Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Twitter Fixes Bug That Gives Unauthorized Access to Direct Messages

Featured Deal: Get 98% off the 2018 CompTIA Certification Training Bundle: Lifetime Access Deal

Photo

i honestly dont know if i have a malware problem

Started by blackened , Oct 09 2009 07:57 AM

  • This topic is locked This topic is locked
9 replies to this topic

#1 blackened

blackened

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:50 AM

Posted 09 October 2009 - 07:57 AM

i have Microsoft Windows XP Home Edition, Version 5.1.2600 Service Pack 3 Build 2600
running avira free, spywareguard, spywareblaster, superantispyware,
malwarebytes (that btw doesn't update, haven't resolved it yet), iobit360, xp firewall.

i tried restoring my computer at an earlier time but still would not be right.
i also tried running everything i have but it does not detect anything, i also can't install skype or ym.
i thing i have a malware problem, sometimes the screen freezes, slow connection,a program would suddenly not respond ie. hijack, mbam,etc, rearranging of folders, menu order in start menu,
sometimes a window would flash and say that it encountered a problem and would close, a dr postwarten debugger would appear.

i am not really good with computer and any help is very much appreciated.

here's my hijack log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:24 PM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

--
End of file - 3510 bytes

BC AdBot (Login to Remove)

 

#2 blackened

blackened
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:50 AM

Posted 13 October 2009 - 09:26 AM

Title was: i don't have CMD in my system, i dont know what to do ~ OB

hi,

so i was told that i don't have CMD in m system and i was told that my computer is infected so i am asking for your help.
thank you in advance..

dds.txt

DDS (Ver_09-10-13.01) - NTFSx86
Run by abet at 22:17:27.89 on Tue 10/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.564 [GMT 8:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Tall Emu\Online Armor\OAcat.exe
D:\Program Files\Tall Emu\Online Armor\oasrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\S3trayp.exe
D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
D:\Program Files\IObit\IObit Security 360\IS360tray.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Tall Emu\Online Armor\OAui.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Tall Emu\Online Armor\OAhlp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Program Files\IObit\IObit Security 360\is360.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Documents and Settings\abet\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.tallemu.com/webhelp
uSearchURL,(Default) = hxxp://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - d:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - d:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] d:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [HDAudDeck] d:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [IObit Security 360] d:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "d:\program files\tall emu\online armor\OAui.exe"
mRun: [YSearchProtection] "d:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Windows Defender] "d:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com
Trusted Zone: yahoo.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255146281640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - d:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\abet\applic~1\mozilla\firefox\profiles\ntbr8vxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://ph.yahoo.com/s/1000717
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;d:\windows\system32\drivers\ViBus.sys [2009-10-9 16896]
R0 ViPrt;VIA SATA IDE Device Driver;d:\windows\system32\drivers\ViPrt.sys [2009-10-9 52224]
R1 OADevice;OADriver;d:\windows\system32\drivers\OADriver.sys [2009-10-9 200784]
R1 OAmon;OAmon;d:\windows\system32\drivers\OAmon.sys [2009-10-9 24656]
R1 OAnet;OAnet;d:\windows\system32\drivers\OAnet.sys [2009-10-9 29776]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-10-9 108289]
R2 IS360service;IS360service;d:\program files\iobit\iobit security 360\is360srv.exe [2009-10-9 309008]
R2 OAcat;Online Armor Helper Service;d:\program files\tall emu\online armor\oacat.exe [2009-10-9 1244360]
R2 SvcOnlineArmor;Online Armor;d:\program files\tall emu\online armor\oasrv.exe [2009-10-9 3184328]
R2 YahooAUService;Yahoo! Updater;d:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-10 602392]
R3 S3GIGP;S3GIGP;d:\windows\system32\drivers\S3gIGPm.sys [2009-10-9 714240]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-10-13 133104]

=============== Created Last 30 ================

2009-10-13 21:52 <DIR> --d----- d:\program files\Trend Micro
2009-10-13 09:39 <DIR> --d----- d:\docume~1\abet\applic~1\Auslogics
2009-10-13 09:38 <DIR> --d----- d:\program files\Auslogics
2009-10-10 23:42 411,368 a------- d:\windows\system32\deploytk.dll
2009-10-10 23:42 73,728 a------- d:\windows\system32\javacpl.cpl
2009-10-10 19:11 268,648 a------- d:\windows\system32\mucltui.dll
2009-10-10 19:11 27,496 a------- d:\windows\system32\mucltui.dll.mui
2009-10-10 17:29 2,265 a------- D:\Skype.lnk
2009-10-10 16:33 <DIR> --d----- d:\docume~1\abet\applic~1\Windows Search
2009-10-10 11:50 <DIR> --d----- d:\program files\CONEXANT
2009-10-10 11:46 1,089,593 -c------ d:\windows\system32\dllcache\ntprint.cat
2009-10-10 11:30 <DIR> --d----- d:\windows\system32\XPSViewer
2009-10-10 11:29 1,676,288 -c------ d:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 11:29 597,504 -c------ d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-10 11:29 575,488 -c------ d:\windows\system32\dllcache\xpsshhdr.dll
2009-10-10 11:29 89,088 -c------ d:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-10 11:29 <DIR> --d----- D:\e025f46f8633f754ea
2009-10-10 11:29 1,676,288 -------- d:\windows\system32\xpssvcs.dll
2009-10-10 11:29 575,488 -------- d:\windows\system32\xpsshhdr.dll
2009-10-10 11:29 117,760 -------- d:\windows\system32\prntvpt.dll
2009-10-10 10:31 <DIR> --d----- d:\docume~1\abet\applic~1\Windows Desktop Search
2009-10-10 10:31 <DIR> --d----- d:\windows\system32\GroupPolicy
2009-10-10 10:31 <DIR> --d----- d:\program files\Windows Desktop Search
2009-10-10 10:30 192,000 -c------ d:\windows\system32\dllcache\offfilt.dll
2009-10-10 10:30 98,304 -c------ d:\windows\system32\dllcache\nlhtml.dll
2009-10-10 10:30 29,696 -c------ d:\windows\system32\dllcache\mimefilt.dll
2009-10-10 10:29 <DIR> --d----- d:\windows\system32\URTTemp
2009-10-10 09:29 <DIR> --dsh--- d:\documents and settings\abet\IECompatCache
2009-10-10 09:29 <DIR> --dsh--- d:\documents and settings\abet\PrivacIE
2009-10-10 09:27 <DIR> --dsh--- d:\documents and settings\abet\IETldCache
2009-10-10 09:00 100,352 -c------ d:\windows\system32\dllcache\iecompat.dll
2009-10-10 08:59 <DIR> --d----- d:\windows\ie8updates
2009-10-10 08:59 12,800 -c------ d:\windows\system32\dllcache\xpshims.dll
2009-10-10 08:59 11,067,392 -c------ d:\windows\system32\dllcache\ieframe.dll
2009-10-10 08:59 1,985,536 -c------ d:\windows\system32\dllcache\iertutil.dll
2009-10-10 08:59 594,432 -c------ d:\windows\system32\dllcache\msfeeds.dll
2009-10-10 08:59 246,272 -c------ d:\windows\system32\dllcache\ieproxy.dll
2009-10-10 08:59 55,296 -c------ d:\windows\system32\dllcache\msfeedsbs.dll
2009-10-10 08:59 <DIR> -cd-h--- d:\windows\ie8
2009-10-10 08:41 195,440 -------- d:\windows\system32\MpSigStub.exe
2009-10-10 06:00 <DIR> --d----- d:\program files\common files\ODBC
2009-10-10 06:00 <DIR> --d----- d:\program files\common files\SpeechEngines
2009-10-10 05:59 66,082 ac------ d:\windows\system32\dllcache\c_28595.nls
2009-10-10 05:59 <DIR> --d--r-- d:\documents and settings\all users\Documents
2009-10-10 05:58 261 a------- d:\windows\system32\$winnt$.inf
2009-10-09 23:51 <DIR> --d--r-- d:\program files\Skype
2009-10-09 23:50 <DIR> --d----- d:\program files\Yahoo!
2009-10-09 23:33 <DIR> --dsh--- d:\documents and settings\abet\UserData
2009-10-09 23:05 <DIR> --d----- d:\docume~1\alluse~1\applic~1\OnlineArmor
2009-10-09 23:05 <DIR> --d----- d:\docume~1\abet\applic~1\OnlineArmor
2009-10-09 22:52 <DIR> --d----- d:\program files\Spybot - Search & Destroy
2009-10-09 22:52 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-09 22:34 <DIR> --d----- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-09 22:34 <DIR> --d----- d:\program files\SUPERAntiSpyware
2009-10-09 22:34 <DIR> --d----- d:\docume~1\abet\applic~1\SUPERAntiSpyware.com
2009-10-09 22:34 <DIR> --d----- d:\program files\common files\Wise Installation Wizard
2009-10-09 22:32 <DIR> --d----- d:\program files\SpywareBlaster
2009-10-09 22:28 <DIR> --d----- d:\docume~1\abet\applic~1\Malwarebytes
2009-10-09 22:28 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-10-09 22:28 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-09 22:25 <DIR> --d----- d:\program files\Tall Emu
2009-10-09 22:22 <DIR> --d----- d:\program files\Avira
2009-10-09 22:22 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Avira
2009-10-09 22:21 <DIR> --d----- d:\docume~1\alluse~1\applic~1\IObit
2009-10-09 22:21 <DIR> --d----- d:\program files\IObit
2009-10-09 22:14 <DIR> --d----- d:\program files\S3
2009-10-09 22:11 <DIR> --d----- d:\program files\VIA
2009-10-09 22:04 <DIR> --dsh--- d:\documents and settings\all users\DRM
2009-10-09 22:03 <DIR> --d-h--- d:\program files\WindowsUpdate
2009-10-09 22:03 <DIR> --d----- d:\program files\common files\MSSoap
2009-10-09 22:02 <DIR> --d----- d:\program files\Online Services
2009-10-09 22:02 <DIR> --d----- d:\program files\Messenger
2009-10-09 22:02 <DIR> --d----- d:\program files\MSN Gaming Zone
2009-10-09 22:01 <DIR> --d----- d:\program files\Windows NT

