[INACTIVE] virus

Started By dyjodapa, Sep 06 2010 04:44 AM

This topic is locked
Go to first unread post

17 replies to this topic

#1 dyjodapa

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 06 September 2010 - 04:44 AM

Hi,

Avast found over 20 infections. Here are the logs. Sorry bout the small amount of memory it is a familly members computer. Also I still had a probem with GMER even in safe mode.

OTL Extras logfile created on: 9/5/2010 11:27:29 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.00 Mb Total Physical Memory | 40.00 Mb Available Physical Memory | 31.00% Memory free
323.00 Mb Paging File | 119.00 Mb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 2.66 Gb Free Space | 14.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 490.74 Mb Total Space | 489.02 Mb Free Space | 99.65% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YIPEE-7JN4N62AX
Current User Name: Williamson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitDefender\BitDefender 2009\DpReg.exe" = C:\Program Files\BitDefender\BitDefender 2009\DpReg.exe:*:Enabled:Defender Pro 5 in 1 -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0FEE6E31-8B71-482D-BA8A-683A6A440001}" = Hallmark Card Studio Trial Edition
"{13AAD7FE-A6AE-417A-A835-290CAA139B90}" = Ultimate Solitaire 1000
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B98D958E-9E59-43B7-B47F-043D45D73EE6}" = SpongeBob SquarePants - The Movie
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"023782E7-308A-4278-9762-947348D4DF34" = Polar Bowler from WildGames (remove only)
"2002 Games" = 2002 Games
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"avast5" = avast! Free Antivirus
"Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Crystal Wizard" = Crystal Wizard
"Drop 2" = Drop 2
"eGames GameButler" = eGames GameButler
"Flipster Twin Pack" = Flipster Twin Pack
"HijackThis" = HijackThis 2.0.2
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"OnlineArmor_is1" = Online Armor 4.0
"Peggle Nights Deluxe 1.0" = Peggle Nights Deluxe 1.0
"Penguin Puzzle" = Penguin Puzzle
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"TTB000001.TTB000001Toolbar" = CouponBar
"Wheel of Fortune Deluxe" = Wheel of Fortune Deluxe (remove only)
"WildTangent CDA" = WildTangent Web Driver
"Windows XP Service Pack" = Windows XP Service Pack 2
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 8/23/2010 10:44:40 PM | Computer Name = YIPEE-7JN4N62AX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/23/2010 10:44:40 PM | Computer Name = YIPEE-7JN4N62AX | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/24/2010 11:05:57 PM | Computer Name = YIPEE-7JN4N62AX | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 9/4/2010 2:14:50 PM | Computer Name = YIPEE-7JN4N62AX | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
1 time(s).

Error - 9/4/2010 2:14:54 PM | Computer Name = YIPEE-7JN4N62AX | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 9/4/2010 4:08:44 PM | Computer Name = YIPEE-7JN4N62AX | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy"
on line 0.

Error - 9/4/2010 4:08:44 PM | Computer Name = YIPEE-7JN4N62AX | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: Insufficient system resources exist to complete the requested service.
.

Error - 9/4/2010 4:08:44 PM | Computer Name = YIPEE-7JN4N62AX | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\System32\browseui.dll.
Reference
error message: The operation completed successfully. .

Error - 9/4/2010 4:26:00 PM | Computer Name = YIPEE-7JN4N62AX | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
1 time(s).

Error - 9/5/2010 4:54:56 PM | Computer Name = YIPEE-7JN4N62AX | Source = Service Control Manager | ID = 7034
Description = The Online Armor service terminated unexpectedly. It has done this
1 time(s).

