TechSpot

Google search result redirect (hijacker/virus?)

By Isamu1
Feb 12, 2012
  1. Approximately 3 days ago, my computer began suffering google redirection issues. Upon clicking on a link, I would be redirected to a site known as vredsearch.net. If anyone is willing to help me out, I would be extremely thankful!

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.11.04

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Zikomo :: ZIKOMO-PC [administrator]

    2/12/2012 5:03:12 PM
    mbam-log-2012-02-12 (17-03-12).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212565
    Time elapsed: 5 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-12 17:29:00
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3160023AS rev.3.05
    Running: 3lwueqwx.exe; Driver: C:\Users\Zikomo\AppData\Local\Temp\axdiypog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x912BA7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Zikomo at 17:31:51 on 2012-02-12
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.933 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Windows\system32\mqsvc.exe
    C:\Program Files\Prio\prio_svc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [Akamai NetSession Interface] "c:\users\zikomo\appdata\local\akamai\netsession_win.exe"
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    StartupFolder: c:\users\zikomo\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    uPolicies-system: DisableLockWorkstation = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\zikomo\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    TCP: Interfaces\{54750648-9F77-473B-BDC4-0ED86CC98D2A} : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 94.63.147.14 www.google.com
    Hosts: 94.63.147.15 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\zikomo\appdata\roaming\mozilla\firefox\profiles\cd4j3ip0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://latale.ogplanet.com/en/main.og
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - plugin: c:\windows\system32\npOGPPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-1 15672]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-11 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-11 314456]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-3 239168]
    R1 prio;prio;c:\windows\system32\drivers\prio.sys [2011-6-27 52656]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-5 163328]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-11 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-11 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-11 44768]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
    R2 prio_svc;Prio Service;c:\program files\prio\prio_svc.exe [2011-6-27 11184]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-5 9067008]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-5 264192]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-7-21 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
    S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
    S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-21 1343400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-02-12 20:15:36 -------- d-----w- c:\users\zikomo\appdata\local\ElevatedDiagnostics
    2012-02-11 16:28:05 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2012-02-11 15:47:25 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2012-02-11 14:08:47 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-11 14:08:45 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-11 14:08:32 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-11 14:08:20 -------- d-----w- c:\programdata\AVAST Software
    2012-02-11 14:08:20 -------- d-----w- c:\program files\AVAST Software
    2012-02-11 12:51:25 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-11 12:51:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-11 05:04:36 -------- d-----w- c:\program files\AMD APP
    2012-02-11 05:01:11 -------- d-----w- C:\AMD
    2012-02-11 02:57:33 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-10 03:29:57 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-10 01:49:47 -------- d-----w- c:\users\zikomo\appdata\roaming\Malwarebytes
    2012-02-10 01:49:38 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-03 09:29:56 42392 ----a-w- c:\windows\system32\xfcodec.dll
    2012-01-28 18:49:53 -------- d-----w- c:\program files\BandiMPEG1
    2012-01-13 23:30:43 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-01-13 23:30:42 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    ==================== Find3M ====================
    .
    2012-02-11 02:58:47 52656 ----a-w- c:\windows\system32\drivers\prio.sys
    2012-01-03 21:15:09 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-12-06 03:44:22 9067008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-12-06 03:17:50 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-12-06 03:17:36 778752 ----a-w- c:\windows\system32\aticfx32.dll
    2011-12-06 03:12:52 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-12-06 03:12:16 404992 ----a-w- c:\windows\system32\atieclxx.exe
    2011-12-06 03:11:44 163328 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-12-06 03:10:30 163840 ----a-w- c:\windows\system32\atitmmxx.dll
    2011-12-06 03:10:12 360448 ----a-w- c:\windows\system32\atipdlxx.dll
    2011-12-06 03:10:00 278528 ----a-w- c:\windows\system32\Oemdspif.dll
    2011-12-06 03:09:54 20992 ----a-w- c:\windows\system32\atimuixx.dll
    2011-12-06 03:09:44 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2011-12-06 03:06:38 6159872 ----a-w- c:\windows\system32\atidxx32.dll
