adobe flash misbehaving

[kamikaze33]

I have been having this sketchy pop-up appear when i am browsing facebook/youtube in particular. It has to do with adobe flash player sending information to a website or something over the internet and it prompts me to allow it by changing the settings for it. I have not done so yet because the website it wants to send the information to appears to be sketchy ("vitaminworld" or something). I will post exactly what the dialogue box says the next time it appears. I went through the malware/spyware removal guide and have my logs if anyone would like me to post them, though when i did the self-help analysis thing of HJT nothing appeared to my attention regarding this issue.

EDIT: here is the window

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
Although this appears to be a legitimate site there is also a virus floating around by the same name. Let's try these two scans.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[kamikaze33]

thanks superdave!
 
Heres the SAS log; MBAM log to come...



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/25/2011 at 06:34 AM

Application Version : 4.55.1000

Core Rules Database Version : 7451
Trace Rules Database Version: 5263

Scan type       : Complete Scan
Total Scan Time : 13:51:33

Memory items scanned      : 945
Memory threats detected   : 0
Registry items scanned    : 9799
Registry threats detected : 0
File items scanned        : 218371
File threats detected     : 76

Adware.Tracking Cookie
   C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\joel@adxpose[1].txt
   C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\joel@atdmt[2].txt
   .doubleclick.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vitamine.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .r1-ads.ace.advertising.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .beartracks.ualberta.ca [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vitamine.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.trafficjunky.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .fastclick.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .beta-ads.ace.advertising.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   network.realmedia.com [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vitamine.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vitamine.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vitamine.networldmedia.net [ C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Cookies ]

[kamikaze33]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7274

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/26/2011 6:35:58 AM
mbam-log-2011-07-26 (06-35-58).txt

Scan type: Full scan (C:\|D:\|K:\|)
Objects scanned: 999155
Time elapsed: 8 hour(s), 41 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
k:\Programs\river past video cleaner pro 7.7.16 & booster packs + keygen - anony014\keygen\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
k:\Programs\guitar pro 5.2! newest version! fully cracked!\guitar pro keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

[SuperDave]

Your computer appears to have keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.
*******************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

[kamikaze33]

I can see that. These illegal programs are causing me farrrr more harm than good.
So when i tried to run SecurityCheck, it failed. This is what happens:



NOTE: I encountered the blue screen this morning when trying to boot; i suspect it is another program UltraMon interfering with my graphics drivers. I had to do a system restore and remove UltraMon, and was able to boot now. This all has happened after i posted the above SAS/MBAM logs.

[kamikaze33]

