heres the log i got while still having the problems with disabling avastComboFix 11-08-05.03 - Joel 08/05/2011 21:00:14.2.2 - x86 NETWORK
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2047.1446 [GMT -6:00]
Running from: k:\computer restoration\ComboFix.exe
Command switches used :: k:\computer restoration\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Yontoo Layers Runtime
c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 03:06 . 2011-08-06 03:24 -------- d-----w- c:\users\Joel\AppData\Local\temp
2011-08-03 00:07 . 2011-08-03 00:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-02 12:27 . 2011-08-02 12:27 -------- d-----w- c:\program files\NirSoft
2011-08-02 12:24 . 2011-08-02 12:24 1606368 ----a-w- c:\windows\system32\drivers\athw.sys
2011-08-02 10:28 . 2011-07-20 15:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EA13145-693C-41A8-A926-B051183C4FF8}\mpengine.dll
2011-07-25 22:37 . 2011-07-25 22:38 -------- d-----w- c:\users\Joel\AppData\Local\Realtime Soft
2011-07-25 22:20 . 2011-07-25 22:20 -------- d-----w- c:\users\Joel\AppData\Roaming\Realtime Soft
2011-07-25 22:19 . 2011-07-29 00:20 -------- d-----w- c:\program files\UltraMon
2011-07-25 22:19 . 2011-07-25 22:19 -------- d-----w- c:\programdata\Realtime Soft
2011-07-24 22:13 . 2011-07-24 22:13 -------- d-----w- c:\windows\system32\sda
2011-07-24 22:13 . 2011-07-24 22:13 9888360 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-07-24 22:12 . 2011-07-24 22:12 197224 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-07-24 22:12 . 2011-07-24 22:12 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2011-07-24 22:08 . 2011-07-24 22:07 485920 ----a-w- c:\windows\system32\nvuninst.exe
2011-07-24 22:07 . 2011-07-24 22:07 485920 ----a-w- c:\windows\system32\nvunrm.exe
2011-07-24 22:07 . 2011-07-24 22:07 287392 ----a-w- c:\windows\system32\drivers\nvmf6232.sys
2011-07-24 22:07 . 2011-07-24 22:07 898048 ----a-w- c:\windows\system32\fdco2.dll
2011-07-24 22:07 . 2011-07-24 22:07 155648 ----a-w- c:\windows\system32\nvconrm.dll
2011-07-24 21:26 . 2011-07-24 21:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 21:13 . 2011-07-24 21:13 -------- d-----w- c:\programdata\UAB
2011-07-24 21:12 . 2011-07-24 21:12 -------- d-----w- c:\users\Joel\AppData\Local\PC_Drivers_Headquarters
2011-07-24 20:55 . 2011-08-03 01:55 -------- d-----w- c:\users\UpdatusUser
2011-07-24 20:55 . 2011-08-02 06:15 -------- d-----w- c:\programdata\NVIDIA
2011-07-24 20:55 . 2011-05-25 06:09 66664 ----a-w- c:\windows\system32\nvshext.dll
2011-07-24 20:55 . 2011-05-25 06:09 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2011-07-24 20:55 . 2011-05-25 06:09 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2011-07-24 20:55 . 2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-07-24 20:55 . 2011-05-25 06:09 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2011-07-24 20:55 . 2011-05-25 06:09 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-07-24 20:54 . 2011-07-24 20:54 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-07-24 20:53 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-07-24 20:53 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll
2011-07-24 20:53 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-24 20:53 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll
2011-07-24 20:53 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-07-24 20:53 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll
2011-07-24 20:53 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll
2011-07-24 20:53 . 2011-05-25 06:09 2335848 ----a-w- c:\windows\system32\nvapi.dll
2011-07-24 20:53 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-07-24 20:53 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-07-24 20:53 . 2011-07-24 20:56 -------- d-----w- c:\program files\NVIDIA Corporation
2011-07-24 20:50 . 2011-07-24 20:50 -------- d-----w- C:\NVIDIA
2011-07-24 20:46 . 2011-07-24 20:46 -------- d-----w- c:\program files\SystemRequirementsLab
2011-07-24 20:37 . 2011-07-24 20:37 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-07-24 20:34 . 2011-07-24 20:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-07-24 20:33 . 2006-08-30 17:49 16496 ------w- c:\windows\system32\drivers\NVXBAR.SYS
2011-07-24 20:32 . 2006-08-30 17:49 141582 ------w- c:\windows\system32\drivers\NVCAP.SYS
2011-07-24 20:32 . 2006-08-30 17:49 29696 ------w- c:\windows\system32\FILTER.AX
2011-07-24 20:31 . 2011-07-24 20:32 -------- d-----w- c:\program files\Common Files\InstallShield
2011-07-24 19:15 . 2011-07-24 19:15 -------- d-----w- c:\program files\Common Files\Java
2011-07-24 06:45 . 2011-07-24 06:45 388096 ----a-r- c:\users\Joel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-24 06:11 . 2011-07-24 06:11 -------- d-----w- c:\users\Joel\AppData\Roaming\Malwarebytes
