Redirect virus and IE running in background, please help

Do i need another computer or can i just do all that in safemode?

Uh i don't think file sharing in enabled. I can log into my wifes laptop through the network if i need to though, not sure if thats the same thing. there is a password.

Ok i just ran the mbam and rebooted. my start menu and quick start toolbar is still gone but i can get into my task manager. still have a black background.
Running the rest but
Here's the log for mbam:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8203

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/20/2011 7:43:55 PM
mbam-log-2011-11-20 (19-43-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 416546
Time elapsed: 40 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xHYcClbRyx.exe (Trojan.FakeAlert) -> Value: xHYcClbRyx.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\xhycclbryx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Logan\AppData\Local\Temp\495.2581.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
c:\Users\Logan\AppData\Local\Temp\94EF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

Ok ran unhide twice, once with my antivirus off and my quick start toolbar is still gone, and the items on the left side of my start menu are back but the right side only has "computer"

here's the gmer and DDS logs:

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 20:09:41
Windows 6.1.7600
Running: b82hs1zq.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Counter 6884
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Help 6885
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Counter 6718
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@First Help 6719
Reg HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Object List 6718 6724 6734 6744 6764 6808 6818 6856 6862 6878
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x59 0x65 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCE 0x1C 0xB4 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x49 0xEA 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x7F 0x30 0x10 ...

---- EOF - GMER 1.0.15 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Logan at 20:19:40 on 2011-11-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6848 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindows: Load=C:\Users\Logan\AppData\Local\Temp\{56490~1.EXE
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DA45D596-F0B5-4D91-A250-057ACE743592} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-9 44768]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-6-24 91456]
R2 UsbService;ASUS Virtual MFP Service;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-9-6 327680]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
R3 vuhub;Virtual Usb Hub;C:\Windows\system32\DRIVERS\vuhub.sys --> C:\Windows\system32\DRIVERS\vuhub.sys [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-18 366152]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-21 01:48:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\offreg.dll
2011-11-19 00:45:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-18 12:26:06 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\mpengine.dll
2011-11-18 06:34:27 -------- d-----w- C:\Users\Logan\DoctorWeb
2011-11-18 04:57:30 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-18 03:15:07 -------- d-----w- C:\ComboFix
2011-11-16 05:57:03 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-14 01:41:47 98816 ----a-w- C:\Windows\sed.exe
2011-11-14 01:41:47 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-14 01:41:47 256000 ----a-w- C:\Windows\PEV.exe
2011-11-14 01:41:47 208896 ----a-w- C:\Windows\MBR.exe
2011-11-13 20:22:43 -------- d-----w- C:\Users\Logan\AppData\Roaming\Malwarebytes
2011-11-13 20:22:28 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-09 21:04:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 21:04:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 21:03:53 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 21:03:39 3141120 ----a-w- C:\Windows\System32\win32k.sys
2011-11-06 22:03:36 -------- d-----w- C:\ProgramData\Age of Empires 3
2011-11-06 21:44:07 34304 ----a-r- C:\Program Files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
2011-11-06 21:37:48 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games
2011-11-06 20:11:53 -------- d-----w- C:\Users\Logan\AppData\Local\WB Games
.
==================== Find3M ====================
.
2011-10-22 02:24:07 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-10-15 16:08:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 17:53:20 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-10-03 17:53:16 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-10-03 17:53:00 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-10-03 17:52:56 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-03 17:52:46 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-03 17:52:34 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-10-03 17:43:00 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-10-03 17:42:58 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-10-03 16:56:42 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-03 16:24:38 24996864 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-03 16:03:46 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-03 16:03:36 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-03 16:03:04 18836480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-03 16:02:24 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-03 16:00:04 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-03 15:59:54 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-03 15:59:22 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-03 15:58:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-03 15:58:04 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-03 15:57:58 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-03 15:57:48 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-03 15:57:44 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-03 15:57:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-03 15:57:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-03 15:54:56 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-03 15:49:44 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-03 15:49:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-03 15:48:58 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-03 15:46:12 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-03 15:39:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-03 15:39:50 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-03 15:39:42 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-03 15:39:40 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-03 15:39:28 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-03 15:39:12 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-03 15:36:02 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-03 15:35:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-03 15:30:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-03 15:29:30 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-03 15:23:18 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-03 15:23:10 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-03 15:22:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-03 15:22:54 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-03 15:22:54 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-03 15:22:52 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-03 15:22:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-03 15:22:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-03 15:22:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-03 15:21:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-03 15:21:48 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-03 15:21:42 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-03 15:21:28 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-03 15:21:22 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-03 15:21:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 21:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 21:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 21:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-04 00:10:22 499712 ----a-w- C:\Windows\System32\MSVCP71.DLL
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 20:31:09.43 ===============