< End of report >

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

9/5/2010 11:16:35 PM
mbam-log-2010-09-05 (23-16-35).txt

Scan type: Quick scan
Objects scanned: 139893
Time elapsed: 16 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 118):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EC000 \WINDOWS\system32\hal.dll
0xFCA21000 \WINDOWS\system32\KDCOM.DLL
0xFC931000 \WINDOWS\system32\BOOTVID.dll
0xFC4D2000 ACPI.sys
0xFCA23000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xFC4C1000 pci.sys
0xFC521000 isapnp.sys
0xFCA25000 intelide.sys
0xFC7A1000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xFC531000 MountMgr.sys
0xFC4A2000 ftdisk.sys
0xFC7A9000 PartMgr.sys
0xFC541000 VolSnap.sys
0xFC48A000 atapi.sys
0xFC551000 disk.sys
0xFC561000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xFC46B000 fltmgr.sys
0xFC459000 sr.sys
0xFC442000 KSecDD.sys
0xFC3B5000 Ntfs.sys
0xFC388000 NDIS.sys
0xFC36D000 Mup.sys
0xFC721000 \SystemRoot\System32\DRIVERS\p3.sys
0xFC0C3000 \SystemRoot\System32\DRIVERS\i81xnt5.sys
0xFC0AF000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xFC092000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xFBFBD000 \SystemRoot\System32\DRIVERS\BCMDM.sys
0xFBF9A000 \SystemRoot\System32\DRIVERS\ks.sys
0xFC869000 \SystemRoot\System32\Drivers\Modem.SYS
0xFC731000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xFC871000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xFC879000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xFC881000 \SystemRoot\System32\DRIVERS\fdc.sys
0xFC741000 \SystemRoot\System32\DRIVERS\serial.sys
0xFC9D1000 \SystemRoot\System32\DRIVERS\serenum.sys
0xFBF86000 \SystemRoot\System32\DRIVERS\parport.sys
0xFC751000 \SystemRoot\System32\Drivers\Imapi.SYS
0xFC761000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xFC771000 \SystemRoot\System32\DRIVERS\redbook.sys
0xFC889000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xFBF63000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xFBF4B000 \SystemRoot\system32\drivers\ac97intc.sys
0xFBF27000 \SystemRoot\system32\drivers\portcls.sys
0xFC781000 \SystemRoot\system32\drivers\drmk.sys
0xFCB23000 \SystemRoot\System32\DRIVERS\audstub.sys
0xFC791000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xFC9D9000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xFBF10000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xFC591000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xFC5A1000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xFC891000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xFC899000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xFC8A1000 \SystemRoot\System32\DRIVERS\raspti.sys
0xFC5B1000 \SystemRoot\System32\DRIVERS\termdd.sys
0xFCA41000 \SystemRoot\System32\DRIVERS\swenum.sys
0xFBEBD000 \SystemRoot\System32\DRIVERS\update.sys
0xFC9E1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xFC5C1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xFC611000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xFCA45000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xFC9A5000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xFC901000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xFCA47000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xFCBC0000 \SystemRoot\System32\Drivers\Null.SYS
0xFCA49000 \SystemRoot\System32\Drivers\Beep.SYS
0xFC911000 \SystemRoot\System32\drivers\vga.sys
0xFCA4B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xFCA4D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xFC919000 \SystemRoot\System32\Drivers\Msfs.SYS
0xFC921000 \SystemRoot\System32\Drivers\Npfs.SYS
0xFC103000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xFC631000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xF7D07000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xFC641000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7CAF000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xFC929000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xFC651000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF7C87000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF7C65000 \SystemRoot\System32\drivers\afd.sys
0xFC661000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7C43000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xFC7C1000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF7C17000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF7BC9000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xF7B5A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xFC681000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7B39000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xFC691000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7A4A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xFC7D9000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xFC9B9000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xFC6E1000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xFC7F1000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xFC9CD000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF79D7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79BF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xFCA5D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7D4E000 \SystemRoot\System32\drivers\Dxapi.sys
0xFC811000 \SystemRoot\System32\watchdog.sys
0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
0xFCC5D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D6000 \SystemRoot\System32\i81xdnt5.dll
0xF7B31000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF7887000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF75F0000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF7433000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF73F6000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7767000 \SystemRoot\system32\drivers\sysaudio.sys
0xFCAA7000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7142000 \SystemRoot\System32\DRIVERS\srv.sys
0xFC8C1000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF7229000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6F21000 \SystemRoot\System32\Drivers\HTTP.sys
0xF6B7E000 \SystemRoot\system32\drivers\kmixer.sys
0xFC859000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
336 C:\WINDOWS\system32\smss.exe
384 csrss.exe
408 C:\WINDOWS\system32\winlogon.exe
452 C:\WINDOWS\system32\services.exe
464 C:\WINDOWS\system32\lsass.exe
620 C:\WINDOWS\system32\svchost.exe
668 svchost.exe
708 C:\WINDOWS\system32\svchost.exe
776 svchost.exe
812 svchost.exe
900 C:\Program Files\Emsisoft\Online Armor\oacat.exe
1048 C:\WINDOWS\explorer.exe
1244 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1468 C:\WINDOWS\system32\spoolsv.exe
1548 svchost.exe
1688 C:\WINDOWS\system32\svchost.exe
128 C:\WINDOWS\system32\wscntfy.exe
172 alg.exe
1600 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1656 C:\Program Files\Messenger\msmsgs.exe
1792 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1000 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2340 C:\WINDOWS\system32\wuauclt.exe
3668 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
2860 E:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD200EB-11CPF0, Rev: 06.04G06