==================== Find3M ====================

2009-10-10 00:16 76,487 a------- d:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-09 22:02 21,640 a------- d:\windows\system32\emptyregdb.dat
2009-09-17 22:44 24,656 a------- d:\windows\system32\drivers\OAmon.sys
2009-09-17 22:44 29,776 a------- d:\windows\system32\drivers\OAnet.sys
2009-09-17 22:44 200,784 a------- d:\windows\system32\drivers\OADriver.sys
2009-09-10 14:54 38,224 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- d:\windows\system32\drivers\mbam.sys
2009-08-05 17:01 204,800 a------- d:\windows\system32\mswebdvd.dll
2009-07-29 12:37 119,808 a------- d:\windows\system32\t2embed.dll
2009-07-29 12:37 81,920 a------- d:\windows\system32\fontsub.dll
2009-07-18 03:01 58,880 a------- d:\windows\system32\atl.dll

============= FINISH: 22:19:00.93 ===============

here's my root repeal log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/13 22:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_ViPrt.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_ViPrt.sys
Address: 0xB9D44000 Size: 65536 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF76D7000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: D:\Program Files\Mozilla Firefox\settings.dat
Status: Visible to the Windows API, but not on disk.

Path: D:\Documents and Settings\abet\Local Settings\Temp\MSNL\PVC3954828.mhtml
Status: Visible to the Windows API, but not on disk.

Path: d:\documents and settings\all users\application data\microsoft\search\data\applications\windows\projects\systemindex\systemindex.ntfy5.gthr
Status: Size mismatch (API: 707552, Raw: 706566)

Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.ci
Status: Visible to the Windows API, but not on disk.

Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.dir
Status: Visible to the Windows API, but not on disk.

Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid
Status: Visible to the Windows API, but not on disk.

Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci
Status: Visible to the Windows API, but not on disk.

Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.dir
Status: Visible to the Windows API, but not on disk.

Path: D:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bae60

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb5c0

#: 031 Function Name: NtConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b9610

#: 037 Function Name: NtCreateFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c80d0

#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xb83f81de

#: 046 Function Name: NtCreatePort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b92c0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6580

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6960

#: 050 Function Name: NtCreateSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6060

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xb83f81d4

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b85a0

#: 062 Function Name: NtDeleteFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8b50

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xb83f81e3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xb83f81ed

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8fe0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8070

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c80a0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba5d0

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xb83f81f2

#: 116 Function Name: NtOpenFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8760

#: 119 Function Name: NtOpenKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c6c20

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xb83f81c0

#: 125 Function Name: NtOpenSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b6300

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xb83f81c5

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb250

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84baa10

#: 160 Function Name: NtQueryKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8010

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8040

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb740

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xb83f81fc

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba180

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xb83f81f7

#: 206 Function Name: NtResumeThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8c90

#: 207 Function Name: NtSaveKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c7ff0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b99d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b83c0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84c8e10

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8720

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xb83f81e8

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba4d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8e40

#: 254 Function Name: NtSuspendThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8ac0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b8900

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb85190b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b81a0

#: 262 Function Name: NtUnloadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84ba7f0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84bb400

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b48b0

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4be0

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1d50

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b37d0

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3350

#: 324 Function Name: NtUserCallTwoParam
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b41c0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2770

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3a80

#: 401 Function Name: NtUserGetDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4590

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2640

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2510

#: 439 Function Name: NtUserGetWindowDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4720

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b28a0

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3da0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b2ca0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3000

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1bf0

#: 502 Function Name: NtUserSendInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b35a0

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3940

#: 529 Function Name: NtUserSetParent
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3bd0

#: 546 Function Name: NtUserSetWindowPos
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b4090

#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1740

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b1360

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b19a0

#: 555 Function Name: NtUserShowWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb84b3fc0

==EOF==

Attached Files


Edited by Orange Blossom, 24 October 2009 - 01:50 PM.
Merged topics. ~ OB

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:50 PM

Posted 24 October 2009 - 05:36 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#4 blackened

blackened
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:50 AM

Posted 25 October 2009 - 09:11 AM

Hi, yeah I understand that you help a lot of people, and I thank you all for taking the time to try and find out if I got a problem.

So, I have a Microsoft Windows XP Home Edition, Version 5.1.2600 Service Pack 3 Build 2600
running avira free, spywareguard, spywareblaster, superantispyware,
malwarebytes, iobit360 and free online armor.

Truth is I really did not do anything in particular, just the usual update all of the above, scan my pc regularly, disk clean ups, defragment my hard drive,and as far as I know safe surfing, removed unwanted programs. But my pc still takes time booting up, the programs tend to open slowly, sometimes it freezes which prompts me to restart, there was a time that when i boot up my pc I found another account that I never created, the name was ASP.NET Machine A...., I just deleted this account, so I very much appreciate any help and thank you for helping us. Good day!