    2011-12-06 03:04:00 59904 ----a-w- c:\windows\system32\OpenVideo.dll
    2011-12-06 03:03:52 54784 ----a-w- c:\windows\system32\OVDecode.dll
    2011-12-06 03:03:04 14499328 ----a-w- c:\windows\system32\amdocl.dll
    2011-12-06 02:56:40 19125760 ----a-w- c:\windows\system32\atioglxx.dll
    2011-12-06 02:39:24 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
    2011-12-06 02:34:24 46080 ----a-w- c:\windows\system32\aticalrt.dll
    2011-12-06 02:34:14 44032 ----a-w- c:\windows\system32\aticalcl.dll
    2011-12-06 02:33:36 5919232 ----a-w- c:\windows\system32\atiumdag.dll
    2011-12-06 02:29:30 11484672 ----a-w- c:\windows\system32\aticaldd.dll
    2011-12-06 02:28:50 4206592 ----a-w- c:\windows\system32\atiumdva.dll
    2011-12-06 02:18:42 51200 ----a-w- c:\windows\system32\coinst.dll
    2011-12-06 02:12:50 356352 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-12-06 02:12:34 14336 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-12-06 02:12:22 33280 ----a-w- c:\windows\system32\atigktxx.dll
    2011-12-06 02:11:50 264192 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-12-06 02:11:16 33280 ----a-w- c:\windows\system32\atiuxpag.dll
    2011-12-06 02:11:02 29696 ----a-w- c:\windows\system32\atiu9pag.dll
    2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\atimpc32.dll
    2011-12-06 02:10:42 53760 ----a-w- c:\windows\system32\amdpcom32.dll
    2011-12-06 02:10:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:01:00 67072 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 05:41:52 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-17 05:41:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-11-17 05:39:24 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2011-11-17 05:38:39 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-17 05:35:02 314880 ----a-w- c:\windows\system32\webio.dll
    2011-11-17 05:34:55 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 05:34:55 100352 ----a-w- c:\windows\system32\sspicli.dll
    2011-11-17 05:34:52 224768 ----a-w- c:\windows\system32\schannel.dll
    2011-11-17 05:34:52 22016 ----a-w- c:\windows\system32\secur32.dll
    2011-11-17 05:32:51 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-17 05:29:50 22528 ----a-w- c:\windows\system32\lsass.exe
    2011-11-15 22:57:06 2463744 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
    2011-11-15 22:57:02 122880 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
    .
    ============= FINISH: 17:32:23.41 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/19/2011 9:24:23 AM
    System Uptime: 2/12/2012 4:18:23 PM (1 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | G31TM-P21 (MS-7529)
    Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz | CPU1 | 2603/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 99.507 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: 5689
    Device ID: ROOT\LEGACY_5689\0000
    Manufacturer:
    Name: 5689
    PNP Device ID: ROOT\LEGACY_5689\0000
    Service: 5689
    .
    ==== System Restore Points ===================
    .
    RP74: 2/11/2012 12:37:41 AM - Installed Microsoft Fix it 50123
    RP75: 2/11/2012 9:07:54 AM - avast! Free Antivirus Setup
    RP76: 2/11/2012 11:27:34 AM - Removed SpyHunter
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AC3Filter 1.63b
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Media Foundation Decoders
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Bandisoft MPEG-1 Decoder
    Bing Bar
    Bonjour
    CamStudio
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CrossLoop 2.51
    D3DX10
    DAEMON Tools Lite
    DragonNest
    DVD Decrypter (Remove Only)
    Elsword version 1.10
    ffdshow v1.1.3800 [2011-03-28]
    Flyff
    Foxit Reader 5.0
    Free YouTube Download version 3.0.16.923
    Game Booster 3
    GIMP 2.6.11
    ImgBurn
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    La Tale
    Malwarebytes Anti-Malware version 1.60.1.1000
    MapleStory
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 10.0.1 (x86 en-US)
    MSVCRT
    MWSnap 3
    Nexon Game Manager
    OGPlanet Game Launcher
    Pando Media Booster
    Picasa 3
    Prio
    QuickTime
    S4 League_EU
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Smart Defrag 2
    TuneUp Companion 2.2.7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WavePad Sound Editor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.01 (32-bit)
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2012 3:15:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    2/9/2012 3:15:02 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/8/2012 7:51:17 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    2/8/2012 5:48:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    2/8/2012 5:47:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    2/8/2012 5:46:38 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/8/2012 5:46:38 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/7/2012 5:08:35 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2/7/2012 5:08:16 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2/7/2012 5:05:45 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    2/5/2012 8:49:03 AM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    2/5/2012 2:09:18 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    2/12/2012 4:23:22 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    2/12/2012 4:19:26 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    2/12/2012 4:19:22 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    2/12/2012 4:19:10 PM, Error: Service Control Manager [7023] - The R300 service terminated with the following error: The specified module could not be found.
