.

3. Norton is still loading. Please run the Norton Removal Tool
====================================
Reboot the computer and empty the Recycle Bin when through with above.
====================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
  10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
  11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard, you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Hi Bobbye,

Thank you for your reply.

I followed your steps until i ran the Eset NOD32 Online AntiVirus. It stops at the same place when scaning "C:\windows\winsxs\manifests\x86_microsoft-windows-hal_31bf3856ad364e35_6.0.6001.18000_none_ab8fa458a:......"

In fact, it finished 49% & the time continues to count and the cursor works too. However, when i tried to close the webpage or stop scaning or click other progam, it crashes. I forced to shut down the PC.....

Pls kindly help~

Thanks again
 
Okay, please run the following first, then try the Eset scan again:

Download Combofix to your desktop from one of these locations:
Link 1
Link 2
http://www.forospyware.com/sUBs/ComboFix.exe
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Hi Bobbye,

Here is the log from Combofix but I still couldn't finish the Eset scan for the same problem, always stopped at the same place.

Tks~~

Nihi

----------------------------------------------
ComboFix 11-02-24.01 - hmfung 02/24/2011 21:32:38.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3025.1693 [GMT 1:00]
Running from: c:\users\hmfung\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-24 20:36 . 2011-02-24 20:36 -------- d-----w- c:\users\hmfung\AppData\Local\temp
2011-02-24 20:36 . 2011-02-24 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 19:44 . 2011-02-23 19:44 -------- d-----w- c:\program files\ESET
2011-02-23 19:17 . 2011-02-23 19:17 -------- d-----w- c:\program files\Common Files\Java
2011-02-23 19:14 . 2011-02-23 19:14 -------- d-----w- c:\programdata\McAfee
2011-02-22 23:33 . 2011-02-22 23:33 -------- d-----w- c:\users\hmfung\AppData\Local\CrashDumps
2011-02-22 23:18 . 2011-02-22 23:18 -------- d-----w- c:\users\hmfung\AppData\Roaming\Malwarebytes
2011-02-22 23:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-22 23:17 . 2011-02-22 23:17 -------- d-----w- c:\programdata\Malwarebytes
2011-02-22 23:17 . 2011-02-22 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-22 23:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-22 22:13 . 2011-02-22 22:13 -------- d-----w- c:\users\hmfung\AppData\Roaming\Avira
2011-02-22 22:09 . 2011-01-10 13:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-22 22:09 . 2011-01-10 13:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\programdata\Avira
2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\program files\Avira
2011-02-22 19:53 . 2011-02-22 22:13 -------- d-----w- c:\programdata\Norton
2011-02-22 19:46 . 2011-02-22 19:52 -------- d-----w- c:\users\hmfung\AppData\Roaming\Download Manager
2011-02-22 19:06 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{363956A2-AA80-40F1-BF0C-7BE3EBB09332}\mpengine.dll
2011-02-15 21:10 . 2011-02-15 21:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 21:10 . 2011-02-15 21:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 00:02 . 2011-02-15 00:02 -------- d-----w- c:\program files\iPod
2011-02-14 13:54 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-02-14 13:54 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-02-14 13:54 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-02-14 13:54 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-02-14 13:54 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-02-14 13:54 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-02-14 13:54 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-14 13:54 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-14 13:54 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-14 13:54 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-14 13:54 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 19:14 . 2010-04-23 08:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-02 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2009-06-12 05:34 . 2009-04-08 09:12 42760 ----a-w- c:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-03-17 17:20 . 2009-04-08 09:12 53248 ----a-w- c:\program files\mozilla firefox\components\ThunderComponent.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-02-01 88616]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-11 1045800]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2008-02-01 136488]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-02 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-909818264-3692995831-1060911529-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-03 76576]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-19 3872]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-04-14 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-07-21 105088]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2008-06-26 12712]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2008-02-01 62760]
S2 SFR.DashBoard.Service;SFR.DashBoard.Service;c:\program files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe [2010-05-31 18272]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-05 47448]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-01-21 41560]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
FF - ProfilePath - c:\users\hmfung\AppData\Roaming\Mozilla\Firefox\Profiles\ulepel1f.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