DDS (Ver_09-10-24.04) - NTFSx86
Run by abet at 21:50:43.14 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.590 [GMT 8:00]

AV: avast! antivirus 4.8.1356 [VPS 091024-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Tall Emu\Online Armor\OAcat.exe
D:\Program Files\Tall Emu\Online Armor\oasrv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\S3trayp.exe
D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
D:\Program Files\IObit\IObit Security 360\IS360tray.exe
D:\Program Files\Tall Emu\Online Armor\OAui.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\Program Files\Tall Emu\Online Armor\OAhlp.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\WINDOWS\system32\freecell.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\abet\My Documents\Downloads\dds(3).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.tallemu.com/webhelp
uSearchURL,(Default) = hxxp://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] d:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [HDAudDeck] d:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [IObit Security 360] d:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [@OnlineArmor GUI] "d:\program files\tall emu\online armor\OAui.exe"
mRun: [YSearchProtection] "d:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Windows Defender] "d:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] d:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com\download
Trusted Zone: windowsupdate.com
Trusted Zone: yahoo.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255146281640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - d:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\abet\applic~1\mozilla\firefox\profiles\ntbr8vxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://ph.yahoo.com/s/1000717
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;d:\windows\system32\drivers\ViBus.sys [2009-10-9 16896]
R0 ViPrt;VIA SATA IDE Device Driver;d:\windows\system32\drivers\ViPrt.sys [2009-10-9 52224]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-10-20 114768]
R1 OADevice;OADriver;d:\windows\system32\drivers\OADriver.sys [2009-10-9 200784]
R1 OAmon;OAmon;d:\windows\system32\drivers\OAmon.sys [2009-10-9 24656]
R1 OAnet;OAnet;d:\windows\system32\drivers\OAnet.sys [2009-10-9 29776]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-10-20 20560]
R2 IS360service;IS360service;d:\program files\iobit\iobit security 360\is360srv.exe [2009-10-9 309008]
R2 OAcat;Online Armor Helper Service;d:\program files\tall emu\online armor\oacat.exe [2009-10-9 1244360]
R2 SvcOnlineArmor;Online Armor;d:\program files\tall emu\online armor\oasrv.exe [2009-10-9 3184328]
R3 S3GIGP;S3GIGP;d:\windows\system32\drivers\S3gIGPm.sys [2009-10-9 714240]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-10-13 133104]

=============== Created Last 30 ================

2009-10-23 02:56:21 0 d-----w- d:\program files\Windows Media Connect 2
2009-10-23 02:53:33 0 d-----w- d:\windows\system32\LogFiles
2009-10-20 08:57:45 15064 ----a-w- d:\windows\system32\wuapi.dll.mui
2009-10-18 15:03:57 221184 ----a-w- d:\windows\system32\wmpns.dll
2009-10-15 05:59:04 25992 ----a-w- d:\windows\system32\pgdfgsvc.exe
2009-10-15 05:49:56 771581 -c--a-w- d:\windows\system32\dllcache\winacisa.sys
2009-10-15 05:48:58 7556 -c--a-w- d:\windows\system32\dllcache\usroslba.sys
2009-10-15 05:47:59 525568 -c--a-w- d:\windows\system32\dllcache\tridxp.dll
2009-10-15 05:46:58 172768 -c--a-w- d:\windows\system32\dllcache\t2r4disp.dll
2009-10-15 05:45:57 7552 -c--a-w- d:\windows\system32\dllcache\sonypvu1.sys
2009-10-15 05:44:58 50432 -c--a-w- d:\windows\system32\dllcache\sisv.sys
2009-10-15 05:43:59 495616 -c--a-w- d:\windows\system32\dllcache\sblfx.dll
2009-10-15 05:42:59 19584 -c--a-w- d:\windows\system32\dllcache\rasirda.sys
2009-10-15 05:41:57 173696 -c--a-w- d:\windows\system32\dllcache\philcam2.sys
2009-10-15 05:40:58 25088 -c--a-w- d:\windows\system32\dllcache\ovca.sys
2009-10-15 05:39:58 35392 -c--a-w- d:\windows\system32\dllcache\n9i128.dll
2009-10-15 05:38:58 47616 -c--a-w- d:\windows\system32\dllcache\memgrp.dll
2009-10-15 05:37:56 8192 -c--a-w- d:\windows\system32\dllcache\kbdkor.dll
2009-10-15 05:36:59 91136 -c--a-w- d:\windows\system32\dllcache\icam4com.dll
2009-10-15 05:35:59 67167 -c--a-w- d:\windows\system32\dllcache\hsf_bsc2.sys
2009-10-15 05:34:59 92160 -c--a-w- d:\windows\system32\dllcache\fuusd.dll
2009-10-15 05:33:59 19996 -c--a-w- d:\windows\system32\dllcache\em556n4.sys
2009-10-15 05:32:59 110592 -c--a-w- d:\windows\system32\dllcache\dc260usd.dll
2009-10-15 05:31:47 13824 -c--a-w- d:\windows\system32\dllcache\bulltlp3.sys
2009-10-15 05:30:21 46112 -c--a-w- d:\windows\system32\dllcache\adptsf50.sys
2009-10-13 13:52:47 0 d-----w- d:\program files\Trend Micro
2009-10-13 01:39:32 0 d-----w- d:\docume~1\abet\applic~1\Auslogics
2009-10-13 01:38:52 0 d-----w- d:\program files\Auslogics
2009-10-10 15:42:24 73728 ----a-w- d:\windows\system32\javacpl.cpl
2009-10-10 15:42:24 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-10-10 11:11:12 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-10-10 11:11:12 16736 ----a-w- d:\windows\system32\mucltui.dll.mui
2009-10-10 09:29:18 2265 ----a-w- D:\Skype.lnk
2009-10-10 08:33:04 0 d-----w- d:\docume~1\abet\applic~1\Windows Search
2009-10-10 03:50:02 0 d-----w- d:\program files\CONEXANT
2009-10-10 03:46:18 1089593 -c----w- d:\windows\system32\dllcache\ntprint.cat
2009-10-10 03:30:05 0 d-----w- d:\windows\system32\XPSViewer
2009-10-10 03:29:33 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-10 03:29:33 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-10 03:29:33 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2009-10-10 03:29:33 575488 ------w- d:\windows\system32\xpsshhdr.dll
2009-10-10 03:29:33 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 03:29:33 1676288 ------w- d:\windows\system32\xpssvcs.dll
2009-10-10 03:29:33 117760 ------w- d:\windows\system32\prntvpt.dll
2009-10-10 03:29:33 0 d-----w- D:\e025f46f8633f754ea
2009-10-10 02:31:38 0 d-----w- d:\docume~1\abet\applic~1\Windows Desktop Search
2009-10-10 02:31:08 0 d-----w- d:\windows\system32\GroupPolicy
2009-10-10 02:31:08 0 d-----w- d:\program files\Windows Desktop Search
2009-10-10 02:29:51 0 d-----w- d:\windows\system32\URTTemp
2009-10-10 01:29:50 0 d-sh--w- d:\documents and settings\abet\IECompatCache
2009-10-10 01:29:29 0 d-sh--w- d:\documents and settings\abet\PrivacIE
2009-10-10 01:27:59 0 d-sh--w- d:\documents and settings\abet\IETldCache
2009-10-10 01:00:00 100352 -c----w- d:\windows\system32\dllcache\iecompat.dll
2009-10-10 00:59:41 0 d-----w- d:\windows\ie8updates
2009-10-10 00:59:35 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2009-10-10 00:59:34 594432 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2009-10-10 00:59:34 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2009-10-10 00:59:34 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2009-10-10 00:59:34 1985536 -c----w- d:\windows\system32\dllcache\iertutil.dll
2009-10-10 00:59:34 11069440 -c----w- d:\windows\system32\dllcache\ieframe.dll
2009-10-10 00:59:13 0 dc-h--w- d:\windows\ie8
2009-10-10 00:41:36 195440 ------w- d:\windows\system32\MpSigStub.exe
2009-10-09 22:02:01 3072 -c--a-w- d:\windows\system32\dllcache\audstub.sys
2009-10-09 22:02:01 3072 ----a-w- d:\windows\system32\drivers\audstub.sys
2009-10-09 22:01:32 57600 -c--a-w- d:\windows\system32\dllcache\redbook.sys
2009-10-09 22:01:32 57600 ----a-w- d:\windows\system32\drivers\redbook.sys
2009-10-09 22:00:06 0 d-----w- d:\program files\common files\ODBC
2009-10-09 22:00:03 0 d-----w- d:\program files\common files\SpeechEngines
2009-10-09 21:59:45 0 d-----r- d:\documents and settings\all users\Documents
2009-10-09 15:51:04 0 d-----r- d:\program files\Skype
2009-10-09 15:50:56 0 d-----w- d:\program files\Yahoo!
2009-10-09 15:05:27 0 d-----w- d:\docume~1\alluse~1\applic~1\OnlineArmor
2009-10-09 15:05:27 0 d-----w- d:\docume~1\abet\applic~1\OnlineArmor
2009-10-09 14:52:49 0 d-----w- d:\program files\Spybot - Search & Destroy
2009-10-09 14:52:49 0 d-----w- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-09 14:34:32 0 d-----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-09 14:34:25 0 d-----w- d:\program files\SUPERAntiSpyware
2009-10-09 14:34:25 0 d-----w- d:\docume~1\abet\applic~1\SUPERAntiSpyware.com
2009-10-09 14:34:08 0 d-----w- d:\program files\common files\Wise Installation Wizard
2009-10-09 14:32:05 0 d-----w- d:\program files\SpywareBlaster
2009-10-09 14:28:52 0 d-----w- d:\docume~1\abet\applic~1\Malwarebytes
2009-10-09 14:28:46 0 d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-10-09 14:28:46 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-09 14:25:18 0 d-----w- d:\program files\Tall Emu
2009-10-09 14:21:40 0 d-----w- d:\docume~1\alluse~1\applic~1\IObit
2009-10-09 14:21:38 0 d-----w- d:\program files\IObit
2009-10-09 14:14:07 0 d-----w- d:\program files\S3
2009-10-09 14:11:54 0 d-----w- d:\program files\VIA
2009-10-09 14:04:05 0 d-sh--w- d:\documents and settings\all users\DRM
2009-10-09 14:03:50 0 d--h--w- d:\program files\WindowsUpdate
2009-10-09 14:03:11 0 d-----w- d:\program files\common files\MSSoap
2009-10-09 14:02:14 0 d-----w- d:\program files\Online Services
2009-10-09 14:02:10 0 d-----w- d:\program files\Messenger
2009-10-09 14:02:07 0 d-----w- d:\program files\MSN Gaming Zone
2009-10-09 14:01:39 0 d-----w- d:\program files\Windows NT