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

OTL logfile created on: 9/5/2010 11:27:28 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = E:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.00 Mb Total Physical Memory | 40.00 Mb Available Physical Memory | 31.00% Memory free
323.00 Mb Paging File | 119.00 Mb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 192 384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.65 Gb Total Space | 2.66 Gb Free Space | 14.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 490.74 Mb Total Space | 489.02 Mb Free Space | 99.65% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YIPEE-7JN4N62AX
Current User Name: Williamson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/05 23:17:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010/07/19 12:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/07/07 12:52:54 | 001,283,400 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft\Online Armor\oacat.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/09/30 17:29:59 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/09/05 23:17:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2004/08/04 02:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 01:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/07 12:52:54 | 003,364,680 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/07/07 12:52:54 | 001,283,400 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft\Online Armor\OAcat.exe -- (OAcat)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/01 20:05:23 | 000,072,704 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2009/03/03 15:53:08 | 000,033,176 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - [2010/07/07 12:25:58 | 000,022,600 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/07/07 12:25:42 | 000,028,232 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/07/07 12:25:38 | 000,236,104 | ---- | M] (Emsisoft) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:44 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:40 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 00:29:39 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 00:29:38 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/17 08:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 08:28:00 | 000,871,388 | ---- | M] (BCM) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMDM.sys -- (BCMModem)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2001/08/30 05:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Emsisoft\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Emsisoft\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/03/20 19:34:32 | 000,000,002 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/05 15:53:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/04 13:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Application Data\OnlineArmor
[2010/09/04 13:12:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OnlineArmor
[2010/08/25 21:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/25 21:06:32 | 000,028,232 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/08/25 21:06:32 | 000,022,600 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/08/25 21:06:31 | 000,236,104 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/08/25 21:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft
[2010/08/25 19:39:50 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/08/25 19:39:49 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/08/25 19:39:47 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/08/25 19:39:45 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/08/25 19:39:41 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/08/25 19:39:40 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/08/25 19:39:39 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/08/25 19:38:36 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/08/25 19:38:35 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/08/25 19:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/25 19:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/08/19 19:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Application Data\InstallShield
[2010/08/19 19:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Application Data\Malwarebytes
[2010/08/19 19:18:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/19 19:18:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/08/19 19:18:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/19 19:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/18 11:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Local Settings\Application Data\Identities
[2010/08/18 11:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Local Settings\Application Data\Adobe
[2010/08/17 19:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/08/17 19:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Application Data\SUPERAntiSpyware.com
[2010/08/17 18:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/17 18:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Desktop\Alan Williamson
[2010/08/17 18:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Williamson\Desktop\Judy Williamson
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/05 15:48:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/05 15:48:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/05 15:48:15 | 132,501,504 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/05 15:09:40 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Williamson\NTUSER.DAT
[2010/09/04 13:09:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/25 21:09:36 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/25 21:07:21 | 000,305,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/25 21:07:21 | 000,037,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/25 19:39:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/08/25 19:39:41 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/23 21:45:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Williamson\ntuser.ini
[2010/08/23 21:44:47 | 003,231,860 | -H-- | M] () -- C:\Documents and Settings\Williamson\Local Settings\Application Data\IconCache.db
[2010/08/23 21:41:28 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/08/23 14:07:40 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Williamson\Setup.ini
[2010/08/23 14:07:40 | 000,000,044 | ---- | M] () -- C:\Documents and Settings\Williamson\IsConfig.ini
[2010/08/23 03:01:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/19 19:18:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 19:45:07 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/17 18:53:49 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Williamson\Desktop\HijackThis.lnk
[2010/08/17 18:15:53 | 000,122,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/07 12:25:58 | 000,022,600 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2010/07/07 12:25:42 | 000,028,232 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2010/07/07 12:25:38 | 000,236,104 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/25 21:09:36 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/25 19:39:54 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2010/08/19 19:59:42 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Williamson\Setup.ini
[2010/08/19 19:59:41 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\Williamson\IsConfig.ini
[2010/08/19 19:18:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/19 12:50:36 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/08/17 18:53:49 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Williamson\Desktop\HijackThis.lnk
[2010/01/01 09:23:45 | 000,000,671 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/18 12:45:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/06/02 09:29:09 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2001/08/30 05:30:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/08/25 19:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/09/04 13:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OnlineArmor
[2008/10/10 16:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PopCap Games
[2010/09/04 13:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Williamson\Application Data\OnlineArmor
[2008/05/11 16:59:12 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/04/26 09:27:29 | 000,000,002 | ---- | M] () -- C:\-266657205
[2002/03/20 19:34:32 | 000,000,002 | ---- | M] () -- C:\autoexec.bat
[2010/01/01 17:12:00 | 000,000,302 | RHS- | M] () -- C:\boot.ini
[2001/10/09 13:30:18 | 000,000,112 | -HS- | M] () -- C:\BOOTLOG.TXT
[2001/10/09 13:30:20 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2008/05/11 16:25:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[1999/04/23 23:22:00 | 000,068,871 | RHS- | M] () -- C:\DRVSPACE.BIN
[2010/09/05 15:48:15 | 132,501,504 | -HS- | M] () -- C:\hiberfil.sys
[2001/10/09 13:50:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/12/12 16:06:49 | 000,001,043 | -H-- | M] () -- C:\IPH.PH
[2001/10/09 13:50:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/01/01 17:00:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/01 17:00:52 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/09/05 23:25:19 | 218,103,808 | -HS- | M] () -- C:\pagefile.sys
[2006/12/12 16:06:50 | 000,000,060 | -H-- | M] () -- C:\T4Metrics.log
[2010/08/17 22:18:04 | 000,034,956 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_17.08.2010_22.14.21_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/05/11 16:24:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/08/23 09:58:24 | 000,001,610 | -H-- | M] () -- C:\Documents and Settings\Williamson\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/05/11 11:03:45 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/11 11:03:45 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/11 11:03:44 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/01/01 17:11:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/01 17:24:08 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Williamson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/01/01 09:08:52 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Williamson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/01/01 17:24:09 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Williamson\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/05 15:49:44 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Williamson\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 02:56:57 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2004/08/04 02:56:41 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/02/07 14:09:54 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/02/07 14:09:54 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2002/04/10 18:57:14 | 000,024,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\migrate.dll
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 02:56:13 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 02:56:53 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 22:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2002/02/07 14:09:42 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/02/07 14:09:42 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/02/07 14:09:42 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/02/07 14:10:02 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-23 08:01:46