2011-07-24 06:09 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 06:09 . 2011-07-24 06:09 -------- d-----w- c:\programdata\Malwarebytes
2011-07-24 06:08 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 21:30 . 2011-07-23 21:30 -------- d-----w- c:\users\Joel\AppData\Roaming\SUPERAntiSpyware.com
2011-07-23 21:30 . 2011-07-23 21:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-23 21:14 . 2011-07-23 21:14 -------- d-----w- c:\program files\CCleaner
2011-07-23 18:56 . 2011-07-23 21:14 -------- d-----w- c:\programdata\OnlineArmor
2011-07-23 18:56 . 2011-07-23 18:56 -------- d-----w- c:\users\Joel\AppData\Roaming\OnlineArmor
2011-07-23 18:52 . 2011-04-06 19:02 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2011-07-23 18:52 . 2011-04-06 19:01 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-07-23 18:52 . 2011-04-06 19:01 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-07-23 18:52 . 2011-04-06 19:01 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-07-23 18:33 . 2011-07-23 18:33 -------- d-----w- c:\programdata\Uniblue
2011-07-23 17:53 . 2011-07-23 17:53 -------- d-----w- c:\program files\CPUID
2011-07-23 17:53 . 2010-11-09 21:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-07-22 02:52 . 2011-07-22 02:52 -------- d-----w- c:\users\Joel\AppData\Roaming\Uniblue
2011-07-22 02:52 . 2011-07-22 02:52 -------- d-----w- c:\program files\Uniblue
2011-07-22 02:51 . 2011-07-23 18:32 -------- d-----w- c:\users\Joel\AppData\Local\OpenCandy
2011-07-22 02:51 . 2011-07-22 02:51 -------- d-----w- c:\users\Joel\AppData\Roaming\OpenCandy
2011-07-22 02:51 . 2011-07-22 02:51 -------- d-----w- c:\program files\WinSCP
2011-07-13 03:09 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 19:14 . 2010-12-02 02:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-28 03:00 . 2011-06-15 02:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 06:09 . 2009-06-10 21:19 11992680 ----a-w- c:\windows\system32\nvd3dum.dll
2011-05-25 06:09 . 2011-07-24 20:53 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-05-24 10:35 . 2011-06-29 23:27 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\sda ----
.
2011-07-24 22:13 . 2011-07-24 22:13 75880 ----a-w- c:\windows\system32\sda\SDRTCPRM.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
"SpybotSD TeaTimer"="k:\computer restoration\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-03-30 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-10 3622184]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="k:\computer restoration\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - k:\programs\Program Files\MagicDisc\MagicDisc.exe [2007-5-8 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:d580b26028a
.
R1 SASDIFSV;SASDIFSV;k:\computer restoration\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;k:\computer restoration\SASKUTIL.SYS
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;k:\computer restoration\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-14 1343400]
S1 aswSP;aswSP;
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-04-06 205864]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-04-06 39048]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-04-06 25192]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SBSDWSCService;SBSD Security Center Service;k:\computer restoration\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2011-04-06 29312]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-07-24 197224]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-06 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-07-22 17:22]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472349457-1566537841-3038834570-1000Core.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 04:08]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3472349457-1566537841-3038834570-1000UA.job
- c:\users\Joel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 04:08]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(4304)
c:\windows\system32\prnfldr.dll
c:\windows\system32\dxp.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\System32\wscinterop.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
k:\computer restoration\Online Armor\OAcat.exe
k:\computer restoration\Online Armor\oasrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
k:\computer restoration\Online Armor\oaui.exe
k:\computer restoration\Online Armor\OAhlp.exe
c:\program files\iPod\bin\iPodService.exe
k:\computer restoration\Online Armor\OADump.exe
.
**************************************************************************
.
Completion time: 2011-08-05 21:45:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-06 03:44
ComboFix2.txt 2011-08-05 00:20
.
Pre-Run: 162,532,835,328 bytes free
Post-Run: 162,204,516,352 bytes free
.
- - End Of File - - A14753E3C83777F172C62377BB54CF85