==================== Find3M ====================

2009-10-09 14:02:44 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-09-17 14:44:58 24656 ----a-w- d:\windows\system32\drivers\OAmon.sys
2009-09-17 14:44:44 29776 ----a-w- d:\windows\system32\drivers\OAnet.sys
2009-09-17 14:44:40 200784 ----a-w- d:\windows\system32\drivers\OADriver.sys
2009-09-11 14:18:39 136192 ----a-w- d:\windows\system32\msv1_0.dll
2009-09-10 06:54:06 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 06:53:50 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- d:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- d:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- d:\windows\system32\strmdll.dll
2009-08-06 11:23:46 215920 ----a-w- d:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- d:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- d:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37:01 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37:01 119808 ----a-w- d:\windows\system32\t2embed.dll

============= FINISH: 21:51:53.43 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-24.04)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2009 10:06:22 PM
System Uptime: 10/25/2009 9:36:00 PM (0 hours ago)

Motherboard: ECS | | P4M900T-M2
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2194/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 19.469 GiB free.
D: is FIXED (NTFS) - 55 GiB total, 42.792 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/9/2009 10:08:22 PM - System Checkpoint
RP2: 10/9/2009 10:11:51 PM - Installed Platform
RP3: 10/9/2009 10:16:21 PM - Configured Platform
RP4: 10/9/2009 10:20:24 PM - Avira AntiVir Personal - 10/9/2009 22:20
RP5: 10/9/2009 10:22:40 PM - Installed Windows XP KB901190.
RP6: 10/9/2009 10:22:52 PM - Installed Windows XP KB950762.
RP7: 10/9/2009 10:22:56 PM - Installed Windows XP KB951376-v2.
RP8: 10/9/2009 10:23:21 PM - Installed Windows XP KB951748.
RP9: 10/9/2009 10:23:33 PM - Installed Windows XP KB944338-v2.
RP10: 10/9/2009 10:24:03 PM - Installed Windows XP KB951066.
RP11: 10/9/2009 10:24:27 PM - Installed Windows XP KB946648.
RP12: 10/9/2009 10:24:54 PM - Installed Windows XP KB952954.
RP13: 10/9/2009 10:25:22 PM - Online Armor installation
RP14: 10/9/2009 10:25:26 PM - Installed Windows XP KB950974.
RP15: 10/9/2009 10:26:04 PM - Installed Windows XP KB958644.
RP16: 10/9/2009 10:26:24 PM - Installed Windows XP KB955069.
RP17: 10/9/2009 10:26:41 PM - Installed Windows XP KB957097.
RP18: 10/9/2009 10:26:53 PM - Installed Windows XP KB954600.
RP19: 10/9/2009 10:27:07 PM - Installed Windows XP KB956802.
RP20: 10/9/2009 10:31:45 PM - Installed Windows Media Player KB952069.
RP21: 10/9/2009 10:31:58 PM - Installed Windows XP KB956803.
RP22: 10/9/2009 10:32:16 PM - Installed Windows XP KB958687.
RP23: 10/9/2009 10:32:33 PM - Installed Windows XP KB960225.
RP24: 10/9/2009 10:33:01 PM - Installed Windows XP KB938464-v2.
RP25: 10/9/2009 10:33:38 PM - Installed Windows XP KB923561.
RP26: 10/9/2009 10:34:25 PM - Installed SUPERAntiSpyware Free Edition
RP27: 10/9/2009 10:35:44 PM - Installed Windows XP KB956572.
RP28: 10/9/2009 10:36:07 PM - Installed Windows XP KB952004.
RP29: 10/9/2009 10:36:22 PM - Installed Windows XP KB960803.
RP30: 10/9/2009 10:36:52 PM - Installed Windows XP KB959426.
RP31: 10/9/2009 10:37:05 PM - Installed Windows XP KB961501.
RP32: 10/9/2009 10:37:42 PM - Installed Windows XP KB968537.
RP33: 10/9/2009 10:38:04 PM - Installed Windows XP KB970238.
RP34: 10/9/2009 10:38:41 PM - Installed Windows XP KB971633.
RP35: 10/9/2009 10:38:57 PM - Installed Windows XP KB973346.
RP36: 10/9/2009 10:41:21 PM - Installed Windows XP KB972260.
RP37: 10/9/2009 10:41:43 PM - Installed Windows XP KB971032.
RP38: 10/9/2009 10:41:53 PM - Installed Windows XP KB971557.
RP39: 10/9/2009 10:45:14 PM - Installed Windows Media Player KB973540.
RP40: 10/9/2009 10:45:45 PM - Installed Windows XP KB973869.
RP41: 10/9/2009 10:46:07 PM - Installed Windows XP KB958470.
RP42: 10/9/2009 10:46:37 PM - Installed Windows XP KB973354.
RP43: 10/9/2009 10:46:45 PM - Installed Windows XP KB973507.
RP44: 10/9/2009 10:46:53 PM - Installed Windows XP KB960859.
RP45: 10/9/2009 10:47:00 PM - Installed Windows XP KB973815.
RP46: 10/9/2009 10:47:10 PM - Installed Windows XP KB971657.
RP47: 10/9/2009 10:47:18 PM - Installed Windows XP KB961371-v2.
RP48: 10/9/2009 10:49:54 PM - Software Distribution Service 3.0
RP49: 10/9/2009 11:36:07 PM - Software Distribution Service 3.0
RP50: 10/10/2009 12:03:23 AM - Software Distribution Service 3.0
RP51: 10/10/2009 12:28:24 AM - Software Distribution Service 3.0
RP52: 10/10/2009 8:35:19 AM - Installed Windows Defender
RP53: 10/10/2009 8:41:33 AM - Software Distribution Service 3.0
RP54: 10/10/2009 8:51:31 AM - Software Distribution Service 3.0
RP55: 10/10/2009 9:31:50 AM - Software Distribution Service 3.0
RP56: 10/10/2009 10:29:02 AM - Software Distribution Service 3.0
RP57: 10/10/2009 10:35:50 AM - Software Distribution Service 3.0
RP58: 10/10/2009 11:02:56 AM - Installed Windows XP KB973869.
RP59: 10/10/2009 11:03:14 AM - Installed Windows XP KB973815.
RP60: 10/10/2009 11:03:32 AM - Installed Windows XP KB973507.
RP61: 10/10/2009 11:14:16 AM - Installed Windows XP KB973346.
RP62: 10/10/2009 11:24:47 AM - Software Distribution Service 3.0
RP63: 10/10/2009 11:49:55 AM - Software Distribution Service 3.0
RP64: 10/10/2009 12:11:28 PM - Software Distribution Service 3.0
RP65: 10/10/2009 11:42:01 PM - Installed Java™ 6 Update 16
RP66: 10/13/2009 7:04:19 AM - Software Distribution Service 3.0
RP67: 10/14/2009 11:10:15 AM - Software Distribution Service 3.0
RP68: 10/16/2009 2:28:53 PM - Software Distribution Service 3.0
RP69: 10/20/2009 5:03:33 PM - Software Distribution Service 3.0
RP70: 10/20/2009 9:41:56 PM - Avira AntiVir Personal - 10/20/2009 21:41
RP71: 10/23/2009 10:53:09 AM - Installed Windows Media Player 11
RP72: 10/23/2009 10:53:32 AM - Installed Windows XP Wudf01000.
RP73: 10/23/2009 10:55:13 AM - Installed Windows Media Player 11
RP74: 10/23/2009 10:56:55 AM - Installed Windows XP MSCompPackV1.
RP75: 10/23/2009 11:26:20 AM - Software Distribution Service 3.0
RP76: 10/23/2009 1:19:02 PM - Installed Windows Media Player 11
RP77: 10/23/2009 1:20:53 PM - Installed Windows XP MSCompPackV1.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Auslogics Registry Cleaner
avast! Antivirus
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
IObit Security 360
Java™ 6 Update 16
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
Online Armor 3.5
PCI SoftV92 Modem
Platform
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Display Driver 6.14.10.0099
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Search Protection

