1.

Solve : Malware issue (logs here)?

Answer»

I accidentally clicked on some stupid link and have had a fun few hours, I can only use my computer if I consistantly close iexplorer that is being run in the background every minute or so. In short the malware removed by desktop, blocked task manager and cleared all menus on my computer.  I could not update java, so if that matters I apologize.  This will be the second time you guys help me, thank you in advance I really appreciate your programs/knowledge!

here is what you want:

SAS log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/28/2011 at 01:24 AM

Application Version : 5.0.1134

CORE Rules Database Version : 7863
Trace Rules Database Version: 5675

Scan type       : Complete Scan
Total Scan Time : 00:55:20

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned      : 400
Memory threats detected   : 0
Registry items scanned    : 72073
Registry threats detected : 0
File items scanned        : 313939
File threats detected     : 1

Adware.Tracking Cookie
   C:\USERS\DAVID CRAWFORD\APPDATA\ROAMING\MICROSOFT\
WINDOWS\COOKIES\LOW\[email protected][1].TXT [ /BURSTNET ]

Malwarebits
Database version: 8033

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

10/28/2011 1:26:26 AM
mbam-log-2011-10-28 (01-26-26).txt

Scan type: Quick scan
Objects scanned: 198917
Time elapsed: 1 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\
bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?
Ext=%s) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS1

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 1.6.0_27
Run by David Crawford at 1:33:29 on 2011-10-28
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.6135.4445 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\wscript.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=15179&l=dis
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4920F6E6-8FA3-454D-B1E3-C581542EF00E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4920F6E6-8FA3-454D-B1E3-C581542EF00E}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{657A4658-9B4B-42D3-A345-13D5A0769465} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{657A4658-9B4B-42D3-A345-13D5A0769465}\D69777962756C6563737 : DhcpNameServer = 207.164.234.193 67.69.184.135
TCP: Interfaces\{83C22A46-0A97-41D9-A178-1900485BAD99} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{964FC7CA-B89A-4F97-AA74-20E774E1F858} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BFF99BDE-572E-4784-AE37-2F49C0B3B569} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C59FF3F6-F7F6-4FE6-9A95-B149BA3742EE} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C59FF3F6-F7F6-4FE6-9A95-B149BA3742EE}\4656661657C647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C59FF3F6-F7F6-4FE6-9A95-B149BA3742EE}\D69777962756C6563737 : DhcpNameServer = 207.164.234.193 67.69.184.135
TCP: Interfaces\{C5CA6EF3-4BE2-4EF5-84A4-E8FD185F2152} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\extensions\{942cd1d4-9cc1-4d31-876a-ea8f489f7a59}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\David Crawford\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-20 92160]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-10-27 44768]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-11-20 656624]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\system32\DRIVERS\vcd10bus.sys --> C:\Windows\system32\DRIVERS\vcd10bus.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-1-17 24635]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S4 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-2-1 65536]
S4 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
.
=============== Created Last 30 ================
.
2011-10-28 05:30:47   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D21EDB31-CD3E-4158-B096-B0FC27C48E0F}\offreg.dll
2011-10-28 04:00:27   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-10-28 04:00:24   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-28 03:58:37   --------   d-----w-   C:\Users\David Crawford\AppData\Roaming\SUPERAntiSpyware.com
2011-10-28 03:58:16   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2011-10-28 03:58:16   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-10-28 03:55:16   65368   ----a-w-   C:\Windows\System32\drivers\aswMonFlt.sys
2011-10-28 03:55:16   601944   ----a-w-   C:\Windows\System32\drivers\aswSnx.sys
2011-10-28 03:55:11   41184   ----a-w-   C:\Windows\avastSS.scr
2011-10-28 03:55:06   --------   d-----w-   C:\ProgramData\AVAST Software
2011-10-28 03:55:06   --------   d-----w-   C:\Program Files\AVAST Software
2011-10-28 03:47:22   9049936   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D21EDB31-CD3E-4158-B096-B0FC27C48E0F}\mpengine.dll
2011-10-07 18:43:45   --------   d-----w-   C:\Users\David Crawford\AppData\Roaming\Research In Motion
2011-10-07 18:41:28   31744   ----a-w-   C:\Windows\System32\drivers\RimSerial_AMD64.sys
2011-10-07 18:41:14   --------   d-----w-   C:\ProgramData\Research In Motion
2011-10-07 18:41:06   --------   d-----w-   C:\Program Files (x86)\Research In Motion
2011-10-07 18:41:06   --------   d-----w-   C:\Program Files (x86)\Common Files\Research In Motion
.
==================== Find3M  ====================
.
2011-10-05 10:39:53   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:21:20   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-09-26 22:39:04   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2011-09-17 17:42:53   627600   ----a-w-   C:\Windows\System32\deployJava1.dll
2011-09-06 03:07:02   3134976   ----a-w-   C:\Windows\System32\win32k.sys
2011-08-31 21:00:50   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-08-27 05:40:28   861184   ----a-w-   C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28   331776   ----a-w-   C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07   571904   ----a-w-   C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06   233472   ----a-w-   C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:45:20   1197568   ----a-w-   C:\Windows\System32\wininet.dll
2011-08-20 05:41:16   57856   ----a-w-   C:\Windows\System32\licmgr10.dll
2011-08-20 04:38:10   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-08-20 04:35:20   44544   ----a-w-   C:\Windows\SysWow64\licmgr10.dll
2011-08-20 04:20:23   482816   ----a-w-   C:\Windows\System32\html.iec
2011-08-20 03:26:38   386048   ----a-w-   C:\Windows\SysWow64\html.iec
2011-08-17 05:32:24   613888   ----a-w-   C:\Windows\System32\psisdecd.dll
2011-08-17 05:27:46   75776   ----a-w-   C:\Windows\System32\MSDvbNP.ax
2011-08-17 05:27:46   288256   ----a-w-   C:\Windows\System32\MSNP.ax
2011-08-17 05:27:46   108032   ----a-w-   C:\Windows\System32\psisrndr.ax
2011-08-17 05:27:46   104960   ----a-w-   C:\Windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02   465408   ----a-w-   C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23   75776   ----a-w-   C:\Windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23   72704   ----a-w-   C:\Windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23   59904   ----a-w-   C:\Windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23   204288   ----a-w-   C:\Windows\SysWow64\MSNP.ax
.
============= FINISH:  1:43:20.26 ===============

