Redirect -- have logs

[forumcall4asst]

I am trying to get rid of whatever is making my searches redirected. So far, I uninstalled firefox and installed google chrome. Below are the logs.

aswMBR version 0.9.4 Copyright© 2011 AVAST Software

Run date: 2011-03-19 20:12:33

-----------------------------

20:12:33.104 OS Version: Windows 6.1.7600

20:12:33.104 Number of processors: 8 586 0x1A05

20:12:33.104 ComputerName: STANDARD-PC UserName: standard

20:12:36.131 Initialize success

20:12:38.081 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:12:38.096 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8

20:12:38.096 Disk 0 MBR read successfully

20:12:38.096 Disk 0 MBR scan

20:12:38.096 Disk 0 scanning sectors +1953517568

20:12:38.128 Disk 0 scanning C:\Windows\system32\drivers

20:12:41.263 Service scanning

20:12:42.355 Disk 0 trace - called modules:

20:12:42.355 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll

20:12:42.371 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x871fc530]

20:12:42.371 3 CLASSPNP.SYS[8bc8559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866d3028]

20:12:42.371 Scan finished successfully

Any suggestions would be appreciated. Thanks

[screen317]

Hi and welcome to Malwarebytes,

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

[forumcall4asst]

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6111

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/20/2011 8:34:51 AM

mbam-log-2011-03-20 (08-34-51).txt

Scan type: Full scan (C:\|)

Objects scanned: 259130

Time elapsed: 21 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS LOGS

C:\Windows\system32\UI0Detect.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\UI0Detect.exe

C:\Users\standard\Downloads\aswMBR (1).exe

C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\AVAST Software\Avast\setup\avast.setup

C:\Users\standard\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Google Update] "c:\users\standard\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-3-14 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-3-14 192728]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-3-14 101976]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-14 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-14 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-14 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-14 42184]

R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-3-14 121000]

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2007-5-25 99248]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-30 79360]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

.

============= FINISH: 8:43:37.75 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/3/2009 5:49:33 PM

System Uptime: 3/19/2011 4:39:07 PM (16 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P6T

Processor: Intel® Core i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 862.951 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP239: 3/20/2011 12:03:21 AM - Scheduled Checkpoint

RP240: 3/20/2011 3:00:15 AM - Windows Update

.

==== Installed Programs ======================

.

.

2007 Microsoft Office system

Activation Assistant for the 2007 Microsoft Office suites

Adams Personal Legal Forms and Agreements CD

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Internet Security

Bonjour

CCleaner

Creative Audio Control Panel

Creative Software AutoUpdate

Creative Sound Blaster Properties

Defraggler

Facebook Plug-In

Furcadia

Google Chrome

iSEEK AnswerWorks English Runtime

iTunes

Java 6 Update 17

Lexmark 1300 Series

MapleStory

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MobileMe Control Panel

Nexon Game Manager

NVIDIA Drivers

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OGA Notifier 2.0.0048.0

Panda Internet Security 2011

QuickTime

Roblox

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shutterfly Express Uploader

Sid Meier's Civilization V

Steam

TurboTax 2009

TurboTax 2009 waziper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2508979)

Windows Media Player Firefox Plugin

Wizard101

WolfQuest

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

3/19/2011 9:30:59 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/19/2011 8:31:08 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/19/2011 8:29:44 AM, Error: Service Control Manager [7030] - The LogMeIn Rescue (5c82b248-da45-4d3c-a904-78deb1961380) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/19/2011 4:39:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdcCATSCustConnectService service to connect.

3/19/2011 4:39:29 PM, Error: Service Control Manager [7000] - The lxdcCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/19/2011 4:38:13 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.

3/19/2011 3:48:52 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

3/19/2011 3:48:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xa4f3384c, 0x00000000, 0x83a3cce0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031911-26956-01.

3/19/2011 3:43:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/19/2011 12:39:35 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/18/2011 6:09:33 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/18/2011 6:07:45 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/18/2011 6:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/18/2011 6:07:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/18/2011 6:07:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/18/2011 6:07:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/18/2011 6:07:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6

3/18/2011 6:07:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

3/18/2011 6:07:31 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/18/2011 6:07:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffff6f, 0x00000000, 0x83a6bab4, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031811-22854-01.