========== Files - Unicode (All) ==========
[2010/08/25 21:03:29 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
[2010/08/25 21:03:29 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2010/08/25 21:03:29 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
[2010/08/25 21:03:29 | 000,000,000 | ---D | M](C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
[2008/04/13 08:52:09 | 000,000,000 | ---D | M](C:\Program Files\??stem32\??stem32) -- C:\Program Files\ѕуstem32\ѕуstem32
[2008/01/18 19:47:56 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
[2008/01/18 19:47:56 | 000,000,000 | ---D | M](C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
(C:\Program Files\Common Files\F?nts) -- C:\Program Files\Common Files\Fоnts
(C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
(C:\Program Files\??stem32) -- C:\Program Files\ѕуstem32
< End of report >

Back to top

#2 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 06 September 2010 - 04:49 AM

Thanks :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE. If Combofix asks you to install Recovery Console, please allow it.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#3 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 06 September 2010 - 05:12 AM

I also forget to say that I cannot connect this computer to the internet.

Back to top

#4 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 06 September 2010 - 05:13 AM

Why?

Back to top

#5 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 06 September 2010 - 05:16 AM

Beacause I have no connection to plug it into.

Back to top

#6 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 06 September 2010 - 05:16 AM

But im using a jump drive.

Back to top

#7 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 06 September 2010 - 05:18 AM

Quote

I have no connection to plug it into.

It's unclear. Say again....

Back to top

#8 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 06 September 2010 - 05:19 AM

I have no internet connection port to plug into nor do I have the right cable. But I have a jump drive.

Back to top

#9 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 06 September 2010 - 05:24 AM

You have no free port on your router, or the computer doesn't have internet port?

We'll have connect it to the net somehow, at some point, so we can run tools, which are up to date.

For now, you can download Combofix on your computer and move it to the other computer, using USB flash drive.

