Inactive Redirect virus and IE running in background, please help

Nothing there.

Besides "iexplore.exe" issue are you still getting redirected?

Restart computer in Safe Mode, then in Safe Mode with Networking and let me know if the issue happens in both Safe Modes.
 
I didnt get any redirects at all until I rebooted, then rebooted in safe mode and still had redirects.
and before i rebooted or anything, i wasn't getting redirected but IE.exe was still in the background and i kept getting the 'alt-tab' effect. just while typing in google or browsing my window would go into the background kind. its hard to explain really, but its just like typing something then suddenly you're not selected in that window anymore and you stop typing mid sentence until you click back into the window again to reselect it. and the top bar color changes to the background window color.

Pretty much back at square one it feels, except now i have all my hidden documents back.
although the two 'explorer.exe' in my processes tab is new and unusual.
 
That's perfectly normal.
In 32-bit system you'll have two "explorer.exe" processes running.
In 64-bit (like yours) you'll have explorer.exe and explorer.exe *32

I thought it was "iexplore.exe" running without IE even being open.
You misled me:
IE.exe was still in the background
Click to expand...

What other issue(s) do we still have there?
 
Oh no the two 'explorer.exe's are there in addition to the "iexplorer.exe" which will be taking anything from 15k memory all the way to 300k+. all running in the background. Sorry about that.

I haven't been getting any visible popups from IE though. Just the super annoying 'alt-tab' issue still.
 
i keep getting this 'alt-tab' effect. just while typing in google or browsing my window would go into the background kind. its hard to explain really, but its just like typing something then suddenly you're not selected in that window anymore and you stop typing mid sentence until you click back into the window again to reselect it. and the top bar color changes to the background window color.

or while playing counter-strike my game will randomly minimize.
 
Since starting my computer today i'm down to just one 'explorer.exe' running, the '*32' is gone. I tried opening my IE browser from my start menu and doing a google search and that is redirected aswell. when switched to images i get barley a page of results, can't change the safe search options.
I looking at the processes tab when I have my own IE running there are two 'iexplorer.exe's running at the same time. This doesn't happen when i have two windows of firefox open.
 
Not 15 minutes after posting #59 my firefox browser closes suddenly while on facebook. I ctrl-alt-delete to bring up my task manager to see if i can close a iexplorer.exe or something but in the blue windows screen that comes up the "task manager" option isn't there. So i reboot my computer and when it restarts I have a black desktop background, about 10 seconds later I get a flood of errors and a pop up about my hard disk. Exactly what happened the first time when all this started.

Here are the errors I got:

"Windows detected a hard disk problem

A potential disk failure may cause loss of files, applications and documents stored on the hard disk. It's highly recommended to scan and solve HDD problems before continuing using this PC.

--> Scan and Fix (recommended)
--> Delay scan"

I did nothing, closed it with the X and shut down my computer.

The error that spams me about 15-20 times is:

"Windows - Delayed Write Failed
Failed to save all the components for the file \\system32\\000000f5. The file is corrupted and unreadable. This error may be caused by a PC hardware problem."

Now i'm in safe mode with networking. My quick launch tool bar next to the start button is gone. my start menu is empty unless i click on "all programs". The only way i could open firefox was right clicking on a picture on my desktop and selecting "open with firefox"

I didn't do anything, how am i getting this again?

edit: and yes i get all the redirect problems in safemode, and i seem to be getting more IE windows popping up as well. Just the browser windows with random sites. and i got a stop script pop up from IE just now too. And my browser here is always "transferring data from ping.chartbeat.net..." dont know why.
 
two 'iexplorer.exe's running at the same time. This doesn't happen when i have two windows of firefox open.
Click to expand...
IE will open two "iexplore.exe" (not "iexplorer.exe") processes from the get go and it'll add another one for every new tab open.
Firefox will not.

Now, you're keep getting reinfected.
Do you have some other computer on the same network with files sharing enabled?

I'll need new log from:
- updated MBAM
- GMER
- DDS
- Combofix (delete current file, download new one)
 
Uh i don't think file sharing in enabled. I can log into my wifes laptop through the network if i need to though, not sure if thats the same thing. there is a password.
 
