TechSpot

Redirect virus and IE running in background, please help

Inactive
By Solrock
Nov 13, 2011
  1. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Nothing there.

    Besides "iexplore.exe" issue are you still getting redirected?

    Restart computer in Safe Mode, then in Safe Mode with Networking and let me know if the issue happens in both Safe Modes.
  2. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    I didnt get any redirects at all until I rebooted, then rebooted in safe mode and still had redirects.
    and before i rebooted or anything, i wasn't getting redirected but IE.exe was still in the background and i kept getting the 'alt-tab' effect. just while typing in google or browsing my window would go into the background kind. its hard to explain really, but its just like typing something then suddenly you're not selected in that window anymore and you stop typing mid sentence until you click back into the window again to reselect it. and the top bar color changes to the background window color.

    Pretty much back at square one it feels, except now i have all my hidden documents back.
    although the two 'explorer.exe' in my processes tab is new and unusual.
  3. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Is it "explorer.exe" or "iexplore.exe"?
    Two "explorer.exe" is completely normal.
  4. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    explorer.exe and explorer.exe *32 I've never seen it like that before but maybe i just didnt notice.
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    That's perfectly normal.
    In 32-bit system you'll have two "explorer.exe" processes running.
    In 64-bit (like yours) you'll have explorer.exe and explorer.exe *32

    I thought it was "iexplore.exe" running without IE even being open.
    You misled me:
    What other issue(s) do we still have there?
  6. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Oh no the two 'explorer.exe's are there in addition to the "iexplorer.exe" which will be taking anything from 15k memory all the way to 300k+. all running in the background. Sorry about that.

    I haven't been getting any visible popups from IE though. Just the super annoying 'alt-tab' issue still.
  7. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    More details please.
  8. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    i keep getting this 'alt-tab' effect. just while typing in google or browsing my window would go into the background kind. its hard to explain really, but its just like typing something then suddenly you're not selected in that window anymore and you stop typing mid sentence until you click back into the window again to reselect it. and the top bar color changes to the background window color.

    or while playing counter-strike my game will randomly minimize.
  9. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Since starting my computer today i'm down to just one 'explorer.exe' running, the '*32' is gone. I tried opening my IE browser from my start menu and doing a google search and that is redirected aswell. when switched to images i get barley a page of results, can't change the safe search options.
    I looking at the processes tab when I have my own IE running there are two 'iexplorer.exe's running at the same time. This doesn't happen when i have two windows of firefox open.
  10. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Not 15 minutes after posting #59 my firefox browser closes suddenly while on facebook. I ctrl-alt-delete to bring up my task manager to see if i can close a iexplorer.exe or something but in the blue windows screen that comes up the "task manager" option isn't there. So i reboot my computer and when it restarts I have a black desktop background, about 10 seconds later I get a flood of errors and a pop up about my hard disk. Exactly what happened the first time when all this started.

    Here are the errors I got:

    "Windows detected a hard disk problem

    A potential disk failure may cause loss of files, applications and documents stored on the hard disk. It's highly recommended to scan and solve HDD problems before continuing using this PC.

    --> Scan and Fix (recommended)
    --> Delay scan"

    I did nothing, closed it with the X and shut down my computer.

    The error that spams me about 15-20 times is:

    "Windows - Delayed Write Failed
    Failed to save all the components for the file \\system32\\000000f5. The file is corrupted and unreadable. This error may be caused by a PC hardware problem."

    Now i'm in safe mode with networking. My quick launch tool bar next to the start button is gone. my start menu is empty unless i click on "all programs". The only way i could open firefox was right clicking on a picture on my desktop and selecting "open with firefox"

    I didn't do anything, how am i getting this again?

    edit: and yes i get all the redirect problems in safemode, and i seem to be getting more IE windows popping up as well. Just the browser windows with random sites. and i got a stop script pop up from IE just now too. And my browser here is always "transferring data from ping.chartbeat.net..." dont know why.
  11. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    IE will open two "iexplore.exe" (not "iexplorer.exe") processes from the get go and it'll add another one for every new tab open.
    Firefox will not.