ATTACH:::

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/29/2010 12:11:59 AM
System Uptime: 11/20/2011 8:17:42 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Rampage III GENE
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | LGA1366 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 211.082 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP270: 11/14/2011 1:07:11 PM - OTL Restore Point - 11/14/2011 1:07:07 PM
RP271: 11/15/2011 2:21:57 PM - Windows Update
RP272: 11/17/2011 9:17:01 PM - ComboFix created restore point
RP273: 11/18/2011 6:25:56 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.3.3
Age of Empires III
Age of Empires III - The WarChiefs
Apple Application Support
Apple Software Update
ASUS Wireless Router WL-520GU Utilities
avast! Free Antivirus
Brad Smith Easy SFV Creator
Canon My Printer
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco AnyConnect VPN Client
Counter-Strike: Condition Zero
Counter-Strike: Source
Curse Client
Day of Defeat: Source
Diablo II
Driver Sweeper version 2.7.5
eReg
Heroes of Newerth
Hitman 2: Silent Assassin
Hitman: Codename 47
HydraVision
Java Auto Updater
Java(TM) 6 Update 26
Left 4 Dead 2
Magic: The Gathering - Duels of the Planeswalkers
Malwarebytes' Anti-Malware version 1.51.2.1300
marvell 91xx driver
Mass Effect
Memoir '44 Online
MergeModules
Microsoft .NET Framework 1.1
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoConnect 1.1.31
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nation Red
NEC Electronics USB 3.0 Host Controller Driver
Network Addon Mod Version 30 with Essentials r132
Nexon Game Manager
NVIDIA PhysX
Pando Media Booster
PDF Settings CS5
Platform
Portal
QuickTime
SC4Mapper
Shattered Galaxy
SimCity 4 Deluxe
Skype Toolbars
Skype™ 5.3
StarCraft II
Steam
Team Fortress 2
Ubisoft Game Launcher
VIA Platform Device Manager
Windows Media Player Firefox Plugin
World of Warcraft
Worms Reloaded
.
==== Event Viewer Messages From Past Week ========
.
11/20/2011 8:20:39 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/20/2011 8:20:39 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/20/2011 7:40:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2011 6:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
11/20/2011 6:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/20/2011 5:58:35 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2011 5:58:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/20/2011 5:58:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/20/2011 5:58:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/20/2011 5:58:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/20/2011 5:58:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr sptd Wanarpv6
11/20/2011 5:57:53 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/20/2011 5:51:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the vpnagent service.
11/18/2011 9:37:39 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
11/18/2011 8:30:02 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/18/2011 5:20:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MotoConnect Service service to connect.
11/18/2011 5:20:56 PM, Error: Service Control Manager [7000] - The MotoConnect Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2011 5:20:49 PM, Error: Service Control Manager [7031] - The MotoConnect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
11/18/2011 5:20:24 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2011 5:19:22 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2011 5:19:12 PM, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 3 time(s).
11/18/2011 5:19:00 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/18/2011 5:18:56 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
11/18/2011 5:18:50 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 4000 milliseconds: Restart the service.
11/18/2011 5:18:48 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/18/2011 5:18:47 PM, Error: Service Control Manager [7034] - The ASUS Virtual MFP Service service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 5:18:47 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
11/18/2011 5:18:47 PM, Error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/18/2011 5:04:41 PM, Error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: Access is denied.
11/18/2011 5:02:31 PM, Error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The pipe has been ended.
11/17/2011 9:50:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/17/2011 11:43:16 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/17/2011 11:43:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/17/2011 11:43:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2011 11:43:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2011 1:58:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/14/2011 2:02:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
11/13/2011 8:15:18 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
11/13/2011 2:27:59 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
.
==== End Of File ===========================

ah, thats annoying. But my background is still black... assuming that it just erased what i had it set to. and the icons on the right of my start bar aren't being hidden anymore. sigh.

heres the combofix log.