dds2
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2009 1:21:38 AM
System Uptime: 10/28/2011 1:27:32 AM (0 hours ago)
.
Motherboard: DELL Inc. |  | 0X501H
Processor: Intel(R) Core(TM) i7 CPU         920  2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 750.259 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
X: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP367: 10/7/2011 5:37:22 PM - Windows Update
RP368: 10/11/2011 11:08:06 AM - Windows Update
RP369: 10/12/2011 10:27:27 AM - Windows Update
RP370: 10/13/2011 2:24:49 AM - Windows Update
RP371: 10/14/2011 10:42:02 AM - Windows Update
RP372: 10/18/2011 11:56:05 AM - Windows Update
RP373: 10/21/2011 11:37:33 AM - Windows Update
RP374: 10/25/2011 10:07:12 AM - Windows Update
RP375: 10/26/2011 4:16:27 PM - Windows Update
RP376: 10/27/2011 11:28:08 PM - Windows Update
RP377: 10/27/2011 11:29:16 PM - Windows Update
RP378: 10/28/2011 1:35:43 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Media Encoder 2.5
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
Adobe Shockwave Player 11.5
ATMA V 5.05
µTorrent
avast! Free Antivirus
BlackBerry Desktop Software 6.1
CCleaner
Compatibility Pack for the 2007 Office system
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell Support Center (Support Software)
Diablo II
DirectXInstallService
EMC 10 Content
GoToAssist 8.0.0.514
Hero Editor V0.96
Hero Editor V0.96 (C:\Program Files (x86)\Hero Editor\diablo II\hero editor\)
Java Auto Updater
Java(TM) 6 Update 27
Junk Mail filter update
K-Lite Mega Codec Pack 5.4.4
KingAgnostic's Minecraft 1.1.2_01
League of Legends
Left 4 Dead 2
Livestream Procaster
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
mIRC
Mozilla Firefox 7.0.1 (x86 en-US)
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA PhysX
OpenOffice.org 3.1
PokerStars
PokerStrategy.com Elephant
Portforward Static IP Address 1.0.45
PostgreSQL 8.3
PowerDVD DX
PremiumSoft Navicat Premium 8.2
Realtek High Definition Audio Driver
Remere's Map Editor
Roxio Activation Module
Roxio BackOnTrack
Roxio CENTRAL Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype™ 5.1
Sonic CinePlayer Decoder Pack
SplitMediaLabs VH Screen Capture Driver (x86)
StarCraft II
Steam
Team Fortress 2
TeamSpeak 3 Client
Tibia
Tibia MULTI-ip changer
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Vegas Pro 9.0
Ventrilo Client
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinPcap 4.1.1
XAMPP 1.6.6a
XSplit
.
==== Event Viewer Messages From Past Week ========
.
10/28/2011 1:35:44 AM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
10/28/2011 1:28:54 AM, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: [email protected]
10/28/2011 1:28:40 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter
10/28/2011 1:28:35 AM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
10/27/2011 11:54:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/27/2011 11:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/27/2011 11:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/27/2011 11:45:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/27/2011 11:45:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/27/2011 11:45:21 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:45:16 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache RxFilter spldr sptd Wanarpv6
10/27/2011 11:44:56 PM, Error: sptd [4]  - Driver detected an internal error in its data structures for .
10/27/2011 11:43:12 PM, Error: Service Control Manager [7034]  - The PostgreSQL Database Server 8.3 service terminated unexpectedly.  It has done this 1 time(s).
10/27/2011 11:32:27 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/27/2011 11:31:21 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:31:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/27/2011 11:31:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/27/2011 11:30:52 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NETBIOS NetBT nsiproxy Psched rdbss RxFilter spldr sptd tdx vwififlt Wanarpv6 WfpLwf
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:30:52 PM, Error: Service Control Manager [7001]  - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/27/2011 11:28:46 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
10/27/2011 11:28:42 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================