==== Event Viewer Messages From Past Week ========

10/24/2009 9:46:01 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 00000000.
10/20/2009 7:46:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001BB9D25A65 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/20/2009 4:43:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/20/2009 4:06:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT OADevice OAmon OAnet RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:05:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/20/2009 10:10:45 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: Access is denied.
10/20/2009 10:10:45 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: Access is denied.
10/20/2009 10:10:36 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2149896199
10/20/2009 10:10:35 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
10/20/2009 10:10:35 PM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: Access is denied.
10/20/2009 10:10:35 PM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: Access is denied.

==== End Of File ===========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 21:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_ViPrt.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_ViPrt.sys
Address: 0xB863E000 Size: 65536 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xACBBD000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7167e60

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71685c0

#: 025 Function Name: NtClose
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd46b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7166610

#: 037 Function Name: NtCreateFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71750d0

#: 041 Function Name: NtCreateKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd4574

#: 046 Function Name: NtCreatePort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71662c0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163580

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163960

#: 050 Function Name: NtCreateSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163060

#: 053 Function Name: NtCreateThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7164a40

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71655a0

#: 062 Function Name: NtDeleteFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175b50

#: 063 Function Name: NtDeleteKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71739e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd4a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd414c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175070

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71750a0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71675d0

#: 098 Function Name: NtLoadKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7174780

#: 116 Function Name: NtOpenFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175760

#: 119 Function Name: NtOpenKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd464e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd408c

#: 125 Function Name: NtOpenSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163300

#: 128 Function Name: NtOpenThread
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd40f0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7168250

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7167a10

#: 160 Function Name: NtQueryKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175010

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd476e

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7168740

#: 193 Function Name: NtReplaceKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7174b20

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7167180

#: 204 Function Name: NtRestoreKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd472e

#: 206 Function Name: NtResumeThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165c90

#: 207 Function Name: NtSaveKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7174ff0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71669d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71653c0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175e10

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165720

#: 247 Function Name: NtSetValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd48ae

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71674d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165e40

#: 254 Function Name: NtSuspendThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165ac0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165900

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb71ee0b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71651a0

#: 262 Function Name: NtUnloadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71677f0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7168400

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71618b0

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161be0

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715ed50

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71607d0

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160350

#: 324 Function Name: NtUserCallTwoParam
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71611c0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f770

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160a80

#: 401 Function Name: NtUserGetDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161590

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f640

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f510

#: 439 Function Name: NtUserGetWindowDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161720

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f8a0

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160da0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715fca0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160000

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715ebf0

#: 502 Function Name: NtUserSendInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71605a0

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160940

#: 529 Function Name: NtUserSetParent
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160bd0

#: 546 Function Name: NtUserSetWindowPos
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161090

#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715e740

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715e360

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715e9a0

#: 555 Function Name: NtUserShowWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160fc0

==EOF==



Hi, yeah I understand that you help a lot of people, and I thank you all for taking the time to try and find out if I got a problem.

So, I have a Microsoft Windows XP Home Edition, Version 5.1.2600 Service Pack 3 Build 2600
running avira free, spywareguard, spywareblaster, superantispyware,
malwarebytes, iobit360 and free online armor.

Truth is I really did not do anything in particular, just the usual update all of the above, scan my pc regularly, disk clean ups, defragment my hard drive,and as far as I know safe surfing, removed unwanted programs. But my pc still takes time booting up, the programs tend to open slowly, sometimes it freezes which prompts me to restart, there was a time that when i boot up my pc I found another account that I never created, the name was ASP.NET Machine A...., I just deleted this account, so I very much appreciate any help and thank you for helping us. Good day!



DDS (Ver_09-10-24.04) - NTFSx86
Run by abet at 21:50:43.14 on Sun 10/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.590 [GMT 8:00]

AV: avast! antivirus 4.8.1356 [VPS 091024-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Tall Emu\Online Armor\OAcat.exe
D:\Program Files\Tall Emu\Online Armor\oasrv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\system32\S3trayp.exe
D:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
D:\Program Files\IObit\IObit Security 360\IS360tray.exe
D:\Program Files\Tall Emu\Online Armor\OAui.exe
D:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
D:\Program Files\Windows Defender\MSASCui.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\IObit\IObit Security 360\IS360srv.exe
D:\Program Files\Tall Emu\Online Armor\OAhlp.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\WINDOWS\system32\freecell.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Documents and Settings\abet\My Documents\Downloads\dds(3).scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://aa.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://ph.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.tallemu.com/webhelp
uSearchURL,(Default) = hxxp://aa.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://ph.yahoo.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "d:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] d:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [S3Trayp] S3trayp.exe
mRun: [HDAudDeck] d:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [IObit Security 360] d:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [@OnlineArmor GUI] "d:\program files\tall emu\online armor\OAui.exe"
mRun: [YSearchProtection] "d:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Windows Defender] "d:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] d:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com \*.windowsupdate
Trusted Zone: windowsupdate.com\download
Trusted Zone: windowsupdate.com
Trusted Zone: yahoo.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255146281640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\tallem~1\online~1\oaevent.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - d:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\abet\applic~1\mozilla\firefox\profiles\ntbr8vxl.default\
FF - prefs.js: browser.startup.homepage - hxxp://ph.yahoo.com/s/1000717
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 ViBus;ViBus;d:\windows\system32\drivers\ViBus.sys [2009-10-9 16896]
R0 ViPrt;VIA SATA IDE Device Driver;d:\windows\system32\drivers\ViPrt.sys [2009-10-9 52224]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [2009-10-20 114768]
R1 OADevice;OADriver;d:\windows\system32\drivers\OADriver.sys [2009-10-9 200784]
R1 OAmon;OAmon;d:\windows\system32\drivers\OAmon.sys [2009-10-9 24656]
R1 OAnet;OAnet;d:\windows\system32\drivers\OAnet.sys [2009-10-9 29776]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2009-10-20 20560]
R2 IS360service;IS360service;d:\program files\iobit\iobit security 360\is360srv.exe [2009-10-9 309008]
R2 OAcat;Online Armor Helper Service;d:\program files\tall emu\online armor\oacat.exe [2009-10-9 1244360]
R2 SvcOnlineArmor;Online Armor;d:\program files\tall emu\online armor\oasrv.exe [2009-10-9 3184328]
R3 S3GIGP;S3GIGP;d:\windows\system32\drivers\S3gIGPm.sys [2009-10-9 714240]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2009-10-13 133104]