Log 1


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Joel at 16:46:02 on 2011-07-28
Microsoft Windows 7 Enterprise   6.1.7600.0.1252.1.1033.18.2047.154 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
K:\Computer Restoration\Online Armor\OAcat.exe
K:\Computer Restoration\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
K:\Computer Restoration\Online Armor\oaui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
K:\Computer Restoration\Online Armor\OAhlp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
K:\Programs\Steam\Steam.exe
K:\Programs\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Uniblue\DriverScanner\driverscanner.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\rundll32.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBCore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Joel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
uRun: [Google Update] "c:\users\joel\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
mRun: [@OnlineArmor GUI] "k:\computer restoration\online armor\oaui.exe"
mRun: [Malwarebytes' Anti-Malware] "k:\computer restoration\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9972559C-35BD-4ED8-BD17-EEBD5E28DD3E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9972559C-35BD-4ED8-BD17-EEBD5E28DD3E}\742796D6372697 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - k:\comput~1\online~1\oaevent.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-14 165584]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-7-23 205864]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-7-23 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-7-23 25192]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-14 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-14 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-14 40384]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-7-23 21992]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-24 2214504]
R2 OAcat;Online Armor Helper Service;k:\computer restoration\online armor\oacat.exe [2011-7-23 381512]
R2 SvcOnlineArmor;Online Armor;k:\computer restoration\online armor\oasrv.exe [2011-7-23 4326472]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-14 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-14 40384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-24 22712]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2011-7-23 29312]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-7-24 197224]
S1 SASDIFSV;SASDIFSV;k:\computer restoration\sasdifsv.sys [2011-7-12 12880]
S1 SASKUTIL;SASKUTIL;k:\computer restoration\SASKUTIL.SYS [2011-7-12 67664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;k:\computer restoration\malwarebytes' anti-malware\mbamservice.exe [2011-7-24 366640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-13 1343400]
.
=============== Created Last 30 ================
.
2011-07-28 22:30:09   --------   d-----w-   c:\windows\pss
2011-07-28 22:29:38   6962000   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{8eb197b5-5bc2-473c-a153-a5dfe3fdc4c2}\mpengine.dll
2011-07-25 22:37:58   --------   d-----w-   c:\users\joel\appdata\local\Realtime Soft
2011-07-25 22:20:11   --------   d-----w-   c:\users\joel\appdata\roaming\Realtime Soft
2011-07-25 22:19:42   --------   d-----w-   c:\programdata\Realtime Soft
2011-07-25 22:19:42   --------   d-----w-   c:\program files\UltraMon
2011-07-24 22:14:25   1606368   ----a-w-   c:\windows\system32\drivers\athw.sys
2011-07-24 22:13:20   --------   d-----w-   c:\windows\system32\sda
2011-07-24 22:13:01   9888360   ----a-w-   c:\windows\system32\RtsUStoricon.dll
2011-07-24 22:12:51   197224   ----a-w-   c:\windows\system32\drivers\RtsUStor.sys
2011-07-24 22:12:49   313960   ----a-w-   c:\windows\system32\RtsUStor.dll
2011-07-24 22:08:45   485920   ----a-w-   c:\windows\system32\nvuninst.exe
2011-07-24 22:07:43   485920   ----a-w-   c:\windows\system32\nvunrm.exe
2011-07-24 22:07:25   287392   ----a-w-   c:\windows\system32\drivers\nvmf6232.sys
2011-07-24 22:07:24   898048   ----a-w-   c:\windows\system32\fdco2.dll
2011-07-24 22:07:24   155648   ----a-w-   c:\windows\system32\nvconrm.dll
2011-07-24 21:26:10   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-24 21:13:02   --------   d-----w-   c:\programdata\UAB
2011-07-24 21:12:57   --------   d-----w-   c:\users\joel\appdata\local\PC_Drivers_Headquarters
2011-07-24 20:55:14   66664   ----a-w-   c:\windows\system32\nvshext.dll
2011-07-24 20:55:14   615528   ----a-w-   c:\windows\system32\nvvsvc.exe
2011-07-24 20:55:14   3693672   ----a-w-   c:\windows\system32\nvcpl.dll
2011-07-24 20:55:14   2557544   ----a-w-   c:\windows\system32\nvsvc.dll
2011-07-24 20:55:14   111208   ----a-w-   c:\windows\system32\nvmctray.dll