3/18/2011 6:07:28 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

3/18/2011 5:14:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

3/18/2011 5:14:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

3/18/2011 5:13:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/18/2011 5:12:21 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

3/16/2011 7:32:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

3/16/2011 7:32:09 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 2:32:42 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

3/16/2011 2:32:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

3/16/2011 2:12:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

3/16/2011 12:09:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

3/16/2011 12:09:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

3/16/2011 11:28:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CertPropSvc service.

3/16/2011 11:28:50 AM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:28:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

3/16/2011 11:28:20 AM, Error: Service Control Manager [7000] - The Extensible Authentication Protocol service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:27:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.

3/16/2011 11:27:50 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:27:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

3/16/2011 11:27:20 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:26:50 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:26:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.

3/16/2011 11:26:20 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:25:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

3/16/2011 11:25:20 AM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:23:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.

3/16/2011 11:23:00 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:22:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

3/16/2011 11:22:30 AM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:22:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.

3/16/2011 11:22:00 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:21:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.

3/16/2011 11:21:30 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:21:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SessionEnv service.

3/16/2011 11:21:00 AM, Error: Service Control Manager [7000] - The Remote Desktop Configuration service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/16/2011 11:18:38 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/16/2011 1:46:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/15/2011 6:26:55 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The system cannot find the path specified.

3/15/2011 2:22:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/15/2011 1:14:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

3/15/2011 1:14:14 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/15/2011 1:09:22 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/14/2011 8:53:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x821023e1, 0x8bd97b50, 0x8bd97730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-20529-01.

3/14/2011 8:22:45 PM, Error: Service Control Manager [7030] - The LogMeIn Rescue (0b68c1be-1e52-4769-8001-81e67dba988a) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/14/2011 7:29:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

3/14/2011 7:28:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0x80e7f9f4, 0x00000000, 0x8aa48ce0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-19203-01.

3/14/2011 7:14:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8aa73ab4, 0x8be1bb70, 0x8be1b750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-18470-01.

3/14/2011 7:08:28 PM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/14/2011 7:04:55 PM, Error: Service Control Manager [7001] - The WLAN AutoConfig service depends on the Extensible Authentication Protocol service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

3/14/2011 7:04:25 PM, Error: Service Control Manager [7022] - The User Profile Service service hung on starting.

3/14/2011 6:36:05 PM, Error: Service Control Manager [7030] - The LogMeIn Rescue (470d587c-d2ca-4ae1-9c60-cb4c4c81c843) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/14/2011 5:58:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x86ec9250, 0x86ec93bc, 0x822400e0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-17706-01.

3/14/2011 4:51:59 PM, Error: Service Control Manager [7030] - The LogMeIn Rescue (523b942e-d652-4cb1-bf38-15b372ac9e4b) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/14/2011 4:41:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8aa78ad3, 0x8d81bb70, 0x8d81b750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-22791-01.

3/14/2011 3:43:59 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

3/14/2011 3:32:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8aa55ad3, 0x8d81fb70, 0x8d81f750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031411-19936-01.

3/14/2011 2:08:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.

3/14/2011 2:08:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.

3/14/2011 2:08:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0xc00d36b0'. If possible, reinstall Windows Media Player.

3/14/2011 2:08:16 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The system cannot find the file specified.

3/14/2011 2:06:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswFW aswSnx aswTdi spldr

3/14/2011 2:05:58 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

3/14/2011 2:05:58 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.

.