=============== Created Last 30 ================

2009-10-23 02:56:21 0 d-----w- d:\program files\Windows Media Connect 2
2009-10-23 02:53:33 0 d-----w- d:\windows\system32\LogFiles
2009-10-20 08:57:45 15064 ----a-w- d:\windows\system32\wuapi.dll.mui
2009-10-18 15:03:57 221184 ----a-w- d:\windows\system32\wmpns.dll
2009-10-15 05:59:04 25992 ----a-w- d:\windows\system32\pgdfgsvc.exe
2009-10-15 05:49:56 771581 -c--a-w- d:\windows\system32\dllcache\winacisa.sys
2009-10-15 05:48:58 7556 -c--a-w- d:\windows\system32\dllcache\usroslba.sys
2009-10-15 05:47:59 525568 -c--a-w- d:\windows\system32\dllcache\tridxp.dll
2009-10-15 05:46:58 172768 -c--a-w- d:\windows\system32\dllcache\t2r4disp.dll
2009-10-15 05:45:57 7552 -c--a-w- d:\windows\system32\dllcache\sonypvu1.sys
2009-10-15 05:44:58 50432 -c--a-w- d:\windows\system32\dllcache\sisv.sys
2009-10-15 05:43:59 495616 -c--a-w- d:\windows\system32\dllcache\sblfx.dll
2009-10-15 05:42:59 19584 -c--a-w- d:\windows\system32\dllcache\rasirda.sys
2009-10-15 05:41:57 173696 -c--a-w- d:\windows\system32\dllcache\philcam2.sys
2009-10-15 05:40:58 25088 -c--a-w- d:\windows\system32\dllcache\ovca.sys
2009-10-15 05:39:58 35392 -c--a-w- d:\windows\system32\dllcache\n9i128.dll
2009-10-15 05:38:58 47616 -c--a-w- d:\windows\system32\dllcache\memgrp.dll
2009-10-15 05:37:56 8192 -c--a-w- d:\windows\system32\dllcache\kbdkor.dll
2009-10-15 05:36:59 91136 -c--a-w- d:\windows\system32\dllcache\icam4com.dll
2009-10-15 05:35:59 67167 -c--a-w- d:\windows\system32\dllcache\hsf_bsc2.sys
2009-10-15 05:34:59 92160 -c--a-w- d:\windows\system32\dllcache\fuusd.dll
2009-10-15 05:33:59 19996 -c--a-w- d:\windows\system32\dllcache\em556n4.sys
2009-10-15 05:32:59 110592 -c--a-w- d:\windows\system32\dllcache\dc260usd.dll
2009-10-15 05:31:47 13824 -c--a-w- d:\windows\system32\dllcache\bulltlp3.sys
2009-10-15 05:30:21 46112 -c--a-w- d:\windows\system32\dllcache\adptsf50.sys
2009-10-13 13:52:47 0 d-----w- d:\program files\Trend Micro
2009-10-13 01:39:32 0 d-----w- d:\docume~1\abet\applic~1\Auslogics
2009-10-13 01:38:52 0 d-----w- d:\program files\Auslogics
2009-10-10 15:42:24 73728 ----a-w- d:\windows\system32\javacpl.cpl
2009-10-10 15:42:24 411368 ----a-w- d:\windows\system32\deploytk.dll
2009-10-10 11:11:12 274288 ----a-w- d:\windows\system32\mucltui.dll
2009-10-10 11:11:12 16736 ----a-w- d:\windows\system32\mucltui.dll.mui
2009-10-10 09:29:18 2265 ----a-w- D:\Skype.lnk
2009-10-10 08:33:04 0 d-----w- d:\docume~1\abet\applic~1\Windows Search
2009-10-10 03:50:02 0 d-----w- d:\program files\CONEXANT
2009-10-10 03:46:18 1089593 -c----w- d:\windows\system32\dllcache\ntprint.cat
2009-10-10 03:30:05 0 d-----w- d:\windows\system32\XPSViewer
2009-10-10 03:29:33 89088 -c----w- d:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-10 03:29:33 597504 -c----w- d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-10 03:29:33 575488 -c----w- d:\windows\system32\dllcache\xpsshhdr.dll
2009-10-10 03:29:33 575488 ------w- d:\windows\system32\xpsshhdr.dll
2009-10-10 03:29:33 1676288 -c----w- d:\windows\system32\dllcache\xpssvcs.dll
2009-10-10 03:29:33 1676288 ------w- d:\windows\system32\xpssvcs.dll
2009-10-10 03:29:33 117760 ------w- d:\windows\system32\prntvpt.dll
2009-10-10 03:29:33 0 d-----w- D:\e025f46f8633f754ea
2009-10-10 02:31:38 0 d-----w- d:\docume~1\abet\applic~1\Windows Desktop Search
2009-10-10 02:31:08 0 d-----w- d:\windows\system32\GroupPolicy
2009-10-10 02:31:08 0 d-----w- d:\program files\Windows Desktop Search
2009-10-10 02:29:51 0 d-----w- d:\windows\system32\URTTemp
2009-10-10 01:29:50 0 d-sh--w- d:\documents and settings\abet\IECompatCache
2009-10-10 01:29:29 0 d-sh--w- d:\documents and settings\abet\PrivacIE
2009-10-10 01:27:59 0 d-sh--w- d:\documents and settings\abet\IETldCache
2009-10-10 01:00:00 100352 -c----w- d:\windows\system32\dllcache\iecompat.dll
2009-10-10 00:59:41 0 d-----w- d:\windows\ie8updates
2009-10-10 00:59:35 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2009-10-10 00:59:34 594432 -c----w- d:\windows\system32\dllcache\msfeeds.dll
2009-10-10 00:59:34 55296 -c----w- d:\windows\system32\dllcache\msfeedsbs.dll
2009-10-10 00:59:34 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2009-10-10 00:59:34 1985536 -c----w- d:\windows\system32\dllcache\iertutil.dll
2009-10-10 00:59:34 11069440 -c----w- d:\windows\system32\dllcache\ieframe.dll
2009-10-10 00:59:13 0 dc-h--w- d:\windows\ie8
2009-10-10 00:41:36 195440 ------w- d:\windows\system32\MpSigStub.exe
2009-10-09 22:02:01 3072 -c--a-w- d:\windows\system32\dllcache\audstub.sys
2009-10-09 22:02:01 3072 ----a-w- d:\windows\system32\drivers\audstub.sys
2009-10-09 22:01:32 57600 -c--a-w- d:\windows\system32\dllcache\redbook.sys
2009-10-09 22:01:32 57600 ----a-w- d:\windows\system32\drivers\redbook.sys
2009-10-09 22:00:06 0 d-----w- d:\program files\common files\ODBC
2009-10-09 22:00:03 0 d-----w- d:\program files\common files\SpeechEngines
2009-10-09 21:59:45 0 d-----r- d:\documents and settings\all users\Documents
2009-10-09 15:51:04 0 d-----r- d:\program files\Skype
2009-10-09 15:50:56 0 d-----w- d:\program files\Yahoo!
2009-10-09 15:05:27 0 d-----w- d:\docume~1\alluse~1\applic~1\OnlineArmor
2009-10-09 15:05:27 0 d-----w- d:\docume~1\abet\applic~1\OnlineArmor
2009-10-09 14:52:49 0 d-----w- d:\program files\Spybot - Search & Destroy
2009-10-09 14:52:49 0 d-----w- d:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-09 14:34:32 0 d-----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-09 14:34:25 0 d-----w- d:\program files\SUPERAntiSpyware
2009-10-09 14:34:25 0 d-----w- d:\docume~1\abet\applic~1\SUPERAntiSpyware.com
2009-10-09 14:34:08 0 d-----w- d:\program files\common files\Wise Installation Wizard
2009-10-09 14:32:05 0 d-----w- d:\program files\SpywareBlaster
2009-10-09 14:28:52 0 d-----w- d:\docume~1\abet\applic~1\Malwarebytes
2009-10-09 14:28:46 0 d-----w- d:\program files\Malwarebytes' Anti-Malware
2009-10-09 14:28:46 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-09 14:25:18 0 d-----w- d:\program files\Tall Emu
2009-10-09 14:21:40 0 d-----w- d:\docume~1\alluse~1\applic~1\IObit
2009-10-09 14:21:38 0 d-----w- d:\program files\IObit
2009-10-09 14:14:07 0 d-----w- d:\program files\S3
2009-10-09 14:11:54 0 d-----w- d:\program files\VIA
2009-10-09 14:04:05 0 d-sh--w- d:\documents and settings\all users\DRM
2009-10-09 14:03:50 0 d--h--w- d:\program files\WindowsUpdate
2009-10-09 14:03:11 0 d-----w- d:\program files\common files\MSSoap
2009-10-09 14:02:14 0 d-----w- d:\program files\Online Services
2009-10-09 14:02:10 0 d-----w- d:\program files\Messenger
2009-10-09 14:02:07 0 d-----w- d:\program files\MSN Gaming Zone
2009-10-09 14:01:39 0 d-----w- d:\program files\Windows NT

