slow boot up and fluctuating internet download speed

OTL Extras logfile created on: 8/7/2011 7:17:17 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\gomer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.43% Memory free
6.13 Gb Paging File | 4.64 Gb Available in Paging File | 75.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.01 Gb Total Space | 22.56 Gb Free Space | 22.56% Space Free | Partition Type: NTFS
Drive D: | 30.68 Gb Total Space | 17.85 Gb Free Space | 58.19% Space Free | Partition Type: NTFS
Drive F: | 320.31 Gb Total Space | 194.47 Gb Free Space | 60.71% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 399.96 Gb Free Space | 85.87% Space Free | Partition Type: NTFS

Computer Name: GOMER-PC | User Name: gomer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0049B45F-738F-4306-A2AB-8A4E2DA9BB63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C2D2CE8-C8C7-4D2D-85B1-C06B2F4177A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{1F117160-315F-41A3-BEDE-6BDC4354B646}" = lport=445 | protocol=6 | dir=in | app=system |
"{23CCA196-2EB3-4DF7-857A-87990D3B5996}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{314BE7CB-2363-474D-B179-A3E6562AACFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{347B1C54-D390-454B-86D8-54E43522784C}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B31CD09-56E0-44A7-A192-F0AE20F20AF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F733E1C-EC26-456D-B5B4-AF11CA204BDE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4CFD409C-CA74-4C8C-B80C-8E531AFECC86}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{604EFF0C-2463-4FBD-9804-25824138372C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{61372F5C-578A-4D6C-B3D0-452F984EC8C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61E1108B-693A-4EC6-AE13-90E3FF95C8AF}" = rport=137 | protocol=17 | dir=out | app=system |
"{63C90423-2C81-474A-93DE-82E54DA836D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F30702A-73F3-4835-BA4C-81AD4D7C158F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{81843108-2067-4AEE-A7EA-D9DE7653E5B6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{93353E50-4E4A-4306-937A-1D951ABCE23F}" = lport=137 | protocol=17 | dir=in | app=system |
"{B9C3A1D0-59D4-474A-8712-82A9B4F0CA1B}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA091AEE-3FC0-4CED-900A-29EE1C27B2BC}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5C40A6E-4B63-4BA1-BC5D-BF3EFFB89437}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FF0316CE-6428-4462-9B46-1BB5FB4227E0}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0505512A-BC65-4789-92D6-70D60113E419}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0BC7932B-D414-44C4-A03E-AD7712777E72}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{14A7D493-C5E8-4B79-B53C-649CF6276F4C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C32F703-2734-401B-9EFE-AD4B99DC0CD7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{881A120A-2658-452B-AB3A-A0A9BFBBCF62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9035A935-21A9-4FDA-983C-8D0553FF1D32}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9221B442-2418-46D9-91AF-017FFA6E9CF8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{93B5F4E1-3C1C-4194-9023-4BD38B265B0F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{94B8C082-2294-486A-B472-6525EBAB6F43}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A075711C-AC72-444F-B8C6-E41688F3E2BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9744B38-47A5-4B52-B094-3B124C961B55}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AFCD5C47-8F4E-4DED-B520-E1DF992433AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2943877-2B8F-4636-A56C-286A7B3D6C9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8D5140C-B2C5-41BE-9B02-98EC78B31669}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D7239712-1600-4025-B91D-5E82769F97FB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFA0630B-E91E-481D-98F1-3A1A8D480702}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1085D42-5BA4-4144-9749-846AD066BE2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{048C27C8-AFD8-41B5-AD16-345A6E8E650D}C:\users\gomer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\gomer\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{05BAEF78-9117-4F73-B19F-A4C5BB140B4B}D:\warcraft iii 1.24a\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii 1.24a\war3.exe |
"TCP Query User{2AA8F791-39DD-487A-8D63-30413A60A81B}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{35751994-2D43-450B-9DF8-094AE43A6AF9}F:\warcraft iii 1.24d\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii 1.24d\war3.exe |
"TCP Query User{41891EC0-68DD-4B65-802A-6810FEF84E60}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{5A935A7D-8276-49A7-8BC7-7409520DA839}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{65994B2C-3F1B-428F-8825-7F375ADE394B}D:\warcraft iii 1.24c\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii 1.24c\war3.exe |
"TCP Query User{67A780A4-45D2-4D6F-B581-0A02F180F9E0}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
"TCP Query User{758B5B71-5BED-4122-9566-A7C7B54F9021}F:\warcraft iii 1.24e\war3.exe" = protocol=6 | dir=in | app=f:\warcraft iii 1.24e\war3.exe |