    Now, you're keep getting reinfected.
    Do you have some other computer on the same network with files sharing enabled?

    I'll need new log from:
    - updated MBAM
    - GMER
    - DDS
    - Combofix (delete current file, download new one)
     
  12. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Do i need another computer or can i just do all that in safemode?
  13. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Safe Mode with Networking will be fine for now.

    You didn't say:
  14. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Uh i don't think file sharing in enabled. I can log into my wifes laptop through the network if i need to though, not sure if thats the same thing. there is a password.
  15. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    That's fine.
    Go on....
  16. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Ok i just ran the mbam and rebooted. my start menu and quick start toolbar is still gone but i can get into my task manager. still have a black background.
    Running the rest but
    Here's the log for mbam:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8203

    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    11/20/2011 7:43:55 PM
    mbam-log-2011-11-20 (19-43-55).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 416546
    Time elapsed: 40 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 4
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xHYcClbRyx.exe (Trojan.FakeAlert) -> Value: xHYcClbRyx.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\xhycclbryx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Logan\AppData\Local\Temp\495.2581.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
    c:\Users\Logan\AppData\Local\Temp\94EF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
  17. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
  18. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Ok ran unhide twice, once with my antivirus off and my quick start toolbar is still gone, and the items on the left side of my start menu are back but the right side only has "computer"

    here's the gmer and DDS logs:

    GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-20 20:09:41
    Windows 6.1.7600
    Running: b82hs1zq.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Counter 6884
    Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Help 6885
    Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Counter 6718
    Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Help 6719
    Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Object List 6718 6724 6734 6744 6764 6808 6818 6856 6862 6878
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...

    ---- EOF - GMER 1.0.15 ----

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    DDS
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by Logan at 20:19:40 on 2011-11-20
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6848 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindows: Load=C:\Users\Logan\AppData\Local\Temp\{56490~1.EXE
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DA45D596-F0B5-4D91-A250-057ACE743592} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-9 44768]
    R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
    R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-9-6 327680]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    R3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-18 366152]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
    S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-21 01:48:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\offreg.dll
    2011-11-19 00:45:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-11-18 12:26:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\mpengine.dll
    2011-11-18 06:34:27 -------- d-----w- C:\Users\Logan\DoctorWeb
    2011-11-18 04:57:30 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-11-18 03:15:07 -------- d-----w- C:\ComboFix
    2011-11-16 05:57:03 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-11-14 01:41:47 98816 ----a-w- C:\Windows\sed.exe
    2011-11-14 01:41:47 518144 ----a-w- C:\Windows\SWREG.exe
    2011-11-14 01:41:47 256000 ----a-w- C:\Windows\PEV.exe
    2011-11-14 01:41:47 208896 ----a-w- C:\Windows\MBR.exe
    2011-11-13 20:22:43 -------- d-----w- C:\Users\Logan\AppData\Roaming\Malwarebytes
    2011-11-13 20:22:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-11-09 21:04:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 21:04:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 21:03:53 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 21:03:39 3141120 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-06 22:03:36 -------- d-----w- C:\ProgramData\Age of Empires 3
    2011-11-06 21:44:07 34304 ----a-r- C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
    2011-11-06 21:37:48 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
    2011-11-06 20:11:53 -------- d-----w- C:\Users\Logan\AppData\Local\WB Games
    .
    ==================== Find3M ====================
    .
    2011-10-22 02:24:07 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2011-10-15 16:08:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 17:53:20 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-10-03 17:53:16 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-10-03 17:53:00 51200 ----a-w- C:\Windows\System32\OpenCL.dll
    2011-10-03 17:52:56 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2011-10-03 17:52:46 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-10-03 17:52:34 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-10-03 17:43:00 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
    2011-10-03 17:42:58 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
    2011-10-03 16:56:42 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-10-03 16:24:38 24996864 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-10-03 16:03:46 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-10-03 16:03:36 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-10-03 16:03:04 18836480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-10-03 16:02:24 862720 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-10-03 16:00:04 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-10-03 15:59:54 486912 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-10-03 15:59:22 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-10-03 15:58:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-10-03 15:58:04 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-10-03 15:57:58 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-10-03 15:57:48 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-10-03 15:57:44 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-10-03 15:57:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-10-03 15:57:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-10-03 15:54:56 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-10-03 15:49:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-10-03 15:49:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-10-03 15:48:58 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-10-03 15:46:12 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-10-03 15:39:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-10-03 15:39:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-10-03 15:39:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-10-03 15:39:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-10-03 15:39:28 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-10-03 15:39:12 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-10-03 15:36:02 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-10-03 15:35:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-10-03 15:30:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-10-03 15:29:30 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-10-03 15:23:18 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-10-03 15:23:10 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-10-03 15:22:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-10-03 15:22:54 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-10-03 15:22:54 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-10-03 15:22:52 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-10-03 15:22:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-10-03 15:22:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-10-03 15:22:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-10-03 15:21:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-10-03 15:21:48 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-10-03 15:21:42 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-10-03 15:21:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-06 21:45:29 41184 ----a-w- C:\Windows\avastSS.scr
    2011-09-06 21:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-09-06 21:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-09-04 00:10:22 499712 ----a-w- C:\Windows\System32\MSVCP71.DLL
    2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 20:31:09.43 ===============