==================== Find3M ====================

2009-10-09 14:02:44 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-09-17 14:44:58 24656 ----a-w- d:\windows\system32\drivers\OAmon.sys
2009-09-17 14:44:44 29776 ----a-w- d:\windows\system32\drivers\OAnet.sys
2009-09-17 14:44:40 200784 ----a-w- d:\windows\system32\drivers\OADriver.sys
2009-09-11 14:18:39 136192 ----a-w- d:\windows\system32\msv1_0.dll
2009-09-10 06:54:06 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 06:53:50 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- d:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- d:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- d:\windows\system32\strmdll.dll
2009-08-06 11:23:46 215920 ----a-w- d:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 ----a-w- d:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- d:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- d:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37:01 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-07-29 04:37:01 119808 ----a-w- d:\windows\system32\t2embed.dll

============= FINISH: 21:51:53.43 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-24.04)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2009 10:06:22 PM
System Uptime: 10/25/2009 9:36:00 PM (0 hours ago)

Motherboard: ECS | | P4M900T-M2
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2194/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 20 GiB total, 19.469 GiB free.
D: is FIXED (NTFS) - 55 GiB total, 42.792 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 10/9/2009 10:08:22 PM - System Checkpoint
RP2: 10/9/2009 10:11:51 PM - Installed Platform
RP3: 10/9/2009 10:16:21 PM - Configured Platform
RP4: 10/9/2009 10:20:24 PM - Avira AntiVir Personal - 10/9/2009 22:20
RP5: 10/9/2009 10:22:40 PM - Installed Windows XP KB901190.
RP6: 10/9/2009 10:22:52 PM - Installed Windows XP KB950762.
RP7: 10/9/2009 10:22:56 PM - Installed Windows XP KB951376-v2.
RP8: 10/9/2009 10:23:21 PM - Installed Windows XP KB951748.
RP9: 10/9/2009 10:23:33 PM - Installed Windows XP KB944338-v2.
RP10: 10/9/2009 10:24:03 PM - Installed Windows XP KB951066.
RP11: 10/9/2009 10:24:27 PM - Installed Windows XP KB946648.
RP12: 10/9/2009 10:24:54 PM - Installed Windows XP KB952954.
RP13: 10/9/2009 10:25:22 PM - Online Armor installation
RP14: 10/9/2009 10:25:26 PM - Installed Windows XP KB950974.
RP15: 10/9/2009 10:26:04 PM - Installed Windows XP KB958644.
RP16: 10/9/2009 10:26:24 PM - Installed Windows XP KB955069.
RP17: 10/9/2009 10:26:41 PM - Installed Windows XP KB957097.
RP18: 10/9/2009 10:26:53 PM - Installed Windows XP KB954600.
RP19: 10/9/2009 10:27:07 PM - Installed Windows XP KB956802.
RP20: 10/9/2009 10:31:45 PM - Installed Windows Media Player KB952069.
RP21: 10/9/2009 10:31:58 PM - Installed Windows XP KB956803.
RP22: 10/9/2009 10:32:16 PM - Installed Windows XP KB958687.
RP23: 10/9/2009 10:32:33 PM - Installed Windows XP KB960225.
RP24: 10/9/2009 10:33:01 PM - Installed Windows XP KB938464-v2.
RP25: 10/9/2009 10:33:38 PM - Installed Windows XP KB923561.
RP26: 10/9/2009 10:34:25 PM - Installed SUPERAntiSpyware Free Edition
RP27: 10/9/2009 10:35:44 PM - Installed Windows XP KB956572.
RP28: 10/9/2009 10:36:07 PM - Installed Windows XP KB952004.
RP29: 10/9/2009 10:36:22 PM - Installed Windows XP KB960803.
RP30: 10/9/2009 10:36:52 PM - Installed Windows XP KB959426.
RP31: 10/9/2009 10:37:05 PM - Installed Windows XP KB961501.
RP32: 10/9/2009 10:37:42 PM - Installed Windows XP KB968537.
RP33: 10/9/2009 10:38:04 PM - Installed Windows XP KB970238.
RP34: 10/9/2009 10:38:41 PM - Installed Windows XP KB971633.
RP35: 10/9/2009 10:38:57 PM - Installed Windows XP KB973346.
RP36: 10/9/2009 10:41:21 PM - Installed Windows XP KB972260.
RP37: 10/9/2009 10:41:43 PM - Installed Windows XP KB971032.
RP38: 10/9/2009 10:41:53 PM - Installed Windows XP KB971557.
RP39: 10/9/2009 10:45:14 PM - Installed Windows Media Player KB973540.
RP40: 10/9/2009 10:45:45 PM - Installed Windows XP KB973869.
RP41: 10/9/2009 10:46:07 PM - Installed Windows XP KB958470.
RP42: 10/9/2009 10:46:37 PM - Installed Windows XP KB973354.
RP43: 10/9/2009 10:46:45 PM - Installed Windows XP KB973507.
RP44: 10/9/2009 10:46:53 PM - Installed Windows XP KB960859.
RP45: 10/9/2009 10:47:00 PM - Installed Windows XP KB973815.
RP46: 10/9/2009 10:47:10 PM - Installed Windows XP KB971657.
RP47: 10/9/2009 10:47:18 PM - Installed Windows XP KB961371-v2.
RP48: 10/9/2009 10:49:54 PM - Software Distribution Service 3.0
RP49: 10/9/2009 11:36:07 PM - Software Distribution Service 3.0
RP50: 10/10/2009 12:03:23 AM - Software Distribution Service 3.0
RP51: 10/10/2009 12:28:24 AM - Software Distribution Service 3.0
RP52: 10/10/2009 8:35:19 AM - Installed Windows Defender
RP53: 10/10/2009 8:41:33 AM - Software Distribution Service 3.0
RP54: 10/10/2009 8:51:31 AM - Software Distribution Service 3.0
RP55: 10/10/2009 9:31:50 AM - Software Distribution Service 3.0
RP56: 10/10/2009 10:29:02 AM - Software Distribution Service 3.0
RP57: 10/10/2009 10:35:50 AM - Software Distribution Service 3.0
RP58: 10/10/2009 11:02:56 AM - Installed Windows XP KB973869.
RP59: 10/10/2009 11:03:14 AM - Installed Windows XP KB973815.
RP60: 10/10/2009 11:03:32 AM - Installed Windows XP KB973507.
RP61: 10/10/2009 11:14:16 AM - Installed Windows XP KB973346.
RP62: 10/10/2009 11:24:47 AM - Software Distribution Service 3.0
RP63: 10/10/2009 11:49:55 AM - Software Distribution Service 3.0
RP64: 10/10/2009 12:11:28 PM - Software Distribution Service 3.0
RP65: 10/10/2009 11:42:01 PM - Installed Java™ 6 Update 16
RP66: 10/13/2009 7:04:19 AM - Software Distribution Service 3.0
RP67: 10/14/2009 11:10:15 AM - Software Distribution Service 3.0
RP68: 10/16/2009 2:28:53 PM - Software Distribution Service 3.0
RP69: 10/20/2009 5:03:33 PM - Software Distribution Service 3.0
RP70: 10/20/2009 9:41:56 PM - Avira AntiVir Personal - 10/20/2009 21:41
RP71: 10/23/2009 10:53:09 AM - Installed Windows Media Player 11
RP72: 10/23/2009 10:53:32 AM - Installed Windows XP Wudf01000.
RP73: 10/23/2009 10:55:13 AM - Installed Windows Media Player 11
RP74: 10/23/2009 10:56:55 AM - Installed Windows XP MSCompPackV1.
RP75: 10/23/2009 11:26:20 AM - Software Distribution Service 3.0
RP76: 10/23/2009 1:19:02 PM - Installed Windows Media Player 11
RP77: 10/23/2009 1:20:53 PM - Installed Windows XP MSCompPackV1.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Auslogics Registry Cleaner
avast! Antivirus
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
IObit Security 360
Java™ 6 Update 16
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
Online Armor 3.5
PCI SoftV92 Modem
Platform
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype web features
Skype™ 4.1
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Display Driver 6.14.10.0099
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Search Protection