"TCP Query User{8365342A-6588-47BE-86F8-6D553CDB0F1B}D:\warcraft iii 1.20e\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii 1.20e\war3.exe |
"TCP Query User{A97E5625-C96D-49E3-8172-A46082758103}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{A9A14EF6-E866-48A6-A80C-DAC9999D6482}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{E5EA4450-5373-41BA-89FC-04AD4BAEEBF3}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
"TCP Query User{E85F7721-C73F-48B6-849D-A8E2D6F76438}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{EF22972B-CADC-450A-88C2-ED08998F3EAB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EF8BF8AF-F23F-4D8F-AE4E-AA26A34D3331}D:\warcraft iii 1.24b\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii 1.24b\war3.exe |
"TCP Query User{F927234A-BDD6-4696-B612-C7C6647C9AEF}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{F948C443-6D79-4A0B-B45B-B99CB53B828C}D:\warcraft iii 1.23a\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii 1.23a\war3.exe |
"UDP Query User{09CFCEBC-C377-4342-B72F-E1CC06A410C8}F:\warcraft iii 1.24e\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii 1.24e\war3.exe |
"UDP Query User{1EAB994D-A488-4FCE-8CA7-F38AEAE93F9D}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
"UDP Query User{2276840A-61EE-4587-B9CB-ABD5B81A08C4}D:\warcraft iii 1.23a\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii 1.23a\war3.exe |
"UDP Query User{2A619A52-C11E-41F8-8CA0-2FE8C656EB6E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{51C0EB86-4B93-455B-AE02-936E919437BD}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{56B0E9BA-9BBB-4EA1-A796-86155BCED236}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |
"UDP Query User{64FBAF37-1C53-429E-A975-CE95C56874DD}F:\warcraft iii 1.24d\war3.exe" = protocol=17 | dir=in | app=f:\warcraft iii 1.24d\war3.exe |
"UDP Query User{9B617C1F-6D96-43B7-BD0B-46A547028ACD}D:\warcraft iii 1.20e\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii 1.20e\war3.exe |
"UDP Query User{A75489FE-1648-437F-9A23-185FECACACC4}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{AA00B431-B569-45B8-8C43-7E597C108DCA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B16A093E-7F34-427E-9F6E-39E786C639B6}C:\users\gomer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\gomer\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{BA3FE89C-94ED-4B00-B874-EADEAB8D33E2}D:\warcraft iii 1.24c\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii 1.24c\war3.exe |
"UDP Query User{CA8FFED0-9F91-4692-96B9-814D27FA7FC1}D:\warcraft iii 1.24b\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii 1.24b\war3.exe |
"UDP Query User{CB760B73-8E10-4EB6-B974-D7EF20642649}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{D1BAF4DE-EF1A-4825-8E94-797654C62F50}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
"UDP Query User{E7B84AE5-69B9-4AB4-A301-7F9623F79085}D:\warcraft iii 1.24a\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii 1.24a\war3.exe |
"UDP Query User{EBF82AA4-14D7-40FF-9B23-D0D533B1ECEC}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{FA4FFBDB-29C1-4337-978C-0015377D3076}C:\program files\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files\iomega storage manager\iomegastoragemanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-585CW
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (INSTANCENAME)
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX
"{E464702F-5433-46EC-8F65-159276C0A54F}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.2.0.6300
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EE0FE4A7-317D-4B65-B443-B022ACFCA0CA}" = Lenovo OneKey Theater
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA20BCA6-229E-4BED-ABE7-D0D664415255}" = Lenovo Desktop Navigator Library Tool
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CDAnywhere_Free" = CD Anywhere Free Edition
"Chikka Messenger V4" = Chikka Messenger V4
"Cisco Connect" = Cisco Connect
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EasyCapture3.5" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Garena" = Garena 2010
"InstallShield_{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"InstallShield_{EE0FE4A7-317D-4B65-B443-B022ACFCA0CA}" = Lenovo OneKey Theater
"InstallShield_{FA20BCA6-229E-4BED-ABE7-D0D664415255}" = Lenovo Desktop Navigator Library Tool
"Iomega Storage Manager" = Iomega Storage Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Veetle TV" = Veetle TV 0.9.18
"VeriFace" = VeriFace
"VLC media player" = VideoLAN VLC media player 0.8.6f
"vShare" = vShare Plugin
"Warcraft III" = Warcraft III
"WFTK" = Canon Utilities WFT Utility
"WildTangent wildgames Master Uninstall" = WildGames
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2011 9:28:18 AM | Computer Name = gomer-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2011 12:30:18 AM | Computer Name = gomer-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2011 9:27:17 AM | Computer Name = gomer-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2011 10:18:14 AM | Computer Name = gomer-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 8/6/2011 10:18:14 AM | Computer Name = gomer-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 8/6/2011 10:24:39 AM | Computer Name = gomer-PC | Source = MsiInstaller | ID = 11935
Description =