    ATTACH:::

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/29/2010 12:11:59 AM
    System Uptime: 11/20/2011 8:17:42 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | Rampage III GENE
    Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2660/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 596 GiB total, 211.082 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP270: 11/14/2011 1:07:11 PM - OTL Restore Point - 11/14/2011 1:07:07 PM
    RP271: 11/15/2011 2:21:57 PM - Windows Update
    RP272: 11/17/2011 9:17:01 PM - ComboFix created restore point
    RP273: 11/18/2011 6:25:56 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.3.3
    Age of Empires III
    Age of Empires III - The WarChiefs
    Apple Application Support
    Apple Software Update
    ASUS Wireless Router WL-520GU Utilities
    avast! Free Antivirus
    Brad Smith Easy SFV Creator
    Canon My Printer
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco AnyConnect VPN Client
    Counter-Strike: Condition Zero
    Counter-Strike: Source
    Curse Client
    Day of Defeat: Source
    Diablo II
    Driver Sweeper version 2.7.5
    eReg
    Heroes of Newerth
    Hitman 2: Silent Assassin
    Hitman: Codename 47
    HydraVision
    Java Auto Updater
    Java(TM) 6 Update 26
    Left 4 Dead 2
    Magic: The Gathering - Duels of the Planeswalkers
    Malwarebytes' Anti-Malware version 1.51.2.1300
    marvell 91xx driver
    Mass Effect
    Memoir '44 Online
    MergeModules
    Microsoft .NET Framework 1.1
    Microsoft Default Manager
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XNA Framework Redistributable 3.1
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MotoConnect 1.1.31
    Mozilla Firefox (3.6.24)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nation Red
    NEC Electronics USB 3.0 Host Controller Driver
    Network Addon Mod Version 30 with Essentials r132
    Nexon Game Manager
    NVIDIA PhysX
    Pando Media Booster
    PDF Settings CS5
    Platform
    Portal
    QuickTime
    SC4Mapper
    Shattered Galaxy
    SimCity 4 Deluxe
    Skype Toolbars
    Skype™ 5.3
    StarCraft II
    Steam
    Team Fortress 2
    Ubisoft Game Launcher
    VIA Platform Device Manager
    Windows Media Player Firefox Plugin
    World of Warcraft
    Worms Reloaded
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/20/2011 8:20:39 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
    11/20/2011 8:20:39 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
    11/20/2011 7:40:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/20/2011 6:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    11/20/2011 6:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/20/2011 5:58:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/20/2011 5:58:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/20/2011 5:58:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/20/2011 5:58:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/20/2011 5:58:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/20/2011 5:58:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr sptd Wanarpv6
    11/20/2011 5:57:53 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    11/20/2011 5:51:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.
    11/18/2011 9:37:39 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
    11/18/2011 8:30:02 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    11/18/2011 5:20:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MotoConnect Service service to connect.
    11/18/2011 5:20:56 PM, Error: Service Control Manager [7000] - The MotoConnect Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/18/2011 5:20:49 PM, Error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
    11/18/2011 5:20:24 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/18/2011 5:19:22 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/18/2011 5:19:12 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
    11/18/2011 5:19:00 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    11/18/2011 5:18:56 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
    11/18/2011 5:18:50 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 4000 milliseconds: Restart the service.
    11/18/2011 5:18:48 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    11/18/2011 5:18:47 PM, Error: Service Control Manager [7034] - The ASUS Virtual MFP Service service terminated unexpectedly. It has done this 1 time(s).
    11/18/2011 5:18:47 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    11/18/2011 5:18:47 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/18/2011 5:04:41 PM, Error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: Access is denied.
    11/18/2011 5:02:31 PM, Error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The pipe has been ended.
    11/17/2011 9:50:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/17/2011 11:43:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/17/2011 11:43:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/17/2011 11:43:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/15/2011 1:58:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    11/14/2011 2:02:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    11/13/2011 8:15:18 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/13/2011 2:27:59 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    .
    ==== End Of File ===========================
  19. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Those can be easily recreated.
    Right click on any program, click "Add to Quick Launch".
  20. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    ah, thats annoying. But my background is still black... assuming that it just erased what i had it set to. and the icons on the right of my start bar aren't being hidden anymore. sigh.