2011-07-24 20:55:12   543336   ----a-w-   c:\windows\system32\easyupdatusapiu.dll
2011-07-24 20:54:17   --------   d-----w-   c:\programdata\NVIDIA Corporation
2011-07-24 20:53:28   899688   ----a-w-   c:\windows\system32\nvdispco3220150.dll
2011-07-24 20:53:28   865896   ----a-w-   c:\windows\system32\nvgenco322090.dll
2011-07-24 20:53:28   57960   ----a-w-   c:\windows\system32\OpenCL.dll
2011-07-24 20:53:28   5301352   ----a-w-   c:\windows\system32\nvcuda.dll
2011-07-24 20:53:28   2804328   ----a-w-   c:\windows\system32\nvcuvid.dll
2011-07-24 20:53:28   2335848   ----a-w-   c:\windows\system32\nvapi.dll
2011-07-24 20:53:28   2082408   ----a-w-   c:\windows\system32\nvcuvenc.dll
2011-07-24 20:53:28   16456296   ----a-w-   c:\windows\system32\nvoglv32.dll
2011-07-24 20:53:28   13011560   ----a-w-   c:\windows\system32\nvcompiler.dll
2011-07-24 20:53:28   10589800   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2011-07-24 20:53:14   --------   d-----w-   c:\program files\NVIDIA Corporation
2011-07-24 20:50:42   --------   d-----w-   C:\NVIDIA
2011-07-24 20:46:34   --------   d-----w-   c:\program files\SystemRequirementsLab
2011-07-24 20:37:08   --------   d-----w-   c:\programdata\PC Drivers HeadQuarters
2011-07-24 20:33:08   16496   ------w-   c:\windows\system32\drivers\NVXBAR.SYS
2011-07-24 20:32:49   29696   ------w-   c:\windows\system32\FILTER.AX
2011-07-24 20:32:49   141582   ------w-   c:\windows\system32\drivers\NVCAP.SYS
2011-07-24 20:32:35   221184   ----a-w-   c:\program files\common files\installshield\iscript\iscript.dll
2011-07-24 20:32:16   221184   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-07-24 20:31:56   32768   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-07-24 20:31:48   77824   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-07-24 06:45:24   388096   ----a-r-   c:\users\joel\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-24 06:11:01   --------   d-----w-   c:\users\joel\appdata\roaming\Malwarebytes
2011-07-24 06:09:16   41272   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-24 06:09:07   --------   d-----w-   c:\programdata\Malwarebytes
2011-07-24 06:08:49   22712   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-07-23 21:30:52   --------   d-----w-   c:\users\joel\appdata\roaming\SUPERAntiSpyware.com
2011-07-23 21:30:52   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-07-23 21:14:00   --------   d-----w-   c:\program files\CCleaner
2011-07-23 18:56:02   --------   d-----w-   c:\users\joel\appdata\roaming\OnlineArmor
2011-07-23 18:56:02   --------   d-----w-   c:\programdata\OnlineArmor
2011-07-23 18:52:22   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-07-23 18:52:22   29312   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-07-23 18:52:22   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-07-23 18:52:22   205864   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-07-23 18:33:44   --------   d-----w-   c:\programdata\Uniblue
2011-07-23 17:53:18   21992   ----a-w-   c:\windows\system32\drivers\cpuz135_x32.sys
2011-07-23 17:53:18   --------   d-----w-   c:\program files\CPUID
2011-07-22 02:52:15   --------   d-----w-   c:\users\joel\appdata\roaming\Uniblue
2011-07-22 02:52:08   --------   d-----w-   c:\program files\Uniblue
2011-07-22 02:51:56   --------   d-----w-   c:\users\joel\appdata\local\OpenCandy
2011-07-22 02:51:53   --------   d-----w-   c:\users\joel\appdata\roaming\OpenCandy
2011-07-22 02:51:52   --------   d-----w-   c:\program files\WinSCP
2011-07-14 22:19:08   --------   d-----w-   c:\programdata\Tarma Installer
2011-07-14 22:19:08   --------   d-----w-   c:\program files\Yontoo Layers Runtime
2011-07-13 03:09:49   2332672   ----a-w-   c:\windows\system32\win32k.sys
2011-06-29 23:27:08   294912   ----a-w-   c:\windows\system32\umpnpmgr.dll
.
==================== Find3M  ====================
.
2011-07-24 19:14:58   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-06-02 05:58:05   290816   ----a-w-   c:\windows\system32\KernelBase.dll
2011-06-02 03:45:49   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:00:02   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2011-05-25 06:09:05   11992680   ----a-w-   c:\windows\system32\nvd3dum.dll
2011-05-25 06:09:04   12392   ----a-w-   c:\windows\system32\drivers\nvBridge.kmd
2011-05-14 06:35:55   169984   ----a-w-   c:\windows\system32\winsrv.dll
2011-05-14 06:33:14   271872   ----a-w-   c:\windows\system32\conhost.exe
2011-05-04 02:43:59   222720   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48   96256   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41   123392   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29   740864   ----a-w-   c:\windows\system32\inetcomm.dll
.
============= FINISH: 16:49:55.33 ===============