I havent restored to my old settings yet, and when I search something on google, whatever link I pick gets hijacked still.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Combofix log:

I hope I didnt do anything bad, but iexplorer was at about 450 mbs while it wrote logs and I ended it under the assumption that combofix wasnt the one using it..  I have no problem re-running the program if that could have affected the results.

My searches are still hijacked.

ComboFix 11-10-28.04 - David Crawford 10/28/2011  11:40:59.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.6135.4377 [GMT -4:00]
Running from: c:\users\David Crawford\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\David Crawford\AppData\Roaming\Minecraft.exe
c:\users\David Crawford\AppData\Roaming\Uninstal.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-28 to 2011-10-28  )))))))))))))))))))))))))))))))
.
.
2011-10-28 16:18 . 2011-10-28 16:18   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCBA32D9-AC22-4A4F-9AA3-EB763402364A}\offreg.dll
2011-10-28 16:13 . 2011-10-28 16:13   --------   d-----w-   c:\users\elephant\AppData\Local\temp
2011-10-28 16:13 . 2011-10-28 16:13   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-10-28 05:36 . 2011-10-18 06:27   8570192   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCBA32D9-AC22-4A4F-9AA3-EB763402364A}\mpengine.dll
2011-10-28 05:35 . 2011-08-15 05:08   6144   ----a-w-   c:\program files\Internet Explorer\iecompat.dll
2011-10-28 05:35 . 2011-08-15 04:25   6144   ----a-w-   c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-28 04:00 . 2011-10-28 04:00   --------   d-----w-   c:\programdata\Malwarebytes
2011-10-28 04:00 . 2011-10-28 04:00   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-28 03:58 . 2011-10-28 03:58   --------   d-----w-   c:\users\David Crawford\AppData\Roaming\SUPERAntiSpyware.com
2011-10-28 03:58 . 2011-10-28 03:58   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-28 03:58 . 2011-10-28 03:58   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-10-28 03:55 . 2011-09-06 20:45   254400   ----a-w-   c:\windows\system32\aswBoot.exe
2011-10-28 03:55 . 2011-10-28 15:30   --------   d-----w-   c:\programdata\AVAST Software
2011-10-28 03:55 . 2011-10-28 03:55   --------   d-----w-   c:\program files\AVAST Software
2011-10-07 18:43 . 2011-10-28 03:38   --------   d-----w-   c:\users\David Crawford\AppData\Roaming\Research In Motion
2011-10-07 18:41 . 2009-01-09 20:02   31744   ----a-w-   c:\windows\system32\drivers\RimSerial_AMD64.sys
2011-10-07 18:41 . 2011-10-07 18:41   --------   d-----w-   c:\programdata\Research In Motion
2011-10-07 18:41 . 2011-10-28 03:40   --------   d-----w-   c:\program files (x86)\Common Files\Research In Motion
2011-10-07 18:41 . 2011-10-07 18:41   --------   d-----w-   c:\program files (x86)\Research In Motion
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-05 10:39 . 2011-05-29 16:04   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-26 22:39 . 2010-05-02 17:04   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-09-17 17:42 . 2011-09-17 17:43   627600   ----a-w-   c:\windows\system32\deployJava1.dll
2011-08-31 21:00 . 2009-12-18 19:18   25416   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-10 17:48 . 2011-08-10 17:48   375   ----a-w-   c:\users\David Crawford\AppData\Local\postgresinstall.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 5500800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe


R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 X6va001;X6va001;c:\users\DAVIDC~1\AppData\Local\Temp\0019F35.tmp

R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-17 24635]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R4 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=15179&l=dis
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\David Crawford\AppData\Roaming\Mozilla\Firefox\Profiles\w41bhm11.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-KingAgnostic's Minecraft 1.1.2_01 - c:\users\David Crawford\AppData\Roaming\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\DAVIDC~1\AppData\Local\Temp\0019F35.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1420202529-2994384463-3620377272-1000\Software\SecuROM\License information*]
"datasecu"=hex:ab,c1,18,de,39,40,5d,ca,5c,da,52,8e,98,99,1a,67,5a,1b,66,15,97,
   13,8e,64,16,8a,5e,3f,e3,be,50,3f,cb,3d,6e,ae,6d,c5,65,75,b7,2b,0a,15,fd,a1,\
"rkeysecu"=hex:25,4f,b3,cc,e4,e2,cb,56,0d,50,05,5e,1b,f7,d9,c6
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Denied: (A 2) (Everyone)
="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
c:\program files (x86)\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Completion time: 2011-10-28  12:37:26 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-28 16:37
.
Pre-Run: 806,115,491,840 bytes free
Post-Run: 805,085,458,432 bytes free
.
- - End Of File - - AAE2156689C8FB6ED407442E9F018477Log should be fine.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7434ac6c61704f42b7b1f9b2749fb2da
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-30 06:13:57
# local_time=2011-10-30 02:13:57 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 71495178 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=268024
# found=4
# cleaned=4
# scan_time=3508
C:\Users\David Crawford\Desktop\Games\Cipsoft Project 0.3.5\Crying Damson.exe   a variant of Win32/GameServer.AA application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\David Crawford\Desktop\Games\Cipsoft Project 0.3.5\OT\The Forgotten Server v0.2.7 MYSTIC Spirit console\The Forgotten Server.exe   a variant of Win32/GameServer.AA application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Users\David Crawford\Desktop\Games\Cipsoft Project 0.3.5\OT\The Forgotten Server v0.2.7 Mystic Spirit GUI\The Forgotten Server.exe   a variant of Win32/GameServer.AA application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Windows\InternetExplorer.exe   probably a variant of Win32/Autorun.KYOHRBW worm (cleaned by deleting - quarantined)   00000000000000000000000000000000   C


Havent checked to see if the problem is resolved, I will update tomorrow if necessary.  Thank you for all the help so far, especially considering it was over the weekend!Update me on how it is running...It seems there is still something on my computer.

I let iexplorer run itself to about 350 mb's and then it caused an error and a few popups came up.

One mentioned a file with what looked like a virus name, and another mentioned something about creating something and access denied.

The virus was in a "temp" folder, though I couldnt find it manually.Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.

If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
I can not access your link directly, and the text was already purple before I clicked on it.

I googled the link location and accessed the ftp server or whatever that was and am downloading this:"http://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe" file at 30 kb/s.

If you know a better place to download this file from I would appreciate it.The report came up with nothing.