==== End Of File ===========================

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[forumcall4asst]

ComboFix 11-03-19.06 - standard 03/21/2011 8:14.1.8 - x86

Here is the ComboFix Log. I also ran the WINDOWS scan they had on the website (have that log in case you want me to post it). DDS log is after the ComboFix Log. Thanks

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1733 [GMT -7:00]

Running from: c:\users\standard\Downloads\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Drop Down Deals

c:\program files\Drop Down Deals\YontooIEClient.dll

c:\program files\OfferBox

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}

c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\chrome.manifest

c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\chrome\content\_cfg.js

c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\chrome\content\overlay.xul

c:\users\standard\AppData\Local\{6105902F-EF52-4458-B1F1-BAB9585D3CF0}\install.rdf

c:\users\standard\AppData\Roaming\OfferBox

c:\users\standard\AppData\Roaming\OfferBox\config.dat

c:\users\standard\AppData\Roaming\OfferBox\config.xml

c:\users\standard\Documents\reg.reg

.

.

((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))

.

.

2011-03-21 15:02 . 2011-03-21 15:02 -------- d-----w- c:\users\standard\AppData\Roaming\Uniblue

2011-03-21 15:02 . 2011-03-21 15:02 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-03-21 15:01 . 2011-03-21 15:01 -------- d-----w- c:\program files\Uniblue

2011-03-21 15:01 . 2011-03-21 15:01 -------- d-----w- c:\users\standard\AppData\Local\PackageAware

2011-03-21 02:05 . 2011-03-21 02:05 -------- d-----w- c:\program files\Lexmark 1300 Series

2011-03-21 02:05 . 2007-05-17 21:09 286720 ----a-w- c:\windows\system32\LXDCinst.dll

2011-03-21 02:05 . 2007-05-17 20:54 323584 ----a-w- c:\windows\system32\LXDChcp.dll

2011-03-21 01:51 . 2011-03-21 01:51 -------- d-----w- c:\windows\system32\SPReview

2011-03-21 01:50 . 2011-03-21 01:50 -------- d-----w- c:\windows\system32\EventProviders

2011-03-21 01:41 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-03-21 01:41 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-21 01:41 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-21 01:34 . 2007-01-18 13:18 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdcdrpp.dll

2011-03-21 01:14 . 2011-03-21 01:14 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-03-21 01:03 . 2011-03-21 01:03 27676 ----a-w- c:\programdata\SPL8610.tmp

2011-03-21 00:54 . 2011-03-21 00:54 27676 ----a-w- c:\programdata\SPLEBC4.tmp

2011-03-21 00:30 . 2011-03-21 00:30 -------- d-----w- c:\users\standard\AppData\Local\Adobe

2011-03-20 01:40 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll

2011-03-20 01:40 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-20 01:40 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-20 01:40 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-20 01:40 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-03-20 01:40 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-03-19 23:39 . 2011-03-19 23:39 3947965 ----a-w- c:\programdata\SPL7770.tmp

2011-03-19 22:48 . 2011-03-19 22:48 3947965 ----a-w- c:\programdata\SPL9DF3.tmp

2011-03-19 22:46 . 2011-03-19 22:46 9723731 ----a-w- c:\programdata\SPL4989.tmp

2011-03-19 10:44 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28340A80-2633-4A47-A4B3-A5D9A0E3053C}\mpengine.dll

2011-03-15 03:56 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-03-15 03:56 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-03-15 03:56 . 2011-02-23 14:57 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-03-15 03:56 . 2011-02-23 14:56 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-03-15 03:56 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-03-15 03:56 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-15 03:56 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-03-15 03:56 . 2011-02-23 14:55 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-03-15 03:55 . 2011-02-23 13:34 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-03-15 03:55 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe

2011-03-15 03:55 . 2011-03-15 03:55 -------- d-----w- c:\programdata\AVAST Software

2011-03-15 03:55 . 2011-03-15 03:55 -------- d-----w- c:\program files\AVAST Software

2011-03-15 03:22 . 2011-03-16 13:47 -------- d-----w- c:\windows\LMI8EC8.tmp

2011-03-15 02:24 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-15 02:24 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-15 01:36 . 2011-03-15 03:58 -------- d-----w- c:\windows\LMI42D9.tmp