Error - 8/6/2011 10:31:43 AM | Computer Name = gomer-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/6/2011 11:04:04 PM | Computer Name = gomer-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/7/2011 6:49:36 AM | Computer Name = gomer-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/7/2011 6:58:22 AM | Computer Name = gomer-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/6/2011 11:02:56 PM | Computer Name = gomer-PC | Source = HTTP | ID = 15016
Description =

Error - 8/6/2011 11:04:04 PM | Computer Name = gomer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/6/2011 11:28:18 PM | Computer Name = gomer-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 8/7/2011 6:49:05 AM | Computer Name = gomer-PC | Source = HTTP | ID = 15016
Description =

Error - 8/7/2011 6:49:38 AM | Computer Name = gomer-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/7/2011 6:50:28 AM | Computer Name = gomer-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume H:.

Error - 8/7/2011 6:54:47 AM | Computer Name = gomer-PC | Source = DCOM | ID = 10010
Description =

Error - 8/7/2011 6:57:48 AM | Computer Name = gomer-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:55:55 PM on 8/7/2011 was unexpected.

Error - 8/7/2011 6:57:50 AM | Computer Name = gomer-PC | Source = HTTP | ID = 15016
Description =

Error - 8/7/2011 6:58:24 AM | Computer Name = gomer-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


Last edited by gomskii on 7th August 2011, 12:21 pm; edited 1 time in total (Reason for editing : wrong start)

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-07 19:38:57
-----------------------------
19:38:57.342 OS Version: Windows 6.0.6001 Service Pack 1
19:38:57.342 Number of processors: 2 586 0x170A
19:38:57.342 ComputerName: GOMER-PC UserName: gomer
19:38:58.465 Initialize success
19:39:24.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:39:24.554 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:39:24.569 Disk 0 MBR read successfully
19:39:24.585 Disk 0 MBR scan
19:39:24.585 Disk 0 Windows VISTA default MBR code
19:39:24.601 Disk 0 scanning sectors +976769024
19:39:24.694 Disk 0 scanning C:\Windows\system32\drivers
19:39:30.061 Service scanning
19:39:31.636 Modules scanning
19:39:37.954 Disk 0 trace - called modules:
19:39:37.985 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
19:39:38.001 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8646c528]
19:39:38.001 3 CLASSPNP.SYS[8aba8745] -> nt!IofCallDriver -> [0x859199c0]
19:39:38.017 5 acpi.sys[8069c6a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858cd028]
19:39:38.032 Scan finished successfully
19:47:58.324 Disk 0 MBR has been saved successfully to "C:\Users\gomer\Desktop\MBR.dat"
19:47:58.324 The log file has been saved successfully to "C:\Users\gomer\Desktop\aswMBR.txt"

I can not post OTL.txt and security text result...

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

I can not post OTL.txt and security text result....

Could you please explain why not?

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
************************************************************
I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*********************************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Uniblue RegistryBooster
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
**************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Hi dave,

This message appear if i copy the OTL.txt report

"New members are not allowed to post external links or emails for 7 days. Please contact the forum administrator for more information."

I have also tried to uninstall anything with related to ask.com but my avira webguard becomes inactive after.