    heres the combofix log.

    ComboFix 11-11-20.02 - Logan 11/20/2011 20:45:41.4.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6505 [GMT -6:00]
    Running from: c:\users\Logan\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-21 03:15 . 2011-11-21 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-21 01:48 . 2011-11-21 03:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\offreg.dll
    2011-11-19 00:45 . 2011-11-19 00:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-11-18 12:26 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\mpengine.dll
    2011-11-18 06:34 . 2011-11-18 07:37 -------- d-----w- c:\users\Logan\DoctorWeb
    2011-11-16 05:57 . 2011-11-16 05:57 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\users\Logan\AppData\Roaming\Malwarebytes
    2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-09 21:04 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 21:04 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-09 21:03 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 21:03 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
    2011-11-06 22:03 . 2011-11-06 22:03 -------- d-----w- c:\programdata\Age of Empires 3
    2011-11-06 21:44 . 2006-08-30 22:03 34304 ----a-r- c:\program files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
    2011-11-06 21:37 . 2011-11-09 20:40 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
    2011-11-06 20:11 . 2011-11-06 20:11 -------- d-----w- c:\users\Logan\AppData\Local\WB Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-22 02:24 . 2010-11-15 07:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-10-15 16:08 . 2011-05-18 19:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 17:53 . 2011-10-03 17:53 60416 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-10-03 17:53 . 2011-10-03 17:53 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-10-03 17:53 . 2011-10-03 17:53 51200 ----a-w- c:\windows\system32\OpenCL.dll
    2011-10-03 17:52 . 2011-10-03 17:52 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-10-03 17:52 . 2011-10-03 17:52 16652288 ----a-w- c:\windows\system32\amdocl64.dll
    2011-10-03 17:52 . 2011-10-03 17:52 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-10-03 17:43 . 2011-10-03 17:43 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
    2011-10-03 17:42 . 2011-10-03 17:42 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
    2011-10-03 16:56 . 2011-10-03 16:56 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-10-03 16:24 . 2011-10-03 16:24 24996864 ----a-w- c:\windows\system32\atio6axx.dll
    2011-10-03 16:03 . 2011-10-03 16:03 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-10-03 16:03 . 2011-10-03 16:03 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-10-03 16:03 . 2011-10-03 16:03 18836480 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-10-03 16:02 . 2011-10-03 16:02 862720 ----a-w- c:\windows\system32\aticfx64.dll
    2011-10-03 16:00 . 2011-10-03 16:00 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-10-03 15:59 . 2011-10-03 15:59 486912 ----a-w- c:\windows\system32\atieclxx.exe
    2011-10-03 15:59 . 2011-10-03 15:59 204288 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-10-03 15:58 . 2011-10-03 15:58 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-10-03 15:58 . 2011-10-03 15:58 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-10-03 15:57 . 2011-10-03 15:57 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-10-03 15:57 . 2011-10-03 15:57 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-10-03 15:57 . 2011-10-03 15:57 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2011-10-03 15:57 . 2011-10-03 15:57 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-10-03 15:57 . 2011-10-03 15:57 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-10-03 15:54 . 2011-10-03 15:54 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-10-03 15:49 . 2011-10-03 15:49 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-10-03 15:49 . 2011-10-03 15:49 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-10-03 15:48 . 2011-10-03 15:48 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-10-03 15:46 . 2011-10-03 15:46 4944896 ----a-w- c:\windows\system32\atidxx64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-10-03 15:39 . 2011-10-03 15:39 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-10-03 15:39 . 2011-10-03 15:39 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-10-03 15:39 . 2011-10-03 15:39 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-10-03 15:36 . 2011-10-03 15:36 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-10-03 15:35 . 2011-10-03 15:35 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-10-03 15:30 . 2011-10-03 15:30 5428736 ----a-w- c:\windows\system32\atiumd64.dll
    2011-10-03 15:29 . 2011-10-03 15:29 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-10-03 15:23 . 2011-10-03 15:23 381952 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-10-03 15:23 . 2011-10-03 15:23 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-10-03 15:22 . 2011-10-03 15:22 15360 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-10-03 15:22 . 2011-10-03 15:22 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-10-03 15:22 . 2011-10-03 15:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-10-03 15:21 . 2011-10-03 15:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-10-03 15:21 . 2011-10-03 15:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-10-01 03:21 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-01 02:59 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-09-06 21:45 . 2010-07-29 06:09 41184 ----a-w- c:\windows\avastSS.scr