Ok i just ran the mbam and rebooted. my start menu and quick start toolbar is still gone but i can get into my task manager. still have a black background.
Running the rest but
Here's the log for mbam:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8203

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/20/2011 7:43:55 PM
mbam-log-2011-11-20 (19-43-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 416546
Time elapsed: 40 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xHYcClbRyx.exe (Trojan.FakeAlert) -> Value: xHYcClbRyx.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\xhycclbryx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Logan\AppData\Local\Temp\495.2581.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
c:\Users\Logan\AppData\Local\Temp\94EF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
 
Ok ran unhide twice, once with my antivirus off and my quick start toolbar is still gone, and the items on the left side of my start menu are back but the right side only has "computer"

here's the gmer and DDS logs:

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 20:09:41
Windows 6.1.7600
Running: b82hs1zq.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Counter 6884
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Help 6885
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Counter 6718
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Help 6719
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Object List 6718 6724 6734 6744 6764 6808 6818 6856 6862 6878
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...

---- EOF - GMER 1.0.15 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Logan at 20:19:40 on 2011-11-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6848 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindows: Load=C:\Users\Logan\AppData\Local\Temp\{56490~1.EXE
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DA45D596-F0B5-4D91-A250-057ACE743592} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-9 44768]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-9-6 327680]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-18 366152]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-21 01:48:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\offreg.dll
2011-11-19 00:45:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-18 12:26:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\mpengine.dll
2011-11-18 06:34:27 -------- d-----w- C:\Users\Logan\DoctorWeb
2011-11-18 04:57:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-18 03:15:07 -------- d-----w- C:\ComboFix
2011-11-16 05:57:03 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-14 01:41:47 98816 ----a-w- C:\Windows\sed.exe
2011-11-14 01:41:47 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-14 01:41:47 256000 ----a-w- C:\Windows\PEV.exe
2011-11-14 01:41:47 208896 ----a-w- C:\Windows\MBR.exe
2011-11-13 20:22:43 -------- d-----w- C:\Users\Logan\AppData\Roaming\Malwarebytes
2011-11-13 20:22:28 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-09 21:04:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:04:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:03:53 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:03:39 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-06 22:03:36 -------- d-----w- C:\ProgramData\Age of Empires 3
2011-11-06 21:44:07 34304 ----a-r- C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
2011-11-06 21:37:48 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
2011-11-06 20:11:53 -------- d-----w- C:\Users\Logan\AppData\Local\WB Games
.
==================== Find3M ====================
.
2011-10-22 02:24:07 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-10-15 16:08:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 17:53:20 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-10-03 17:53:16 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-10-03 17:53:00 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-10-03 17:52:56 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-03 17:52:46 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-03 17:52:34 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-03 17:43:00 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-10-03 17:42:58 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-10-03 16:56:42 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-03 16:24:38 24996864 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-03 16:03:46 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-03 16:03:36 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-03 16:03:04 18836480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-03 16:02:24 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-03 16:00:04 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-03 15:59:54 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-03 15:59:22 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-03 15:58:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-03 15:58:04 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-03 15:57:58 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-03 15:57:48 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-03 15:57:44 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-03 15:57:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-03 15:57:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-03 15:54:56 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-03 15:49:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-03 15:49:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-03 15:48:58 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-03 15:46:12 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-03 15:39:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-03 15:39:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-03 15:39:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-03 15:39:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-03 15:39:28 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-03 15:39:12 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-03 15:36:02 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-03 15:35:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-03 15:30:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-03 15:29:30 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-03 15:23:18 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-03 15:23:10 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-03 15:22:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-03 15:22:54 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-03 15:22:54 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-03 15:22:52 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-03 15:22:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-03 15:22:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-03 15:22:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-03 15:21:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-03 15:21:48 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-03 15:21:42 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-03 15:21:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 21:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 21:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 21:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-04 00:10:22 499712 ----a-w- C:\Windows\System32\MSVCP71.DLL
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 20:31:09.43 ===============

ATTACH:::