ComboFix 11-11-20.02 - Logan 11/20/2011 20:45:41.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6505 [GMT -6:00]
Running from: c:\users\Logan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 03:15 . 2011-11-21 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 01:48 . 2011-11-21 03:20 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\offreg.dll
2011-11-19 00:45 . 2011-11-19 00:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-18 12:26 . 2011-10-18 07:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{531D81A6-FA29-4CFE-935C-7E29C329968B}\mpengine.dll
2011-11-18 06:34 . 2011-11-18 07:37 -------- d-----w- c:\users\Logan\DoctorWeb
2011-11-16 05:57 . 2011-11-16 05:57 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\users\Logan\AppData\Roaming\Malwarebytes
2011-11-13 20:22 . 2011-11-13 20:22 -------- d-----w- c:\programdata\Malwarebytes
2011-11-09 21:04 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:04 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:03 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:03 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 22:03 . 2011-11-06 22:03 -------- d-----w- c:\programdata\Age of Empires 3
2011-11-06 21:44 . 2006-08-30 22:03 34304 ----a-r- c:\program files (x86)\Microsoft Games\Age of Empires III\SetupENU2.dll
2011-11-06 21:37 . 2011-11-09 20:40 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2011-11-06 20:11 . 2011-11-06 20:11 -------- d-----w- c:\users\Logan\AppData\Local\WB Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 02:24 . 2010-11-15 07:51 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-10-15 16:08 . 2011-05-18 19:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 17:53 . 2011-10-03 17:53 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-10-03 17:53 . 2011-10-03 17:53 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-10-03 17:53 . 2011-10-03 17:53 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-03 17:52 . 2011-10-03 17:52 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-03 17:52 . 2011-10-03 17:52 16652288 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-03 17:52 . 2011-10-03 17:52 13625856 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-03 17:43 . 2011-10-03 17:43 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-10-03 17:42 . 2011-10-03 17:42 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
2011-10-03 16:56 . 2011-10-03 16:56 10203648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-03 16:24 . 2011-10-03 16:24 24996864 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-03 16:03 . 2011-10-03 16:03 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-03 16:03 . 2011-10-03 16:03 732672 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-03 16:03 . 2011-10-03 16:03 18836480 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-03 16:02 . 2011-10-03 16:02 862720 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-03 16:00 . 2011-10-03 16:00 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-03 15:59 . 2011-10-03 15:59 486912 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-03 15:59 . 2011-10-03 15:59 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-03 15:58 . 2011-10-03 15:58 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-03 15:58 . 2011-10-03 15:58 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-03 15:57 . 2011-10-03 15:57 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-03 15:57 . 2011-10-03 15:57 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-03 15:57 . 2011-10-03 15:57 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-03 15:57 . 2011-10-03 15:57 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-03 15:57 . 2011-10-03 15:57 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-03 15:54 . 2011-10-03 15:54 4204032 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-03 15:49 . 2011-10-03 15:49 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-03 15:49 . 2011-10-03 15:49 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-03 15:48 . 2011-10-03 15:48 3888640 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-03 15:46 . 2011-10-03 15:46 4944896 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-03 15:39 . 2011-10-03 15:39 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-03 15:39 . 2011-10-03 15:39 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-03 15:39 . 2011-10-03 15:39 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-03 15:39 . 2011-10-03 15:39 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-03 15:39 . 2011-10-03 15:39 8723456 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-03 15:39 . 2011-10-03 15:39 4064768 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-03 15:36 . 2011-10-03 15:36 7331840 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-03 15:35 . 2011-10-03 15:35 4289024 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-03 15:30 . 2011-10-03 15:30 5428736 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-03 15:29 . 2011-10-03 15:29 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-03 15:23 . 2011-10-03 15:23 381952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-03 15:23 . 2011-10-03 15:23 270336 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-03 15:22 . 2011-10-03 15:22 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-03 15:22 . 2011-10-03 15:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-03 15:22 . 2011-10-03 15:22 310784 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-03 15:22 . 2011-10-03 15:22 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-03 15:21 . 2011-10-03 15:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-03 15:21 . 2011-10-03 15:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-03 15:21 . 2011-10-03 15:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-03 15:21 . 2011-10-03 15:21 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-03 15:21 . 