    2011-09-06 21:45 . 2010-07-29 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-09-06 21:45 . 2011-04-11 21:35 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-06 21:38 . 2011-04-11 21:35 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-06 21:38 . 2010-07-29 06:10 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-06 21:36 . 2010-07-29 06:10 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-06 21:36 . 2010-07-29 06:10 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-06 21:36 . 2010-07-29 06:10 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-09-06 21:36 . 2010-07-29 06:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-04 00:10 . 2003-03-19 08:14 499712 ----a-w- c:\windows\system32\MSVCP71.DLL
    2011-08-27 05:40 . 2011-10-13 19:48 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-27 05:40 . 2011-10-13 19:48 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 04:43 . 2011-10-13 19:48 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:43 . 2011-10-13 19:48 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-14_02.22.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2011-11-21 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-11-21 02:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-14 02:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-21 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-29 05:43 . 2011-11-21 03:19 39992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-11-21 03:19 30550 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-29 20:04 . 2011-11-19 23:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-07-29 20:04 . 2011-11-13 02:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-07-29 20:04 . 2011-11-13 02:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-29 20:04 . 2011-11-19 23:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-11-13 02:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-19 23:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-29 05:15 . 2011-11-21 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-11-09 20:58 . 2011-11-21 02:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2011-11-09 20:58 . 2011-11-14 02:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2011-11-09 20:58 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2011-11-09 20:58 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2011-11-09 20:58 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2011-11-09 20:58 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2010-07-29 05:15 . 2011-11-14 02:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-29 05:15 . 2011-11-21 03:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-29 05:15 . 2011-11-21 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-29 05:15 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-29 05:15 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-29 05:15 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-29 05:15 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-29 05:16 . 2011-11-21 03:19 9414 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3619874440-108817763-147304035-1001_UserData.bin
    - 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-21 03:17 . 2011-11-21 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-21 03:17 . 2011-11-21 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-07-29 23:32 . 2011-11-21 03:09 466156 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    + 2009-07-14 02:36 . 2011-11-21 02:25 623890 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-11-14 00:27 623890 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-11-21 02:25 107522 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-11-14 00:27 107522 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:01 . 2011-11-14 02:19 483772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-11-20 23:49 483772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-08-12 08:08 . 2011-11-21 03:17 1527832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2010-08-12 08:08 . 2011-11-09 08:36 1527832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-08-04 08:11 . 2011-11-20 23:49 7528328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3619874440-108817763-147304035-1001-12288.dat
    - 2010-08-04 08:11 . 2011-11-14 02:19 7528328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3619874440-108817763-147304035-1001-12288.dat
    - 2009-07-14 02:34 . 2011-11-13 18:16 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2011-11-21 02:00 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-14 2426368]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
    "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
    R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2008-07-21 327680]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:a5,75,5b,5a,a5,56,35,a3,dc,c6,bf,73,f8,36,2d,ba,41,51,ab,39,83,6c,0c,
    86,d6,fe,b1,f8,85,1c,27,07,28,d2,98,10,ca,1f,e0,40,26,b5,8b,f5,1a,fc,d4,4e,\
    "??"=hex:67,15,c8,29,8a,0a,10,1a,98,7a,31,a6,67,f4,4d,f8
    .
    [HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\License information*]
    "datasecu"=hex:0e,b7,66,38,00,b8,ed,86,cb,66,a2,d6,2f,a2,78,ad,46,40,c9,5a,99,
    30,e0,c3,64,26,57,60,16,ec,86,3c,b7,61,7a,b3,96,fe,1f,c9,eb,49,65,d2,98,a4,\
    "rkeysecu"=hex:69,f6,b3,00,7a,1a,83,1d,c3,a1,02,9f,7b,fb,b4,8d
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-20 21:37:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-21 03:37
    ComboFix2.txt 2011-11-18 04:16
    ComboFix3.txt 2011-11-14 05:25
    .
    Pre-Run: 227,064,119,296 bytes free
    Post-Run: 232,829,116,416 bytes free
    .
    - - End Of File - - 2B73E90D2EC5469E19627276DDB853DA
  21. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    You should be able to change your background manually.
    Let me know.