Malwarebytes' Anti-Malware 1.51.1.1800
ww.malwarebytes.org

Database version: 7406

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

8/8/2011 3:43:47 PM
mbam-log-2011-08-08 (15-43-46).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 342633
Time elapsed: 1 hour(s), 27 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\torpe\Yuri\Ra2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
f:\installer and application\autocad_2009\Crack\xf-acad9-32-bits.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.

This message appear if i copy the OTL.txt report

"New members are not allowed to post external links or emails for 7 days. Please contact the forum administrator for more information."

You should contact the administrator about this.

Can you post the SAS and DDS logs?

i also can not post SAS result. but here's the attached file

SAS log 2

otl.txt

I would like to see the DDS logs. There should be two of them.

does the file need to be extracted? when i try to run dds.cmd it will run but close after without any log appears. I had also try to run it with no internet connection and a/v disabled

gomskii wrote:

does the file need to be extracted? when i try to run dds.cmd it will run but close after without any log appears. I had also try to run it with no internet connection and a/v disabled

No,it's not a zipped file. Did you try right-click and run as administrator?

If i right click on the file, no "run as administrator" appear, if i try to open it it will run a as notepad with random characters.

Does all your other programs work by just double-clicking? Did you have this problem running SAS and MBAM?
Let's try this.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Hi dave,
I only encouter this problem with the dds.scr, others can install easily. Below is the result of combofix log. After I finished running combofix. MBAM and Avira staus icon did not appear on the taskbar and a pop up message error appears for MBAM saying it fail to initialize status icon.

ComboFix 11-08-11.02 - gomer 08/11/2011 22:05:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.63.1033.18.3036.1933 [GMT 8:00]
Running from: c:\users\gomer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 14:12 . 2011-08-11 14:13 -------- d-----w- c:\users\gomer\AppData\Local\temp
2011-08-11 14:12 . 2011-08-11 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-08 06:06 . 2011-08-08 06:06 -------- d-----w- c:\users\gomer\AppData\Roaming\Malwarebytes
2011-08-08 06:06 . 2011-07-07 23:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-08 06:06 . 2011-08-08 06:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-08 06:06 . 2011-08-08 06:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-08 06:06 . 2011-07-07 23:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 04:05 . 2011-08-08 04:05 -------- d-----w- c:\users\gomer\AppData\Roaming\SUPERAntiSpyware.com
2011-08-08 04:04 . 2011-08-08 04:04 -------- d-----w- c:\programdata\!SASCORE
2011-08-08 04:04 . 2011-08-08 04:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-08 04:04 . 2011-08-08 04:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-06 14:18 . 2011-05-18 01:05 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-08-06 14:18 . 2011-05-18 01:05 196608 ----a-w- c:\windows\system32\fsquirt.exe
2011-08-06 14:18 . 2011-05-18 01:05 23040 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-08-06 14:18 . 2011-05-18 01:05 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-08-06 14:14 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-05 13:47 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B059A57A-2C29-42B3-AD6B-B962246C6462}\mpengine.dll
2011-07-18 01:14 . 2011-07-18 01:14 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 01:12 . 2011-07-18 01:12 -------- d-----w- c:\program files\iPod
2011-07-18 01:12 . 2011-07-18 01:13 -------- d-----w- c:\program files\iTunes
2011-07-18 01:07 . 2011-07-18 01:07 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 01:48 . 2009-09-30 11:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 01:48 . 2009-09-30 11:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-22 12:08 . 2011-05-16 01:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 11:14 . 2009-10-03 07:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-14 16:26 . 2011-05-02 06:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-07-03 19:17 1404928 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-16 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-16 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-20 1398056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"MDS_Menu"="c:\program files\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Desktop Navigator"="c:\program files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe" [2009-03-02 326144]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2009-07-03 3112960]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-12-19 5330760]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-19 8828744]
"CD Anywhere Launcher"="c:\program files\CDAnywhere_Free\insdrive.exe" [2006-11-09 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\gomer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-11-4 780840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 00:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 07:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 09:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 09:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 03:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-01-17 11:20 67448 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 05:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-10-10 81920]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 GarenaPEngine;GarenaPEngine;c:\users\gomer\AppData\Local\Temp\LACF95B.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-01-10 81192]
R4 RealtekUSB;RealtekUSB;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2007-07-27 36864]
S1 funfrm;funfrm; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-19 123264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 MSSQL$INSTANCENAME;SQL Server (INSTANCENAME);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-27 430080]
S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-08-29 48192]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-10-15 14336]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-20 107360]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-06-20 212992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]
S3 vm331avs;Lenovo EasyCamera;c:\windows\system32\Drivers\vm331avs.sys [2008-12-30 994688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:14]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:14]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962688223-3338955904-2700306485-1005Core.job
- c:\users\gomer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 14:26]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962688223-3338955904-2700306485-1005UA.job
- c:\users\gomer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 14:26]
.
2011-08-11 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-07 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = youtubeproxy.org:80
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 218.186.1.58 202.156.1.58 202.156.1.38
FF - ProfilePath - c:\users\gomer\AppData\Roaming\Mozilla\Firefox\Profiles\033xkgwe.default\
FF - prefs.js: network.proxy.type - 4
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Unattend0000000001{70EB91E7-FAAB-44A4-BA19-C0A45B228BC0} - c:\windows\test.bat
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 22:13
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\gomer\AppData\Local\Temp\LACF95B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-11 22:15:31
ComboFix-quarantined-files.txt 2011-08-11 14:15
.
Pre-Run: 25,620,860,928 bytes free
Post-Run: 25,879,564,288 bytes free
.
- - End Of File - - 28196700312C894BE08EB1D5D752AD67