    2/12/2012 4:19:10 PM, Error: Service Control Manager [7000] - The 5689 service failed to start due to the following error: The system cannot find the file specified.
    2/12/2012 4:19:09 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
    2/12/2012 4:19:09 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    2/12/2012 4:19:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The system cannot find the file specified.
    2/12/2012 4:19:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The system cannot find the file specified.
    2/12/2012 4:19:08 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The system cannot find the file specified.
    2/12/2012 4:18:55 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
    2/12/2012 12:22:56 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/12/2012 11:31:56 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/11/2012 8:47:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    2/11/2012 12:43:26 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    2/11/2012 12:03:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
    2/11/2012 12:03:09 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/11/2012 10:51:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/11/2012 10:51:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/11/2012 10:42:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/11/2012 10:40:29 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 10:40:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/11/2012 10:40:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/11/2012 10:40:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/11/2012 10:40:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/11/2012 10:39:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6
    2/11/2012 10:39:55 AM, Error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
    2/11/2012 10:39:55 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/10/2012 9:49:53 PM, Error: Service Control Manager [7023] - The Dsproct service terminated with the following error: Access is denied.
    2/10/2012 9:35:04 PM, Error: Service Control Manager [7023] - The Mfcom service terminated with the following error: Access is denied.
    2/10/2012 9:34:18 PM, Error: Service Control Manager [7023] - The Dbmang service terminated with the following error: Access is denied.
    2/10/2012 8:04:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 8:02:08 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 7:56:55 PM, Error: Service Control Manager [7023] - The Nidomainservice service terminated with the following error: Access is denied.
    2/10/2012 7:41:55 PM, Error: Service Control Manager [7023] - The A016mdm service terminated with the following error: Access is denied.
    2/10/2012 7:26:55 PM, Error: Service Control Manager [7023] - The Pdcomp service terminated with the following error: Access is denied.
    2/10/2012 7:11:56 PM, Error: Service Control Manager [7023] - The Svcwrsssdk service terminated with the following error: Access is denied.
    2/10/2012 6:58:16 PM, Error: Service Control Manager [7023] - The Symantecantibotwatcher service terminated with the following error: Access is denied.
    2/10/2012 6:57:00 PM, Error: Service Control Manager [7023] - The Mksupdateint service terminated with the following error: Access is denied.
    2/10/2012 5:13:19 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    2/10/2012 5:12:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xfe9f5074, 0x00000002, 0x00000001, 0x82cd38eb). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021012-52619-01.
    2/10/2012 5:10:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    2/10/2012 4:03:37 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Task Scheduler service, but this action failed with the following error: An instance of the service is already running.
    2/10/2012 4:00:39 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    2/10/2012 3:51:46 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 3:51:46 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    2/10/2012 3:51:46 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2012 3:51:46 PM, Error: Service Control Manager [7000] - The DNS Client service failed to start due to the following error: The pipe has been ended.
    2/10/2012 11:33:54 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/10/2012 11:33:54 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    2/10/2012 11:05:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service has not been started.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. Isamu1

    Isamu1 TS Rookie Topic Starter

    Thank you for your help Broni, but I think i may have just solved my own problem. I did a little research and found that my hosts file in C:\Windows\system32\drivers\etc had been changed. There were two new IPs for Bing and Google. I deleted them, and everything seems to have returned to normal. The Google page has changed, and now has its search prediction feature back along with gmail,calendar,document, and I am no longer redirected. Also deleted cookies. Once again, thank you for your help!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You're very welcome [​IMG]
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...