Try to figure connections issue by tomorrow.
It's bed time for me, so I'll check on you tomorrow morning :)

Back to top

#10 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 06 September 2010 - 05:28 AM

I have a no free port on my router. But I also tried a wireless card and it said OS not supported even though the driver supported all operating systems and service packs.

Back to top

#11 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 06 September 2010 - 06:57 AM

Here is the log:

ComboFix 10-09-04.06 - Williamson 09/06/2010 0:15.1.1 - x86
Running from: E:\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Defender Pro Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\ffiw
c:\program files\Common Files\ffiw\ffiwa.lck
c:\program files\Common Files\ffiw\ffiwd\class-barrel
c:\program files\Common Files\ffiw\ffiwd\vocabulary
c:\program files\Common Files\ffiw\ffiwh
c:\program files\Common Files\ffiw\ffiwl.lck
c:\program files\Common Files\ffiw\ffiwm.lck
c:\program files\Common Files\fnts~1
c:\program files\Common Files\icroso~1.net
c:\program files\Drmupgds
c:\program files\Helper
c:\program files\kernel
c:\program files\RcvSystem
c:\program files\stem32~1
c:\program files\stem32~1\??stem32\ctxad-555.0000
c:\program files\stem32~1\??stem32\ctxad-555.0001
c:\program files\stem32~1\??stem32\ctxad-555.0002
c:\program files\stem32~1\??stem32\ctxad-555.0003
c:\program files\stem32~1\??stem32\ctxad-555.0004
c:\program files\stem32~1\??stem32\ctxad-556.0000
c:\program files\stem32~1\??stem32\ctxad-556.0001
c:\program files\stem32~1\??stem32\ctxad-556.0002
c:\program files\stem32~1\??stem32\ctxad-556.0003
c:\program files\stem32~1\??stem32\ctxad-558.0000
c:\program files\stem32~1\??stem32\ctxad-561.0000
c:\program files\stem32~1\??stem32\ctxad-561.0001
c:\program files\stem32~1\??stem32\ctxad-561.0002
c:\program files\stem32~1\??stem32\ctxad-564.0000
c:\program files\stem32~1\??stem32\ctxad-566.0000
c:\program files\stem32~1\??stem32\ctxad-566.0001
c:\program files\stem32~1\??stem32\ctxad-566.0002
c:\program files\stem32~1\??stem32\ctxad-566.0003
c:\program files\stem32~1\??stem32\ctxad-566.0004
c:\program files\stem32~1\??stem32\ctxad-568.0000
c:\program files\stem32~1\??stem32\ctxad-568.0001
c:\program files\stem32~1\??stem32\ctxad-568.0002
c:\program files\stem32~1\??stem32\ctxad-568.0003
c:\program files\stem32~1\??stem32\ctxad-568.0004
c:\program files\stem32~1\??stem32\ctxad-568.0005
c:\program files\stem32~1\??stem32\ctxad-570.0000
c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-05 20:53 . 2010-09-05 20:53 -------- d-----w- c:\windows\LastGood
2010-09-04 18:12 . 2010-09-04 18:13 -------- d-----w- c:\documents and settings\Williamson\Application Data\OnlineArmor
2010-09-04 18:12 . 2010-09-04 18:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\OnlineArmor
2010-08-26 02:12 . 2010-08-26 02:12 63488 ----a-w- c:\documents and settings\Williamson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-26 02:12 . 2010-08-26 02:12 52224 ----a-w- c:\documents and settings\Williamson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-26 02:11 . 2010-08-26 02:11 117760 ----a-w- c:\documents and settings\Williamson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-26 02:09 . 2010-08-26 02:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-26 02:06 . 2010-07-07 17:25 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-08-26 02:06 . 2010-07-07 17:25 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-08-26 02:06 . 2010-07-07 17:25 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-08-26 02:06 . 2010-08-26 02:06 -------- d-----w- c:\program files\Emsisoft
2010-08-26 00:39 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 00:39 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-26 00:39 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-26 00:39 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-26 00:39 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-26 00:39 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-26 00:39 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-26 00:38 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-26 00:38 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-26 00:38 . 2010-08-26 00:38 -------- d-----w- c:\program files\Alwil Software
2010-08-26 00:38 . 2010-08-26 00:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-08-20 18:01 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-08-20 18:01 . 2004-08-04 04:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-20 18:01 . 2004-08-04 04:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-20 18:01 . 2004-08-04 06:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-08-20 00:59 . 2010-08-20 00:59 -------- d-----w- c:\documents and settings\Williamson\Application Data\InstallShield
2010-08-20 00:18 . 2010-08-20 00:18 -------- d-----w- c:\documents and settings\Williamson\Application Data\Malwarebytes
2010-08-20 00:18 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-20 00:18 . 2010-08-20 00:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-08-20 00:18 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 00:18 . 2010-08-20 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-19 17:50 . 2009-11-27 17:33 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2010-08-19 17:50 . 2009-11-27 17:33 1291264 -c----w- c:\windows\system32\dllcache\quartz.dll
2010-08-19 17:50 . 2009-12-14 07:35 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2010-08-19 17:50 . 2010-02-26 06:12 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2010-08-19 17:50 . 2008-10-23 13:01 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll
2010-08-19 17:49 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2010-08-18 16:23 . 2010-08-18 16:23 -------- d-----w- c:\documents and settings\Williamson\Local Settings\Application Data\Identities
2010-08-18 16:09 . 2010-08-18 16:09 -------- d-----w- c:\documents and settings\Williamson\Local Settings\Application Data\Adobe
2010-08-18 00:44 . 2010-08-18 00:44 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-08-18 00:44 . 2010-08-18 00:44 -------- d-----w- c:\documents and settings\Williamson\Application Data\SUPERAntiSpyware.com
2010-08-17 23:53 . 2010-08-17 23:53 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 02:42 . 2010-01-01 22:26 -------- d-----w- c:\program files\Common Files\BitDefender
2010-08-24 02:41 . 2010-01-11 02:47 81984 ----a-w- c:\windows\system32\bdod.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-30 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\OAui.exe" [2010-07-07 6854984]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
S1 aswSP;aswSP; [x]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-07-07 28232]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]