AddRemove-InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-24 21:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-909818264-3692995831-1060911529-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-909818264-3692995831-1060911529-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-24 21:38:25
ComboFix-quarantined-files.txt 2011-02-24 20:38

Pre-Run: 66,459,873,280 bytes free
Post-Run: 66,204,336,128 bytes free

- - End Of File - - 31777DC9A68059315AF14E26F5AC1D85
 
You have processes for 3 antivirus programs running:
Avira> If this is your current AV Program, Please run the removal tools for the following:
Norton: >Norton Removal Tool
McAfee:>McAfee Removal

Please reboot the computer when finished.

If you will verify which AV you are keeping, I can include the 'left over' processes, if any, for the AV programs you are removing, in the script I will have you run through Combofix.
====================================
Please uninstall these outdated versions of Java as they are vulnerabilities for the system:
Java(TM) 6 Update 18
Java(TM) 6 Update 23
Java(TM) 6 Update 6

Update to current v6u24: Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs
=====================================
See if you can get an online virus scan from this: Run Kaspersky Online Scanner in Internet Explorer

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.
 
Hi,

I cleaned 2 anti virus and left Avira runing but I failed to run the Kaspersky Online Scanner. It indicated "the license has expired"

Then I ran the Combofix again:

-------------------------------------------------
ComboFix 11-02-24.01 - hmfung 02/26/2011 14:57:14.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3025.1970 [GMT 1:00]
Running from: c:\users\hmfung\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-26 to 2011-02-26 )))))))))))))))))))))))))))))))
.

2011-02-26 14:02 . 2011-02-26 14:02 -------- d-----w- c:\users\hmfung\AppData\Local\temp
2011-02-26 14:02 . 2011-02-26 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-25 21:34 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FDCFAB1C-877B-4583-81A0-B51797C90AFD}\mpengine.dll
2011-02-23 19:44 . 2011-02-23 19:44 -------- d-----w- c:\program files\ESET
2011-02-23 19:17 . 2011-02-23 19:17 -------- d-----w- c:\program files\Common Files\Java
2011-02-22 23:33 . 2011-02-22 23:33 -------- d-----w- c:\users\hmfung\AppData\Local\CrashDumps
2011-02-22 23:18 . 2011-02-22 23:18 -------- d-----w- c:\users\hmfung\AppData\Roaming\Malwarebytes
2011-02-22 23:17 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-22 23:17 . 2011-02-22 23:17 -------- d-----w- c:\programdata\Malwarebytes
2011-02-22 23:17 . 2011-02-22 23:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-22 23:17 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-22 22:13 . 2011-02-22 22:13 -------- d-----w- c:\users\hmfung\AppData\Roaming\Avira
2011-02-22 22:09 . 2011-01-10 13:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-22 22:09 . 2011-01-10 13:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\programdata\Avira
2011-02-22 22:09 . 2011-02-22 22:09 -------- d-----w- c:\program files\Avira
2011-02-22 19:53 . 2011-02-22 22:13 -------- d-----w- c:\programdata\Norton
2011-02-22 19:46 . 2011-02-22 19:52 -------- d-----w- c:\users\hmfung\AppData\Roaming\Download Manager
2011-02-15 21:10 . 2011-02-15 21:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-15 21:10 . 2011-02-15 21:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-15 00:02 . 2011-02-15 00:02 -------- d-----w- c:\program files\iPod
2011-02-14 13:54 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-02-14 13:54 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-02-14 13:54 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-02-14 13:54 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-02-14 13:54 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-02-14 13:54 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-02-14 13:54 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-02-14 13:54 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-14 13:54 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-14 13:54 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-14 13:54 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 19:14 . 2010-04-23 08:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-02 16:12 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-02-01 88616]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-23 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-23 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-11 1045800]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2008-04-02 102400]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2008-02-01 136488]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-02 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-909818264-3692995831-1060911529-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LvIBTSvr;Logitech IBT Service;c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe [2007-04-03 76576]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-19 3872]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-04-14 9216]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2009-07-21 105088]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2008-06-26 12712]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2008-02-01 62760]
S2 SFR.DashBoard.Service;SFR.DashBoard.Service;c:\program files\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe [2010-05-31 18272]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-05 47448]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-01-21 41560]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
FF - ProfilePath - c:\users\hmfung\AppData\Roaming\Mozilla\Firefox\Profiles\ulepel1f.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-26 15:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-909818264-3692995831-1060911529-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-909818264-3692995831-1060911529-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-02-26 15:03:30
ComboFix-quarantined-files.txt 2011-02-26 14:03
ComboFix2.txt 2011-02-24 20:38