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/29/2010 12:11:59 AM
System Uptime: 11/20/2011 8:17:42 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Rampage III GENE
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 211.082 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP270: 11/14/2011 1:07:11 PM - OTL Restore Point - 11/14/2011 1:07:07 PM
RP271: 11/15/2011 2:21:57 PM - Windows Update
RP272: 11/17/2011 9:17:01 PM - ComboFix created restore point
RP273: 11/18/2011 6:25:56 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.3.3
Age of Empires III
Age of Empires III - The WarChiefs
Apple Application Support
Apple Software Update
ASUS Wireless Router WL-520GU Utilities
avast! Free Antivirus
Brad Smith Easy SFV Creator
Canon My Printer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco AnyConnect VPN Client
Counter-Strike: Condition Zero
Counter-Strike: Source
Curse Client
Day of Defeat: Source
Diablo II
Driver Sweeper version 2.7.5
eReg
Heroes of Newerth
Hitman 2: Silent Assassin
Hitman: Codename 47
HydraVision
Java Auto Updater
Java(TM) 6 Update 26
Left 4 Dead 2
Magic: The Gathering - Duels of the Planeswalkers
Malwarebytes' Anti-Malware version 1.51.2.1300
marvell 91xx driver
Mass Effect
Memoir '44 Online
MergeModules
Microsoft .NET Framework 1.1
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoConnect 1.1.31
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nation Red
NEC Electronics USB 3.0 Host Controller Driver
Network Addon Mod Version 30 with Essentials r132
Nexon Game Manager
NVIDIA PhysX
Pando Media Booster
PDF Settings CS5
Platform
Portal
QuickTime
SC4Mapper
Shattered Galaxy
SimCity 4 Deluxe
Skype Toolbars
Skype™ 5.3
StarCraft II
Steam
Team Fortress 2
Ubisoft Game Launcher
VIA Platform Device Manager
Windows Media Player Firefox Plugin
World of Warcraft
Worms Reloaded
.
==== Event Viewer Messages From Past Week ========
.
11/20/2011 8:20:39 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/20/2011 8:20:39 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/20/2011 7:40:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2011 6:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/20/2011 6:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/20/2011 5:58:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2011 5:58:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/20/2011 5:58:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/20/2011 5:58:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/20/2011 5:58:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/20/2011 5:58:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr sptd Wanarpv6
11/20/2011 5:57:53 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/20/2011 5:51:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.
11/18/2011 9:37:39 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
11/18/2011 8:30:02 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/18/2011 5:20:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MotoConnect Service service to connect.
11/18/2011 5:20:56 PM, Error: Service Control Manager [7000] - The MotoConnect Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2011 5:20:49 PM, Error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
11/18/2011 5:20:24 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2011 5:19:22 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2011 5:19:12 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
11/18/2011 5:19:00 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/18/2011 5:18:56 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
11/18/2011 5:18:50 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 4000 milliseconds: Restart the service.
11/18/2011 5:18:48 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/18/2011 5:18:47 PM, Error: Service Control Manager [7034] - The ASUS Virtual MFP Service service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 5:18:47 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 5:18:47 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/18/2011 5:04:41 PM, Error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: Access is denied.
11/18/2011 5:02:31 PM, Error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The pipe has been ended.
11/17/2011 9:50:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/17/2011 11:43:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/17/2011 11:43:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/17/2011 11:43:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 1:58:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/14/2011 2:02:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
11/13/2011 8:15:18 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/13/2011 2:27:59 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
.
==== End Of File ===========================
 
ah, thats annoying. But my background is still black... assuming that it just erased what i had it set to. and the icons on the right of my start bar aren't being hidden anymore. sigh.

heres the combofix log.