.
Contents of the 'Scheduled Tasks' folder

2008-05-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2001-08-30 07:56]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 00:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(408)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-09-06 01:11:02
ComboFix-quarantined-files.txt 2010-09-06 06:10

Pre-Run: 2,752,307,200 bytes free
Post-Run: 2,817,048,576 bytes free

- - End Of File - - 15B5757FE668DF153A670ACA831F4E66

Back to top

#12 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 06 September 2010 - 02:48 PM

Combofix log looks good now, but at this point I need you to free one router port and get this computer connected.

1. Update MBAM, run "Quick scan" and post the log.

2. Re-run Combofix and allow recovery console installation. Post new log.

Back to top

#13 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 07 September 2010 - 12:31 AM

Hi,

I found the driver for my wireless card and go it to install. But it will still not connect to the internet I tried the card on a diffrent computer same place and it worked. Any idea? The card is a TP link TL-WN353G.

Back to top

#14 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 07 September 2010 - 12:36 AM

Well, that's why, it'd be good to try hardwired connection.
If it works, or not, we'll know more what's causing the problem.
Sometimes, malwares will mess up networking settings and we need to find out, if this is the case.

Quote

it will still not connect to the internet

How exactly do you know? By a browser not working, or by trying "ping" command?

Back to top

#15 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 07 September 2010 - 12:42 AM

Broni,

I can tell beacause it says no connection down at the bottem right. Also I cannot hardwire the connection from my router first it goes into another desktop of mine then to the router also. I don't have the correct cable.

Thanks

Back to top

#16 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 07 September 2010 - 12:50 AM

I don't understand.
Why can't you disconnect one of your desktops for 15 minutes, so we can check connection issue, update tools and do more downloads?

Back to top

#17 dyjodapa Re: [INACTIVE] virus

Member

20 posts
Joined: September 06, 2010
3 topics
Skin: IP.Board
Local time: 05:50 PM

OS:Windows 7
Country:

Offline

:

Posted 07 September 2010 - 12:52 AM

Is there anyway I can get the updates to my jumpdrive?

Back to top

#18 Broni Re: [INACTIVE] virus

Malware Annihilator

24,310 posts
Joined: October 04, 2004
1,745 topics
Age: 57
Skin: IPBoard wide
Local time: 02:50 PM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Online

Time Online: 40d 3h 27m 12s

Posted 07 September 2010 - 01:08 AM

Look, that's not the point...

Firstly, you didn't answer my previous question.
Secondly, we're at this point of cleaning process, where we need that computer to be on line, making sure, it's functional and run some more tests.
We can do only so much being off-line.

Is there something, you're not telling me, or what's the deal here?
If you want to say something privately, you can always PM me.