Solved Web browser redirect virus

[rakshas]

Hi, I recently acquired a virus that is redirecting me to random websites when I click links in a search browser. Here are the logs from the 7-step Preliminary Removal Instructions. ((GMER ran successfully and performed the scan, but when I saved the log the text document came up empty)).

-------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7001

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/2/2011 12:14:42 AM
mbam-log-2011-07-02 (00-14-42).txt

Scan type: Quick scan
Objects scanned: 166459
Time elapsed: 2 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2638D8C2-0862-D3B2-45DA-0C90E8A4D503} (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2638D8C2-0862-D3B2-45DA-0C90E8A4D503} (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2638D8C2-0862-D3B2-45DA-0C90E8A4D503} (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent.H) -> Bad: (C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\api-ms-win-core-errorhandling-l1-1-032.dll (Trojan.Agent.H) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------

GMER - empty log

------------------------------------------------------------------------------------------------------

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Serion at 0:51:27 on 2011-07-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4534 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Users\Serion\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
C:\Program Files (x86)\Razer\Lachesis\OSD.exe
C:\Program Files (x86)\Razer\Lachesis\razertra.exe
C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
mWinlogon: Userinit=userinit.exe,
BHO: {0ef2d241-29f7-472b-875f-380d32ec35bd} - C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: 14e05b13: {2a085034-b999-6840-66fd-b392a352d024} - C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Serion\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [BitTorrent DNA] "C:\Users\Serion\Program Files (x86)\DNA\btdna.exe"
uRun: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
uRun: [Google Update] "C:\Users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
mRun: [TunePat] C:\Program Files (x86)\TunePat\TunePat.exe /silence
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all by FlashGet3 - C:\Users\Serion\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\Serion\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: pcaplsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{715F6A19-E702-470B-B120-A2B083D83B0D} : DhcpNameServer = 68.87.68.166 68.87.74.166 192.168.1.1
TCP: Interfaces\{715F6A19-E702-470B-B120-A2B083D83B0D}\44B62716D65627 : DhcpNameServer = 68.87.68.166 68.87.74.166 192.168.1.1
TCP: Interfaces\{E163C530-87DC-4100-A9D4-13DF661CF003} : DhcpNameServer = 68.87.68.166 68.87.74.166
C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: 14e05b13: {2A085034-B999-6840-66FD-B392A352D024} - C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.dll
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Serion\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
mRun-x64: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
mRun-x64: [TunePat] C:\Program Files (x86)\TunePat\TunePat.exe /silence
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&q=
FF - component: C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Serion\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Serion\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Users\Serion\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: XUL Cache: {0516d2fd-a840-48b1-afe3-981c3d4c4d19} - %profile%\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-1 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-1 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-1 366640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960]
R2 TSS_FSFILTER;Dynamic ED Controller;C:\Windows\SysWOW64\drivers\TSSFSFD.sys [2010-9-29 70168]
R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdxserv.exe [2009-5-22 33960]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
S3 DynamicEDController;Dynamic ED Controller;C:\Windows\SysWOW64\drivers\TSSFSFD.sys [2010-9-29 70168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2009-7-4 21200]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2011-07-02 03:16:48 -------- d-----w- C:\Users\Serion\AppData\Roaming\Malwarebytes
2011-07-02 03:16:45 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-02 03:16:44 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-02 03:16:41 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-02 03:16:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-01 15:39:44 -------- d-----w- C:\Users\Serion\AppData\Roaming\Avira
2011-07-01 15:36:41 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-07-01 15:36:41 -------- d-----w- C:\ProgramData\Avira
2011-07-01 15:36:41 -------- d-----w- C:\Program Files (x86)\Avira
2011-06-29 23:01:27 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4CE40FE-7B23-4136-AB38-0CF9BB18435B}\mpengine.dll
2011-06-29 14:37:54 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
2011-06-29 14:37:40 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
2011-06-29 14:37:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
2011-06-29 14:37:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
2011-06-29 14:37:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
2011-06-29 14:37:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
2011-06-29 14:37:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
2011-06-29 14:37:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
2011-06-29 14:37:09 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
2011-06-29 14:36:47 -------- d-----w- C:\Users\Serion\AppData\Local\Windows Live
2011-06-29 14:32:56 -------- d-----w- C:\Windows\System32\SPReview
2011-06-29 14:32:33 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-29 03:24:49 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-29 03:24:49 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-06-29 03:24:49 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-06-29 03:24:49 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-06-29 03:24:49 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-06-29 03:24:49 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-06-20 23:34:59 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2011-06-20 23:33:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-20 23:33:00 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-20 23:33:00 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-20 23:32:55 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-20 23:32:52 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-20 23:32:36 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-20 23:32:36 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-19 21:30:45 -------- d-----w- C:\Users\Serion\AppData\Local\SCE
2011-06-06 16:55:30 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 16:55:30 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-29 23:35:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-29 23:35:58 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 0:51:48.59 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/28/2010 3:18:20 PM
System Uptime: 7/2/2011 12:16:42 AM (0 hours ago)
.
Motherboard: EVGA | | 132-BL-E758
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 423 | 2653/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 335.566 GiB free.
D: is CDROM ()
F: is FIXED (FAT32) - 931 GiB total, 436.876 GiB free.
G: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP189: 6/29/2011 10:32:49 AM - Windows 7 Service Pack 1
RP191: 7/1/2011 11:27:26 AM - Windows Defender Checkpoint
RP192: 7/1/2011 11:04:53 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Advanced Windows Mail Recovery
Aion
AllToAVI v4 r5394
Amazon Kindle For PC v1.1
Apple Software Update
AVIcodec (remove only)
Avira AntiVir Personal - Free Antivirus
BitComet 1.10
Cosplay Fetish Academy v1.2
D3DX10
Diablo II
DirectShow .SHN FIlter
DivX Setup
DJ_AIO_06_F4500_SW_MIN
DNA
DriverAgent by eSupport.com
E.M. Total Video Player 1.31
Escape From Monkey Island
EVE Online (remove only)
EVEREST Ultimate Edition v5.02
Everlight
EverQuest
EVGA E-LEET
ffdshow v1.1.3516 [2010-07-25]
FINAL FANTASY XIV
FlashGet 3.7
Free MP3 WMA OGG Converter 8.1.2
FreeOnlineRadioPlayerRecorder Toolbar
FreeUndelete
Google Chrome
ImgBurn
Intel(R) Processor ID Utility
Java Auto Updater
Java(TM) 6 Update 10
Java(TM) 6 Update 22
JMB36X Raid Configurer
Junk Mail filter update
K-Lite Mega Codec Pack 1.67
Lightning Warrior Raidy
Lightning Warrior Raidy II v1.1s
Malwarebytes' Anti-Malware version 1.51.0.1200
MediaFeed
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.18)
MpcStar 3.9
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
NTFS Undelete v0.94
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
Oblivion mod manager 1.1.12
Pcsx2 0.9.6
Pirates Buster for e-Book/Application (Decoder for Eisys)
PixiePack Codec Pack
Play Wireless USB Adapter
Pretty Soldier Wars A.D. 2048
Proxifier version 2.8
QuickTime
RAR Password Cracker 4.12
Razer Lachesis
RIFT
Scan
ScummVM 0.13.1a
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SimpleOCR 3.1
SmoothPING Elite
Storm Codec
Tales of Monkey Island - Lair of the Leviathan
Tales of Monkey Island - Launch of the Screaming Narwhal
Tales of Monkey Island - Rise of the Pirate God
Tales of Monkey Island - The Siege of Spinner Cay
Tales of Monkey Island - The Trial and Execution of Guybrush Threepwood
The Secret of Monkey Island Special Edition
Toolbox
Unofficial Oblivion Patch v3.2.0
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.4
Vuze
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mail Recovery v.3.0.0
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
7/2/2011 12:17:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
7/2/2011 12:17:21 AM, Error: Service Control Manager [7000] - The TriSecurity System - Filter Driver service failed to start due to the following error: The system cannot find the file specified.
7/2/2011 12:17:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect.
7/2/2011 12:17:15 AM, Error: Service Control Manager [7000] - The lxdxCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2011 12:17:07 AM, Error: nvlddmkm [14] -
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
7/2/2011 12:16:44 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/2/2011 12:15:35 AM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
7/1/2011 11:39:00 AM, Error: Service Control Manager [7034] - The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).
7/1/2011 11:37:01 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
7/1/2011 11:06:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Windows Live Essentials 2011 (KB 2520039).
6/29/2011 7:45:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Windows Live Essentials 2011 (KB2434419).
6/29/2011 7:45:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2518867).
6/29/2011 7:45:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2535512).
6/29/2011 7:44:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/3528001172/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
6/29/2011 7:44:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
6/29/2011 7:01:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
6/29/2011 7:01:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2547666).
6/29/2011 6:59:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2545698).
6/26/2011 4:55:07 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E163C530-87DC-4100-A9D4-13DF661CF003}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