    Any visible issues?

    I can see you operate from normal mode now.

    Update MBAM and run full scan in normal mode.
    Post the log.

    When done.....

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • Super should automatically the program definitions. If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Click on "Preferences" button.
    • Click the "Scanning Control" tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
    • Click the "Home" button to leave the control center screen.
    • Back on the main screen checkmark "Complete scan" and click "Scan your computer".
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
  22. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Running the mbam, but i noticed i have an extra drive thats not usually there. E: is "BD-ROM Drive" I only have one DVD drive and thats D: and my external Hard drive is off like normal. Ill post back when mbam is done.
  23. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    New MBAM, nothing found:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8203

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/20/2011 11:16:48 PM
    mbam-log-2011-11-20 (23-16-48).txt

    Scan type: Full scan (C:\|E:\|)
    Objects scanned: 414541
    Time elapsed: 46 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  24. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    Super Antispyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/21/2011 at 00:43 AM

    Application Version : 5.0.1136

    Core Rules Database Version : 7965
    Trace Rules Database Version: 5777

    Scan type : Complete Scan
    Total Scan Time : 01:03:30

    Operating System Information
    Windows 7 Home Premium 64-bit (Build 6.01.7600)
    UAC Off - Administrator

    Memory items scanned : 327
    Memory threats detected : 0
    Registry items scanned : 70687
    Registry threats detected : 0
    File items scanned : 275314
    File threats detected : 2

    Trojan.Agent/Gen-FakeDrop
    C:\PROGRAM FILES (X86)\SC4MAPPER\UNINSTAL.EXE

    Trojan.Agent/Gen-Frauder
    C:\USERS\LOGAN\DESKTOP\GAMES\DOWNLOADS\RAGE UPDATE 1 FOR BLACK BOX\SKIDROW\LAUNCHER.EXE
  25. Solrock

    Solrock TS Rookie Topic Starter Posts: 55

    And i'm still getting redirected. And i still have iexplore.exe running in my processes tab. =[


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.