2011-10-03 15:21 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-03 15:21 . 2011-10-03 15:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-01 03:21 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 19:49 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-06 21:45 . 2010-07-29 06:09 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 21:45 . 2010-07-29 06:09 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 21:45 . 2011-04-11 21:35 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 21:38 . 2011-04-11 21:35 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 21:38 . 2010-07-29 06:10 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 21:36 . 2010-07-29 06:10 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 21:36 . 2010-07-29 06:10 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 21:36 . 2010-07-29 06:10 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 21:36 . 2010-07-29 06:10 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-04 00:10 . 2003-03-19 08:14 499712 ----a-w- c:\windows\system32\MSVCP71.DLL
2011-08-27 05:40 . 2011-10-13 19:48 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 05:40 . 2011-10-13 19:48 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 19:48 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-13 19:48 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-14_02.22.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-21 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-11-21 02:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-14 02:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-21 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-14 02:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-29 05:43 . 2011-11-21 03:19 39992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 03:19 30550 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-29 20:04 . 2011-11-19 23:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-29 20:04 . 2011-11-13 02:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-29 20:04 . 2011-11-13 02:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-29 20:04 . 2011-11-19 23:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-13 02:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-19 23:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-29 05:15 . 2011-11-21 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-09 20:58 . 2011-11-21 02:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-09 20:58 . 2011-11-14 02:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-09 20:58 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-09 20:58 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-09 20:58 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-11-09 20:58 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-29 05:15 . 2011-11-21 03:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-29 05:15 . 2011-11-21 03:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-29 05:15 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-07-29 05:15 . 2011-11-21 02:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-07-29 05:15 . 2011-11-14 02:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-29 05:16 . 2011-11-21 03:19 9414 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3619874440-108817763-147304035-1001_UserData.bin
- 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-21 03:17 . 2011-11-21 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-21 03:17 . 2011-11-21 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-14 02:20 . 2011-11-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-07-29 23:32 . 2011-11-21 03:09 466156 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-11-21 02:25 623890 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-14 00:27 623890 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-21 02:25 107522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-14 00:27 107522 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-14 02:19 483772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-20 23:49 483772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-08-12 08:08 . 2011-11-21 03:17 1527832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-08-12 08:08 . 2011-11-09 08:36 1527832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-08-04 08:11 . 2011-11-20 23:49 7528328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3619874440-108817763-147304035-1001-12288.dat
- 2010-08-04 08:11 . 2011-11-14 02:19 7528328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3619874440-108817763-147304035-1001-12288.dat
- 2009-07-14 02:34 . 2011-11-13 18:16 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-21 02:00 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-14 2426368]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 UsbService;ASUS Virtual MFP Service;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2008-07-21 327680]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1609296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\lh6f0s91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a5,75,5b,5a,a5,56,35,a3,dc,c6,bf,73,f8,36,2d,ba,41,51,ab,39,83,6c,0c,
86,d6,fe,b1,f8,85,1c,27,07,28,d2,98,10,ca,1f,e0,40,26,b5,8b,f5,1a,fc,d4,4e,\
"??"=hex:67,15,c8,29,8a,0a,10,1a,98,7a,31,a6,67,f4,4d,f8
.
[HKEY_USERS\S-1-5-21-3619874440-108817763-147304035-1001\Software\SecuROM\License information*]
"datasecu"=hex:0e,b7,66,38,00,b8,ed,86,cb,66,a2,d6,2f,a2,78,ad,46,40,c9,5a,99,
30,e0,c3,64,26,57,60,16,ec,86,3c,b7,61,7a,b3,96,fe,1f,c9,eb,49,65,d2,98,a4,\
"rkeysecu"=hex:69,f6,b3,00,7a,1a,83,1d,c3,a1,02,9f,7b,fb,b4,8d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2011-11-20 21:37:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-21 03:37
ComboFix2.txt 2011-11-18 04:16
ComboFix3.txt 2011-11-14 05:25
.
Pre-Run: 227,064,119,296 bytes free
Post-Run: 232,829,116,416 bytes free
.
- - End Of File - - 2B73E90D2EC5469E19627276DDB853DA