ComboFix 11-11-20.02 - Logan 11/20/2011 20:45:41.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6505 [GMT -6:00]
Running from: c:\users\Logan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 03:15 . 2011-11-21 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 01:48 . 2011-11-21 03:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\offreg.dll
2011-11-19 00:45 . 2011-11-19 00:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-18 12:26 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\mpengine.dll
2011-11-18 06:34 . 2011-11-18 07:37 -------- d-----w- c:\users\Logan\DoctorWeb
2011-11-16 05:57 . 2011-11-16 05:57 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\users\Logan\AppData\Roaming\Malwarebytes
2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 21:04 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:04 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:03 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:03 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 22:03 . 2011-11-06 22:03 -------- d-----w- c:\programdata\Age of Empires 3
2011-11-06 21:44 . 2006-08-30 22:03 34304 ----a-r- c:\program files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
2011-11-06 21:37 . 2011-11-09 20:40 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2011-11-06 20:11 . 2011-11-06 20:11 -------- d-----w- c:\users\Logan\AppData\Local\WB Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 02:24 . 2010-11-15 07:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-10-15 16:08 . 2011-05-18 19:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 17:53 . 2011-10-03 17:53 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-10-03 17:53 . 2011-10-03 17:53 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-10-03 17:53 . 2011-10-03 17:53 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-03 17:52 . 2011-10-03 17:52 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-03 17:52 . 2011-10-03 17:52 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-03 17:52 . 2011-10-03 17:52 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-03 17:43 . 2011-10-03 17:43 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-10-03 17:42 . 2011-10-03 17:42 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-10-03 16:56 . 2011-10-03 16:56 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-03 16:24 . 2011-10-03 16:24 24996864 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-03 16:03 . 2011-10-03 16:03 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-03 16:03 . 2011-10-03 16:03 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-03 16:03 . 2011-10-03 16:03 18836480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-03 16:02 . 2011-10-03 16:02 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-03 16:00 . 2011-10-03 16:00 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-03 15:59 . 2011-10-03 15:59 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-03 15:59 . 2011-10-03 15:59 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-03 15:58 . 2011-10-03 15:58 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-03 15:58 . 2011-10-03 15:58 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-03 15:57 . 2011-10-03 15:57 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-03 15:57 . 2011-10-03 15:57 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-03 15:57 . 2011-10-03 15:57 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-03 15:57 . 2011-10-03 15:57 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-03 15:57 . 2011-10-03 15:57 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-03 15:54 . 2011-10-03 15:54 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-03 15:49 . 2011-10-03 15:49 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-03 15:49 . 2011-10-03 15:49 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-03 15:48 . 2011-10-03 15:48 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-03 15:46 . 2011-10-03 15:46 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-03 15:39 . 2011-10-03 15:39 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-03 15:39 . 2011-10-03 15:39 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-03 15:39 . 2011-10-03 15:39 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-03 15:39 . 2011-10-03 15:39 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-03 15:39 . 2011-10-03 15:39 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-03 15:39 . 2011-10-03 15:39 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-03 15:36 . 2011-10-03 15:36 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-03 15:35 . 2011-10-03 15:35 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-03 15:30 . 2011-10-03 15:30 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-03 15:29 . 2011-10-03 15:29 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-03 15:23 . 2011-10-03 15:23 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-03 15:23 . 2011-10-03 15:23 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-03 15:22 . 2011-10-03 15:22 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-03 15:22 . 2011-10-03 15:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-03 15:22 . 2011-10-03 15:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-03 15:21 . 2011-10-03 15:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-03 15:21 . 2011-10-03 15:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-03 15:21 . 2011-10-03 15:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-03 15:21 . 2011-10-03 15:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-01 03:21 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 21:45 . 2010-07-29 06:09 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 21:45 . 2010-07-29 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 21:45 . 2011-04-11 21:35 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:38 . 2011-04-11 21:35 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 21:38 . 2010-07-29 06:10 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2010-07-29 06:10 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2010-07-29 06:10 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2010-07-29 06:10 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 21:36 . 2010-07-29 06:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-04 00:10 . 2003-03-19 08:14 499712 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-08-27 05:40 . 2011-10-13 19:48 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-13 19:48 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 19:48 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 19:48 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-14_02.22.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-21 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-21 02:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-14 02:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-21 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-29 05:43 . 2011-11-21 03:19 39992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 03:19 30550 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-29 20:04 . 2011-11-19 23:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-29 20:04 . 2011-11-13 02:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-29 20:04 . 2011-11-13 02:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-29 20:04 . 2011-11-19 23:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-13 02:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 23:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-29 05:15 . 2011-11-21 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-09 20:58 . 2011-11-21 02:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-09 20:58 . 2011-11-14 02:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-09 20:58 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-09 20:58 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-09 20:58 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-11-09 20:58 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-29 05:15 . 2011-11-21 03:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-29 05:15 . 2011-11-21 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-29 05:15 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-29 05:15 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-29 05:16 . 2011-11-21 03:19 9414 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3619874440-108817763-147304035-1001_UserData.bin
- 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-21 03:17 . 2011-11-21 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-21 03:17 . 2011-11-21 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-29 23:32 . 2011-11-21 03:09 466156 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-11-21 02:25 623890 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-14 00:27 623890 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-21 02:25 107522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-14 00:27 107522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-14 02:19 483772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-20 23:49 483772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-08-12 08:08 . 2011-11-21 03:17 1527832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-08-12 08:08 . 2011-11-09 08:36 1527832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-04 08:11 . 2011-11-20 23:49 7528328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3619874440-108817763-147304035-1001-12288.dat
- 2010-08-04 08:11 . 2011-11-14 02:19 7528328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3619874440-108817763-147304035-1001-12288.dat
- 2009-07-14 02:34 . 2011-11-13 18:16 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 02:00 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-14 2426368]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2008-07-21 327680]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a5,75,5b,5a,a5,56,35,a3,dc,c6,bf,73,f8,36,2d,ba,41,51,ab,39,83,6c,0c,
86,d6,fe,b1,f8,85,1c,27,07,28,d2,98,10,ca,1f,e0,40,26,b5,8b,f5,1a,fc,d4,4e,\
"??"=hex:67,15,c8,29,8a,0a,10,1a,98,7a,31,a6,67,f4,4d,f8
.
[HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\License information*]
"datasecu"=hex:0e,b7,66,38,00,b8,ed,86,cb,66,a2,d6,2f,a2,78,ad,46,40,c9,5a,99,
30,e0,c3,64,26,57,60,16,ec,86,3c,b7,61,7a,b3,96,fe,1f,c9,eb,49,65,d2,98,a4,\
"rkeysecu"=hex:69,f6,b3,00,7a,1a,83,1d,c3,a1,02,9f,7b,fb,b4,8d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2011-11-20 21:37:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 03:37
ComboFix2.txt 2011-11-18 04:16
ComboFix3.txt 2011-11-14 05:25
.
Pre-Run: 227,064,119,296 bytes free
Post-Run: 232,829,116,416 bytes free
.
- - End Of File - - 2B73E90D2EC5469E19627276DDB853DA
 