2011-03-14 20:56 . 2011-03-14 20:56 -------- d-----w- C:\$WINDOWS.~BT

2011-03-10 14:17 . 2011-03-10 14:17 1279660 ----a-w- c:\programdata\SPL9125.tmp

2011-03-10 05:30 . 2011-03-10 05:31 -------- d-----w- c:\program files\iTunes

2011-03-10 05:30 . 2011-03-10 05:30 -------- d-----w- c:\program files\iPod

2011-03-10 05:21 . 2011-03-10 05:21 -------- d-----w- c:\program files\Bonjour

2011-03-08 05:25 . 2011-03-08 05:25 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer

2011-03-06 19:36 . 2011-03-06 19:36 -------- d-----w- c:\program files\Yontoo Layers Client

2011-02-23 10:00 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-22 23:19 . 2011-01-07 07:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-22 23:19 . 2011-01-07 07:31 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-19 23:35 . 2011-03-06 16:50 0 ----a-w- c:\users\standard\AppData\Local\Okenuyod.bin

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-23 15:04 . 2010-12-27 22:04 40648 ----a-w- c:\windows\avastSS.scr

2011-02-03 05:45 . 2011-02-09 01:39 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-03 00:11 . 2009-10-30 18:58 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-07 22:56 . 2011-01-07 22:56 40800 ----a-w- c:\windows\system32\drivers\point32.sys

2011-01-07 22:56 . 2011-01-07 22:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2011-01-07 07:27 . 2011-02-09 01:39 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33 . 2011-02-09 01:39 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37 . 2011-02-09 01:39 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37 . 2011-02-09 01:39 2329088 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\users\standard\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-03-20 136176]

"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-28 14848]

"P17Helper"="SPIRun.dll" [2006-07-03 10752]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2010-09-22 07:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 22:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-11-20 00:38 1242448 ----a-w- c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-12-19 04:53 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]

2007-03-01 00:50 180224 ------w- c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-30 79360]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1343400]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-02-23 12112]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-02-23 121000]

S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 537520]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875254957-3642004176-2087085084-1000Core.job

- c:\users\standard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 02:17]

.

2011-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3875254957-3642004176-2087085084-1000UA.job

- c:\users\standard\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 02:17]

.

2011-03-21 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Drop Down Deals\YontooIEClient.dll

MSConfigStartUp-lxdcamon - c:\program files\Lexmark 1300 Series\lxdcamon.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-03-21 08:20:02

ComboFix-quarantined-files.txt 2011-03-21 15:20

.

Pre-Run: 925,946,929,152 bytes free

Post-Run: 925,894,725,632 bytes free

.

- - End Of File - - 3C7C441F62592BF9A7033ED3D031B8EE

Here is the DDS log

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by standard at 8:22:42.28 on Mon 03/21/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3062.1675 [GMT -7:00]

.

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\lxdccoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\mmc.exe

C:\Windows\System32\spoolsv.exe

C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

C:\Users\standard\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\standard\Downloads\dds (2).scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [Google Update] "c:\users\standard\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-3-14 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-3-14 192728]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-3-14 101976]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-14 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-14 301528]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-14 19544]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-14 53592]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-14 42184]

R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-3-14 121000]

R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-30 79360]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]

.

=============== Created Last 30 ================

.

2011-03-21 15:20:06 -------- d-sh--w- C:\$RECYCLE.BIN

2011-03-21 15:14:45 -------- d-----w- c:\users\standard\appdata\local\Apple

2011-03-21 15:13:34 98816 ----a-w- c:\windows\sed.exe

2011-03-21 15:13:34 89088 ----a-w- c:\windows\MBR.exe

2011-03-21 15:13:34 256512 ----a-w- c:\windows\PEV.exe

2011-03-21 15:13:34 161792 ----a-w- c:\windows\SWREG.exe

2011-03-21 15:02:04 -------- d-----w- c:\users\standard\appdata\roaming\Uniblue

2011-03-21 15:02:00 -------- dc-h--w- c:\progra~2\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-03-21 15:01:59 -------- d-----w- c:\program files\Uniblue

2011-03-21 15:01:36 -------- d-----w- c:\users\standard\appdata\local\PackageAware