[kamikaze33]

Log 2


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 11/13/2010 9:52:54 PM
System Uptime: 7/28/2011 4:22:03 PM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | NARRA2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2  | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 149.883 GiB free.
D: is FIXED (NTFS) - 74 GiB total, 0.008 GiB free.
E: is CDROM (CDFS)
K: is FIXED (NTFS) - 932 GiB total, 272.484 GiB free.
L: is CDROM ()
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Reader 9.4.5
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BitLord 1.1
Bonjour
CCleaner
Combined Community Codec Pack 2008-01-24
Connect
CPUID CPU-Z 1.58
DivX Setup
DolbyFiles
Driver Detective
Google Chrome
Guitar Pro 5.2
High-Definition Video Playback 10
HiJackThis
HijackThis 2.0.2
iTunes
Java Auto Updater
Java(TM) 6 Update 26
kuler
Magic ISO Maker v5.5 (build 0261)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Primary Interoperability Assemblies 2005
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows Media Video 9 VCM
Movavi Video Suite 8
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Help
Nero MediaHome 4 Trial
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 275.33
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA Update 1.3.5
NVIDIA Update Components
NVIDIA WDM Drivers
Online Armor 5.0
PDF Settings CS4
Photoshop Camera Raw
Portal
Portal 2
Portal 2 Authoring Tools - Beta
QuickTime
Realtek High Definition Audio Driver
River Past Video Cleaner Pro
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
Steam
Suite Shared Configuration CS4
SUPERAntiSpyware
System Requirements Lab
TheMatrix Screen Saver version 1.14
Uniblue DriverScanner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553975)
VC80CRTRedist - 8.0.50727.4053
WinArchiver
WinRAR archiver
WinSCP 4.3.3
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
7/28/2011 4:30:28 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
7/28/2011 4:27:33 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SASDIFSV SASKUTIL
7/28/2011 4:27:18 PM, Error: Service Control Manager [7022]  - The avast! Antivirus service hung on starting.
7/28/2011 4:22:51 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0x8ac8c004, 0x00000000, 0x8f3687d6, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072811-41418-01.
7/28/2011 4:12:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/28/2011 4:11:59 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2011 4:11:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/28/2011 4:11:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/28/2011 4:10:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/28/2011 4:10:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/28/2011 4:10:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/28/2011 4:10:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/28/2011 4:10:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0x8accb004, 0x00000000, 0x901787d6, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072811-20124-01.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy OADevice oahlpXX OAmon Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/28/2011 4:10:03 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/26/2011 9:49:04 PM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
7/26/2011 8:59:20 PM, Error: Service Control Manager [7034]  - The Online Armor service terminated unexpectedly.  It has done this 1 time(s).
7/26/2011 8:55:01 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
7/26/2011 6:45:15 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  Access is denied.
7/26/2011 6:45:15 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  Access is denied.
7/26/2011 6:45:15 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The dependency service or group failed to start.
7/26/2011 6:45:15 AM, Error: Service Control Manager [7000]  - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error:  Access is denied.
7/26/2011 6:45:12 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Browser Support Driver service which failed to start because of the following error:  Access is denied.
7/26/2011 6:45:12 AM, Error: Service Control Manager [7000]  - The Browser Support Driver service failed to start due to the following error:  Access is denied.
7/26/2011 6:44:06 AM, Error: Service Control Manager [7000]  - The adfs service failed to start due to the following error:  Access is denied.
7/26/2011 6:43:57 AM, Error: Service Control Manager [7001]  - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:  Access is denied.
7/26/2011 6:43:57 AM, Error: Service Control Manager [7000]  - The Windows Firewall Authorization Driver service failed to start due to the following error:  Access is denied.
7/26/2011 6:42:54 AM, Error: Service Control Manager [7001]  - The Print Spooler service depends on the HTTP service which failed to start because of the following error:  Access is denied.
7/26/2011 6:42:54 AM, Error: Service Control Manager [7000]  - The HTTP service failed to start due to the following error:  Access is denied.
7/26/2011 5:54:17 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {8086EBD4-43E3-4B19-BEB3-F0EA4ECF319C}. The error: "5" Happened while starting this command: C:\Windows\System32\sdiagnhost.exe -Embedding
7/26/2011 5:08:03 PM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
7/26/2011 2:56:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Online Armor service to connect.
7/26/2011 2:56:55 AM, Error: Service Control Manager [7000]  - The Online Armor service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/26/2011 2:55:04 AM, Error: Service Control Manager [7034]  - The Online Armor service terminated unexpectedly.  It has done this 2 time(s).
7/24/2011 7:17:02 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk7\DR7.
7/24/2011 4:29:05 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for ImagePath with the following error:  Access is denied.
7/24/2011 3:23:15 PM, Error: Service Control Manager [7000]  - The Online Armor service failed to start due to the following error:  The system cannot find the file specified.
7/24/2011 3:23:15 PM, Error: Service Control Manager [7000]  - The Online Armor Helper Service service failed to start due to the following error:  The system cannot find the file specified.
7/23/2011 9:54:01 PM, Error: Service Control Manager [7001]  - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error:  Access is denied.
7/23/2011 9:54:01 PM, Error: Service Control Manager [7001]  - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:  The dependency service or group failed to start.
7/23/2011 9:54:01 PM, Error: Service Control Manager [7001]  - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error:  The dependency service or group failed to start.
7/23/2011 9:54:01 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
7/23/2011 9:54:01 PM, Error: Service Control Manager [7000]  - The srvnet service failed to start due to the following error:  Access is denied.
7/23/2011 9:50:51 PM, Error: Service Control Manager [7000]  - The Security Driver service failed to start due to the following error:  Access is denied.
7/23/2011 3:04:18 PM, Error: Service Control Manager [7022]  - The Online Armor service hung on starting.
7/21/2011 5:42:43 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
.
==== End Of File ===========================

[kamikaze33]

just got the blue screen again, everything crashed. Doing a second restore O.o

[SuperDave]

This all has happened after i posted the above SAS/MBAM logs.