Please download SREng

• Extract it to Desktop and double click SREngLdr.EXE to run it
  
• Select System Repair from the left pane.
  
• Click on File Association
  
• Select all entries that has an Error status click [Repair]
  
• Refer to this image for an example:
  
  
  
• In your case, it would be .SCR
  
• Close SREng now.
  

.
*************************************************
Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:



* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
**************************************************
Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  KillAll::
  DDS::
  uInternet Settings,ProxyServer = youtubeproxy.org:80
  
  

  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.
  

Hi dave kindly see results below:

http://virusscan.jotti.org/en/scanresult/383845ce40410f08c080b297aca668c557e261ed/23cb78315811690396e7fa8d2b551152ce41099f



ComboFix 11-08-11.02 - gomer 08/13/2011 22:35:25.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.63.1033.18.3036.1943 [GMT 8:00]
Running from: c:\users\gomer\Desktop\ComboFix.exe
Command switches used :: c:\users\gomer\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 14:45 . 2011-08-13 14:48 -------- d-----w- c:\users\gomer\AppData\Local\temp
2011-08-13 14:45 . 2011-08-13 14:45 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-08-13 14:45 . 2011-08-13 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-08 06:06 . 2011-08-08 06:06 -------- d-----w- c:\users\gomer\AppData\Roaming\Malwarebytes
2011-08-08 06:06 . 2011-07-07 23:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-08 06:06 . 2011-08-08 06:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-08 06:06 . 2011-08-08 06:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-08 06:06 . 2011-07-07 23:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-08 04:05 . 2011-08-08 04:05 -------- d-----w- c:\users\gomer\AppData\Roaming\SUPERAntiSpyware.com
2011-08-08 04:04 . 2011-08-08 04:04 -------- d-----w- c:\programdata\!SASCORE
2011-08-08 04:04 . 2011-08-08 04:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-08 04:04 . 2011-08-08 04:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-06 14:18 . 2011-05-18 01:05 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-08-06 14:18 . 2011-05-18 01:05 196608 ----a-w- c:\windows\system32\fsquirt.exe
2011-08-06 14:18 . 2011-05-18 01:05 23040 ----a-w- c:\windows\system32\drivers\bthenum.sys
2011-08-06 14:18 . 2011-05-18 01:05 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-08-06 14:14 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-05 13:47 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B059A57A-2C29-42B3-AD6B-B962246C6462}\mpengine.dll
2011-07-18 01:14 . 2011-07-18 01:14 -------- d-----w- c:\program files\Apple Software Update
2011-07-18 01:12 . 2011-07-18 01:12 -------- d-----w- c:\program files\iPod
2011-07-18 01:12 . 2011-07-18 01:13 -------- d-----w- c:\program files\iTunes
2011-07-18 01:07 . 2011-07-18 01:07 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 01:48 . 2009-09-30 11:10 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 01:48 . 2009-09-30 11:10 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-22 12:08 . 2011-05-16 01:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 11:14 . 2009-10-03 07:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-14 16:26 . 2011-05-02 06:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2009-07-03 19:17 1404928 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-27 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-16 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-16 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-20 1398056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"MDS_Menu"="c:\program files\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"Desktop Navigator"="c:\program files\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe" [2009-03-02 326144]
"VeriFaceManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2009-07-03 3112960]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2008-12-19 5330760]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2008-12-19 8828744]
"CD Anywhere Launcher"="c:\program files\CDAnywhere_Free\insdrive.exe" [2006-11-09 45056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\users\gomer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2008-11-4 780840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-02-19 00:22 1089536 ------r- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 07:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 09:57 86016 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 09:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 03:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 02:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 09:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-01-17 11:20 67448 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 05:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-25 29736]