2011-03-21 02:05:44 323584 ----a-w- c:\windows\system32\LXDChcp.dll

2011-03-21 02:05:44 286720 ----a-w- c:\windows\system32\LXDCinst.dll

2011-03-21 02:05:44 -------- d-----w- c:\program files\Lexmark 1300 Series

2011-03-21 01:51:05 -------- d-----w- c:\windows\system32\SPReview

2011-03-21 01:50:39 -------- d-----w- c:\windows\system32\EventProviders

2011-03-21 01:41:46 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-03-21 01:41:46 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-03-21 01:41:46 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-21 01:34:34 103936 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxdcdrpp.dll

2011-03-21 01:14:33 -------- d-----w- c:\program files\Microsoft IntelliPoint

2011-03-21 01:03:55 27676 ----a-w- c:\progra~2\SPL8610.tmp

2011-03-21 00:54:51 27676 ----a-w- c:\progra~2\SPLEBC4.tmp

2011-03-21 00:30:40 -------- d-----w- c:\users\standard\appdata\local\Adobe

2011-03-20 01:40:04 850432 ----a-w- c:\windows\system32\sbe.dll

2011-03-20 01:40:04 642048 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-20 01:40:04 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-03-20 01:40:04 2690560 ----a-w- c:\windows\system32\mstscax.dll

2011-03-20 01:40:04 199680 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-20 01:40:03 1034240 ----a-w- c:\windows\system32\mstsc.exe

2011-03-19 23:39:34 3947965 ----a-w- c:\progra~2\SPL7770.tmp

2011-03-19 22:48:48 3947965 ----a-w- c:\progra~2\SPL9DF3.tmp

2011-03-19 22:46:28 9723731 ----a-w- c:\progra~2\SPL4989.tmp

2011-03-19 10:44:27 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{28340a80-2633-4a47-a4b3-a5d9a0e3053c}\mpengine.dll

2011-03-15 03:56:18 101976 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-03-15 03:56:05 192728 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-03-15 03:56:04 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-03-15 03:56:04 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-15 03:55:42 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-03-15 03:55:34 -------- d-----w- c:\program files\AVAST Software

2011-03-15 03:55:34 -------- d-----w- c:\progra~2\AVAST Software

2011-03-15 03:22:44 -------- d-----w- c:\windows\LMI8EC8.tmp

2011-03-15 02:24:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-03-15 02:24:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-15 01:36:03 -------- d-----w- c:\windows\LMI42D9.tmp

2011-03-14 20:56:09 -------- d-----w- C:\$WINDOWS.~BT

2011-03-10 14:17:05 1279660 ----a-w- c:\progra~2\SPL9125.tmp

2011-03-10 05:30:39 -------- d-----w- c:\program files\iTunes

2011-03-10 05:30:39 -------- d-----w- c:\program files\iPod

2011-03-10 05:21:12 -------- d-----w- c:\program files\Bonjour

2011-03-06 19:36:48 -------- d-----w- c:\program files\Yontoo Layers Client

2011-02-23 10:00:27 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-22 23:19:12 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-22 23:19:12 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-19 23:35:46 0 ----a-w- c:\users\standard\appdata\local\Okenuyod.bin

.

==================== Find3M ====================

.

2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr

2011-02-03 00:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-01-07 22:56:12 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 8:22:55.36 ===============

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[forumcall4asst]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=c670697067ec2a47b89647e2f44a5b95

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-03-24 11:35:06

# local_time=2011-03-24 04:35:06 (-0700, US Mountain Standard Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=768 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 52552305 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=138968

# found=3

# cleaned=3

# scan_time=2192

C:\Users\standard\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003d5 Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\standard\Downloads\registrybooster (1).exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\standard\Downloads\registrybooster.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

Security Check Log

Results of screen317's Security Check version 0.99.10

Windows 7 Service Pack 1 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Internet Security

Panda Internet Security 2011

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

CCleaner

Java 6 Update 17

Out of date Java installed!

Adobe Flash Player 10.2.152.32

Adobe Reader 9.4.1

Out of date Adobe Reader installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast afwServ.exe

AVAST Software Avast AvastUI.exe

``````````End of Log````````````

Thanks

[screen317]

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Java

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!