You should be able to change your background manually.
Let me know.

Any visible issues?

I can see you operate from normal mode now.

Update MBAM and run full scan in normal mode.
Post the log.

When done.....

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Click on "Preferences" button.
  • Click the "Scanning Control" tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen checkmark "Complete scan" and click "Scan your computer".
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.
 
Running the mbam, but i noticed i have an extra drive thats not usually there. E: is "BD-ROM Drive" I only have one DVD drive and thats D: and my external Hard drive is off like normal. Ill post back when mbam is done.
 
New MBAM, nothing found:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8203

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/20/2011 11:16:48 PM
mbam-log-2011-11-20 (23-16-48).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 414541
Time elapsed: 46 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Super Antispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/21/2011 at 00:43 AM

Application Version : 5.0.1136

Core Rules Database Version : 7965
Trace Rules Database Version: 5777

Scan type : Complete Scan
Total Scan Time : 01:03:30

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 327
Memory threats detected : 0
Registry items scanned : 70687
Registry threats detected : 0
File items scanned : 275314
File threats detected : 2

Trojan.Agent/Gen-FakeDrop
C:\PROGRAM FILES (X86)\SC4MAPPER\UNINSTAL.EXE

Trojan.Agent/Gen-Frauder
C:\USERS\LOGAN\DESKTOP\GAMES\DOWNLOADS\RAGE UPDATE 1 FOR BLACK BOX\SKIDROW\LAUNCHER.EXE
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back