Pre-Run: 65,105,223,680 bytes free
Post-Run: 65,219,461,120 bytes free

- - End Of File - - 165454289BE7EC964FA0EDA0BAC01057
 
For the errors you are getting with the online virus scans:
Check the system date (Time, Date, Time Zone) settings on your PC. Make sure they are correct. (Right click on Time in Notification Area> Adjust/Date & Time> Check all.)
If you find the wrong setting and fix it, reboot and try Eset again. If that won't scan, try Kaspersky- but since they all give the same error and it is based on expiration AKA Time, that should resolve the problem.
===============================================
Edit to add:
I just noticed that your clock is set to Military time. This is a 24 hour clock, not 12 hour
Click on this site to find the Time Zone for your country: http://wwp.greenwichmeantime.com/gmt-converter2.htm
You ran DDS at 058:00 on 2/23/2011. That means it was 58 min. after midnight, or rounded off, GMT 1:00, which in one o'clock in the morning or 1AM on a 12 hours clock.
But you need to make sure the correct time zone is set for your country or the time will be wrong.
============================================
Do you plan to keep Avira as the AV program?

Before I give you script to run in Combofix, please run the following:

Download Security Check by screen317 from HERE or HERE .
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=================================
If neither of the online virus scans still won't run after checking/setting time and date, please run the following:
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
    in your next reply.

I note that it appears the system has Chinese and French entries in addition to English. There is a small possibility that it may be a language problem preventing the virus scans, but not likely.
 
Hi there,

I've checked the system date & time zone (GMT+1) was correct and then I used Eset scan again but failed for the same reason.

I do need to type French, Chinese & English so I have to keep these language options in the PC. However, if I have to change the setting, I don't mind to change all system data to be English.

I'd like to keep Avira as the AV program. Here is the checkup.txt;

----------------------
Results of screen317's Security Check version 0.99.9
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Adobe Flash Player 10.2.152.26
Adobe Reader 8.2.6
Chinese Simplified Fonts Support For Adobe Reader 8
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

-----------------------------------------------------

Then I ran the CKScanner. Here is the content:

---------------------------

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----


Millions thanks again for your kind help~~~

Nihi
 
I'm going to push once more for date and time check. If you want to keep the military clock, be sure it is set correctly. And on the Internet Time tab. click on the Update Now button to force a check. The errors with both virus scan are classical errors of time or date.

Try to run Avira again after you get the time check.

So far, so good. I'd like to get more security on the system. Avira is fine for AV. Windows Firewall only listens to incoming, not outgoing. So I'd recommend on of these for firewall:
  • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
  • Antispyware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
    [o]ZonedOut This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
    [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
  • Update the Adobe Reader: Visit this Adobe Reader site Uninstall the earlier update as it are vulnerabilities.

I'll be back after dinner to go over the Combofi log.
 
Status
Not open for further replies.
Back