SAS only removed a bunch of cookies and MBAM removed two infected files.

yontoo layers is considered Adware. See here.

P2P - I see you have P2P software installed on your machine (BitLord 1.1). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*****************************************************
Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply
**************************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[kamikaze33]

can i do this all from safe mode (ie. download these programs on another computer and load them via usb) it appears i cant even start now without getting the bluescreen/my computer taking ages to boot up. and even then it eventually crashes.

[SuperDave]

can i do this all from safe mode (ie. download these programs on another computer and load them via usb) it appears i cant even start now without getting the bluescreen/my computer taking ages to boot up. and even then it eventually crashes.

How does the computer work in Safe Mode? If it works ok, you can try running them in Safe Mode.

[kamikaze33]

yes it is working fine from what i can tell.

I cannot seem to turn off avast in safe mode? i did exactly what the tutorial you referenced me said (avast> avast! shields control> disable untill computer is restarted> yes) and when i try to run ComboFix, i still get a notification that avast is still running.

should i be addressing the issues in the order that you have posted them? im having difficulty understanding that Yontoo Layers removal thread; specifically how i should be searching for/deleting these files. I tried using the standard search option, but to no avail (ie. "Products that have a key or property named "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" Im also unsure of how to locate these directories:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$COMMONAPPDATA>\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll".
The file at "<$COMMONAPPDATA>\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll".
The file at "<$COMMONAPPDATA>\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat".
The file at "<$COMMONAPPDATA>\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe".
The file at "<$COMMONAPPDATA>\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico".
The file at "<$LOCALSETTINGS>\Temp\YontooTix2700750.log".
The file at "<$PROGRAMFILES>\Yontoo Layers\YontooIEClient.dll".

[kamikaze33]

BSOD


==================================================
Dump File         : 080211-31980-01.dmp
Crash Time        : 8/2/2011 5:55:17 PM
Bug Check String  :
Bug Check Code    : 0x00000116
Parameter 1       : 0x87ae5008
Parameter 2       : 0x91b4cb2c
Parameter 3       : 0x00000000
Parameter 4       : 0x00000002
Caused By Driver  : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+11fb2c
File Description  : NVIDIA Windows Kernel Mode Driver, Version 275.33
Product Name      : NVIDIA Windows Kernel Mode Driver, Version 275.33
Company           : NVIDIA Corporation
File Version      : 8.17.12.7533
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dce3c
Stack Address 1   : dxgkrnl.sys+8cc26
Stack Address 2   : dxgkrnl.sys+8da45
Stack Address 3   : dxgmms1.sys+692c
Computer Name     :
Full Path         : C:\Windows\Minidump\080211-31980-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 223,200
==================================================

==================================================
Dump File         : 080111-657029-01.dmp
Crash Time        : 8/1/2011 10:30:08 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 0x00000003
Parameter 2       : 0x84c7ab60
Parameter 3       : 0x82d67ae0
Parameter 4       : 0x8627c990
Caused By Driver  : halmacpi.dll
Caused By Address : halmacpi.dll+37a0
File Description  : Hardware Abstraction Layer DLL
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+dce3c
Stack Address 1   : ntkrnlpa.exe+3c024
Stack Address 2   : ntkrnlpa.exe+3b8b8
Stack Address 3   : ntkrnlpa.exe+6a16d
Computer Name     :
Full Path         : C:\Windows\Minidump\080111-657029-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 683,168
==================================================

[SuperDave]

I cannot seem to turn off avast in safe mode? i did exactly what the tutorial you referenced me said (avast> avast! shields control> disable untill computer is restarted> yes) and when i try to run ComboFix, i still get a notification that avast is still running.

That's ok. Run the ComboFix scan anyway.

im having difficulty understanding that Yontoo Layers removal thread; specifically how i should be searching for/deleting these files

You can find Yontoo Layers Runtime 1.10.01 in your Control Panel under Programs and Features. I'm not sure if this is the correct name since I don't have Windows 7.