Running the mbam, but i noticed i have an extra drive thats not usually there. E: is "BD-ROM Drive" I only have one DVD drive and thats D: and my external Hard drive is off like normal. Ill post back when mbam is done.

New MBAM, nothing found:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8203

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/20/2011 11:16:48 PM
mbam-log-2011-11-20 (23-16-48).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 414541
Time elapsed: 46 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Super Antispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/21/2011 at 00:43 AM

Application Version : 5.0.1136

Core Rules Database Version : 7965
Trace Rules Database Version: 5777

Scan type : Complete Scan
Total Scan Time : 01:03:30

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 327
Memory threats detected : 0
Registry items scanned : 70687
Registry threats detected : 0
File items scanned : 275314
File threats detected : 2

Trojan.Agent/Gen-FakeDrop
C:\PROGRAM FILES (X86)\SC4MAPPER\UNINSTAL.EXE

Trojan.Agent/Gen-Frauder
C:\USERS\LOGAN\DESKTOP\GAMES\DOWNLOADS\RAGE UPDATE 1 FOR BLACK BOX\SKIDROW\LAUNCHER.EXE

And i'm still getting redirected. And i still have iexplore.exe running in my processes tab. =[

aswMBR log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-21 17:26:05
-----------------------------
17:26:05.573 OS Version: Windows x64 6.1.7600
17:26:05.573 Number of processors: 8 586 0x1A05
17:26:05.573 ComputerName: X UserName:
17:26:07.351 Initialize success
17:26:07.445 AVAST engine defs: 11112101
17:26:50.002 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port4Path0Target0Lun0
17:26:50.002 Disk 0 Vendor: WDC_WD64 05.0 Size: 610480MB BusType: 11
17:26:50.002 Device \Driver\mv91xx -> DriverStartIo SCSIPORT.SYS fffff88000db2bc0
17:26:50.002 Device \Driver\mv91xx -> MajorFunction fffffa8007a6b2c0
17:26:52.030 Disk 0 MBR read successfully
17:26:52.030 Disk 0 MBR scan
17:26:52.045 Disk 0 Windows 7 default MBR code
17:26:52.045 Service scanning
17:26:53.777 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:26:53.808 Service NTACCESS D:\NTACCESS_64.sys **LOCKED** 21
17:26:53.855 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
17:26:53.870 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:26:54.432 Modules scanning
17:26:54.432 Disk 0 trace - called modules:
17:26:54.448 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80085e2334]<<
17:26:54.448 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80085d0060]
17:26:54.463 3 CLASSPNP.SYS[fffff88001b7343f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port4Path0Target0Lun0[0xfffffa8007bc5050]
17:26:54.463 \Driver\mv91xx[0xfffffa8007b86660] -> IRP_MJ_CREATE -> 0xfffffa8007a6b2c0
17:26:56.850 AVAST engine scan C:\Windows
17:27:02.076 AVAST engine scan C:\Windows\system32
17:27:47.690 AVAST engine scan C:\Windows\system32\drivers
17:27:56.270 AVAST engine scan C:\Users\Logan
17:31:47.478 AVAST engine scan C:\ProgramData
17:35:04.351 Scan finished successfully
17:36:30.510 Disk 0 MBR has been saved successfully to "C:\Users\Logan\Desktop\MBR.dat"
17:36:30.510 The log file has been saved successfully to "C:\Users\Logan\Desktop\aswMBR.txt"


Bootkit log:

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

Drive "D" is my physical DVD drive.
clicking on 'my computer' i see C:, D: and E: No idea what the "E" drive is, it says "BD-ROM Drive"