==== Event Viewer Messages From Past Week ========

10/24/2009 9:46:01 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 00000000.
10/20/2009 7:46:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001BB9D25A65 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/20/2009 4:43:33 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/20/2009 4:06:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT OADevice OAmon OAnet RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:06:44 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2009 4:05:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/20/2009 10:10:45 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: Access is denied.
10/20/2009 10:10:45 PM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: Access is denied.
10/20/2009 10:10:36 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2149896199
10/20/2009 10:10:35 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
10/20/2009 10:10:35 PM, error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector service which failed to start because of the following error: Access is denied.
10/20/2009 10:10:35 PM, error: Service Control Manager [7000] - The WebDav Client Redirector service failed to start due to the following error: Access is denied.

==== End Of File ===========================

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/25 21:53
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_ViPrt.sys
Image Path: D:\WINDOWS\System32\Drivers\dump_ViPrt.sys
Address: 0xB863E000 Size: 65536 File Visible: No Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: D:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xACBBD000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7167e60

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71685c0

#: 025 Function Name: NtClose
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd46b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7166610

#: 037 Function Name: NtCreateFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71750d0

#: 041 Function Name: NtCreateKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd4574

#: 046 Function Name: NtCreatePort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71662c0

#: 047 Function Name: NtCreateProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163580

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163960

#: 050 Function Name: NtCreateSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163060

#: 053 Function Name: NtCreateThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7164a40

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71655a0

#: 062 Function Name: NtDeleteFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175b50

#: 063 Function Name: NtDeleteKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71739e0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd4a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd414c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175070

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71750a0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71675d0

#: 098 Function Name: NtLoadKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7174780

#: 116 Function Name: NtOpenFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175760

#: 119 Function Name: NtOpenKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd464e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd408c

#: 125 Function Name: NtOpenSection
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7163300

#: 128 Function Name: NtOpenThread
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd40f0

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7168250

#: 145 Function Name: NtQueryDirectoryFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7167a10

#: 160 Function Name: NtQueryKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175010

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd476e

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7168740

#: 193 Function Name: NtReplaceKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7174b20

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7167180

#: 204 Function Name: NtRestoreKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd472e

#: 206 Function Name: NtResumeThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165c90

#: 207 Function Name: NtSaveKey
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7174ff0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71669d0

#: 213 Function Name: NtSetContextThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71653c0

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7175e10

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165720

#: 247 Function Name: NtSetValueKey
Status: Hooked by "D:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6fd48ae

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71674d0

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165e40

#: 254 Function Name: NtSuspendThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165ac0

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7165900

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb71ee0b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71651a0

#: 262 Function Name: NtUnloadDriver
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71677f0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7168400

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71618b0

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161be0

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715ed50

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71607d0

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160350

#: 324 Function Name: NtUserCallTwoParam
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71611c0

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f770

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160a80

#: 401 Function Name: NtUserGetDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161590

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f640

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f510

#: 439 Function Name: NtUserGetWindowDC
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161720

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715f8a0

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160da0

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715fca0

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160000

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715ebf0

#: 502 Function Name: NtUserSendInput
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb71605a0

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160940

#: 529 Function Name: NtUserSetParent
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160bd0

#: 546 Function Name: NtUserSetWindowPos
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7161090

#: 548 Function Name: NtUserSetWindowsHookAW
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715e740

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715e360

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb715e9a0

#: 555 Function Name: NtUserShowWindow
Status: Hooked by "D:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb7160fc0

==EOF==

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:50 PM

Posted 25 October 2009 - 04:11 PM

Hi blackened,

There's no malware on these logs but the event viewer shows this:

The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.


We can try and find the faulty device using this tool but you will probably need a non-malware forum such as the XP forum

Please download ConflictInfo by aommaster to your desktop.
  • Double click Posted Image

  • Press Posted Image to begin.

  • It shall produce a ConflictInfo.txt on your desktop.

  • Please copy and paste the log in your next reply.

Posted Image
m0le is a proud member of UNITE

#6 blackened

blackened
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:50 AM

Posted 25 October 2009 - 09:35 PM

hi again, so thanks again for helping me, i downloaded the conflictinfo and run the scan but no report was produced, so what do i do next? thanks again!!

#7 blackened

blackened
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:50 AM

Posted 25 October 2009 - 09:44 PM

i found the report, it was located somewhere, sorry.
here it is.

Logfile of Aommaster's ConflictInfo v.1.0.0
#############
Conflicting Devices
#############

===No device problems found===

~~~EOF~~~

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:50 PM

Posted 26 October 2009 - 08:37 AM

Okay, blackened, there isn't anything immediately obvious and this is not a malware issue so I am needing to refer you to another forum for some help. Bleeping Computer's XP forum might be the best option.

Sorry I can't help further.
Posted Image
m0le is a proud member of UNITE

#9 blackened

blackened
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
    •  
  • Local time:12:50 AM

Posted 27 October 2009 - 04:45 PM

thank you anyway. good day!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:50 PM

Posted 31 October 2009 - 05:56 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·