Quote
dds.scr;C:\Documents and Settings\David Crawford\Desktop;Trojan.MulDrop3.6866;;
dds.scr;C:\Documents and Settings\David Crawford\DoctorWeb\Quarantine;Trojan.MulDrop3.6866;Incurable.Moved.;
dds.scr;C:\Users\David Crawford\Desktop;Trojan.MulDrop3.6866;;
If this has any impact, the negative effects of it now are the constant running of IE in the background, searches being hijacked (and generally to blinkx.com), IE windows opening on my screen, and ads playing in the background.

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review
Quote
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 11:40:33
-----------------------------
11:40:33.032    OS Version: Windows x64 6.1.7600
11:40:33.032    Number of processors: 8 586 0x1A05
11:40:33.032    ComputerName: DAVE  UserName:
11:40:35.032    Initialize success
11:41:51.612    AVAST engine defs: 11110102
11:42:13.542    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:42:13.552    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 3
11:42:13.552    Disk 0 MBR read error 0
11:42:13.552    Disk 0 MBR scan
11:42:13.562    Disk 0 unknown MBR code
11:42:13.562    MBR BIOS signature not found 0
11:42:13.562    Service scanning
11:42:13.982    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:42:14.522    Modules scanning
11:42:14.522    Disk 0 trace - called modules:
11:42:14.542    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006649334]<<
11:42:14.542    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006636060]
11:42:14.552    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006351050]
11:42:14.552    \Driver\iaStor[0xfffffa80062c5af0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006649334
11:42:16.672    AVAST engine scan C:\Windows
11:42:52.622    AVAST engine scan C:\Windows\system32
11:43:02.622    AVAST engine scan C:\Windows\system32\drivers
11:43:12.622    AVAST engine scan C:\Users\David Crawford
11:43:22.622    AVAST engine scan C:\ProgramData
11:43:22.622    Scan finished successfully
11:47:21.476    Disk 0 MBR has been saved successfully to "C:\Users\David Crawford\Desktop\MBR.dat"
11:47:21.482    The log file has been saved successfully to "C:\Users\David Crawford\Desktop\aswMBR.txt"

I havent clicked fix yetWe need to fix the infection found with aswMBR now

  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click Fix to remove the infection as illustrated below


  • Once the scan finishes click Save log to save the log to your Desktop



  • Copy and paste the contents of aswMBR.txt back here for review
Quote
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-01 11:40:33
-----------------------------
11:40:33.032    OS Version: Windows x64 6.1.7600
11:40:33.032    Number of processors: 8 586 0x1A05
11:40:33.032    ComputerName: DAVE  UserName:
11:40:35.032    Initialize success
11:41:51.612    AVAST engine defs: 11110102
11:42:13.542    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:42:13.552    Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 3
11:42:13.552    Disk 0 MBR read error 0
11:42:13.552    Disk 0 MBR scan
11:42:13.562    Disk 0 unknown MBR code
11:42:13.562    MBR BIOS signature not found 0
11:42:13.562    Service scanning
11:42:13.982    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
11:42:14.522    Modules scanning
11:42:14.522    Disk 0 trace - called modules:
11:42:14.542    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006649334]<<
11:42:14.542    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006636060]
11:42:14.552    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006351050]
11:42:14.552    \Driver\iaStor[0xfffffa80062c5af0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006649334
11:42:16.672    AVAST engine scan C:\Windows
11:42:52.622    AVAST engine scan C:\Windows\system32
11:43:02.622    AVAST engine scan C:\Windows\system32\drivers
11:43:12.622    AVAST engine scan C:\Users\David Crawford
11:43:22.622    AVAST engine scan C:\ProgramData
11:43:22.622    Scan finished successfully
11:47:21.476    Disk 0 MBR has been saved successfully to "C:\Users\David Crawford\Desktop\MBR.dat"
11:47:21.482    The log file has been saved successfully to "C:\Users\David Crawford\Desktop\aswMBR.txt"
14:09:23.186    Disk 0 MBR fix error
14:10:04.942    Disk 0 MBR has been saved successfully to "C:\Users\David Crawford\Desktop\MBR.dat"
14:10:04.947    The log file has been saved successfully to "C:\Users\David Crawford\Desktop\aswMBR.txt"

I assume that isnt supposed to happen.


Discussion

No Comment Found

Related InterviewSolutions