R3 GarenaPEngine;GarenaPEngine;c:\users\gomer\AppData\Local\Temp\LACF95B.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-07 41272]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-01-10 81192]
R4 RealtekUSB;RealtekUSB;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2007-07-27 36864]
S1 funfrm;funfrm; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-07-19 123264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2009-10-10 81920]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 MSSQL$INSTANCENAME;SQL Server (INSTANCENAME);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 System_Repair_UpdateMonitor;System Repair Windows Update Monitor;c:\program files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe [2008-09-27 430080]
S2 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2008-08-29 48192]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2008-10-15 14336]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-20 107360]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-06-20 212992]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-24 45600]
S3 vm331avs;Lenovo EasyCamera;c:\windows\system32\Drivers\vm331avs.sys [2008-12-30 994688]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:14]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 07:14]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962688223-3338955904-2700306485-1005Core.job
- c:\users\gomer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 14:26]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962688223-3338955904-2700306485-1005UA.job
- c:\users\gomer\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 14:26]
.
2011-08-13 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-07 11:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 218.186.1.58 202.156.1.58 202.156.1.38
FF - ProfilePath - c:\users\gomer\AppData\Roaming\Mozilla\Firefox\Profiles\033xkgwe.default\
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-13 22:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\gomer\AppData\Local\Temp\LACF95B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3052)
c:\windows\system32\IcnOvrly.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\rundll32.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-13 22:52:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-13 14:52
ComboFix2.txt 2011-08-13 14:24
ComboFix3.txt 2011-08-11 14:15
.
Pre-Run: 24,441,393,152 bytes free
Post-Run: 24,512,913,408 bytes free
.
- - End Of File - - 92545BCF876A7DCFB5784D96B24965AB

I will need to see the report from Jotti's on that file.

Hi dave here's the link of the scan on jotti no report pop out after scan.

http://virusscan.jotti.org/en/scanresult/383845ce40410f08c080b297aca668c557e261ed/e620cade0a047463d0c32778be3cd4f437e7c036

Thank you.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8A906000
Module End: 8A9E0000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateSection
Address: 8B7348EE
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 8B7348F3
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8B73488F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20100401-194006-5EC8584E\AVSCAN-00000018.
Status: Hidden

Object: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20100401-194131-A69C3483\AVSCAN-00000018.
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\All Users\Avira\AntiVir Desktop\TEMP\AVSCAN-20100401-194006-5EC8584E\AVSCAN-00000018.
Status: Hidden

Object: C:\Users\All Users\Avira\AntiVir Desktop\TEMP\AVSCAN-20100401-194131-A69C3483\AVSCAN-00000018.
Status: Hidden

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied

Is there any change in how the computer is functioning now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

hi dave, last few days it was running ok. but still the boot up is a little bit slow. Just now when i try to check again my net on speedtest.net it was fluctuating again. I could not install ESET it was showing some errors kindly see attached photo.

hi dave, last few days it was running ok. but still the boot up is a little bit slow. Just now when i try to check again my net on speedtest.net it was fluctuating again. I could not install ESET it was showing some errors kindly see attached photo.

As stated in the instructions for ESET, Accept any security warnings from your browser.
Please try this tool for the slow boot.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

hi dave,

i run eset scanner, after finnished scanning there is no option "export to text file" appear. i have run 2 scans already. My PC looks like running normal now. Thanks to you.

That sounds good. I suppose we should do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

**************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*********************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***********************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!