 

[Bobbye]

Welcome to TechSpot! I'll help with the malware- we have several things to do.

My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process.. Bit Comet
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
I noticr you have ProxyCap on the system. ProxyCap enables you to tunnel Internet applications through HTTP, SOCKS v4, and v5 proxy servers. Can you give me some idea of how you're using this protocol?
======================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==========================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

 

[rakshas]

I appreciate the assistance, here are the log reports you requested.

================================================================

I used ProxyCap about a year ago to reduce my ping for online gaming as at the time my ISP was at a bad location. Currently I do not use the program.

================================================================

ESETSCAN Log

C:\Users\Serion\AppData\Local\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Serion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Serion\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Serion\AppData\Local\Temp\plugtmp-16\plugin-yz_gzy.pdf PDF/Exploit.Pidief.PBK.Gen trojan
C:\Users\Serion\AppData\Local\Temp\plugtmp-35\plugin-50ccd9ce8ab.php probably a variant of Win32/Agent.KTAETJV trojan
C:\Users\Serion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\35d60d30-78d4777e Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar JS/Agent.NDB trojan
C:\Users\Serion\Downloads\Mp4PlayerSetup4.0.exe probably a variant of Win32/TrojanDownloader.Agent.KXBJNTQ trojan
F:\Installers\PopularScreensaversSetup2.3.50.22.ZRfox000.exe a variant of Win32/Toolbar.MyWebSearch.O application

================================================================

CombofixScan Log

ComboFix 11-07-02.03 - Serion 07/03/2011 3:00.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3467 [GMT -4:00]
Running from: c:\users\Serion\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Serion\AppData\Roaming\.#
c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}
c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest
c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar
c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\defaults\preferences\xulcache.js
c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\install.rdf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\sbcrreag.dll
c:\windows\SysWow64\wpcap.dll
F:\Autorun.inf
F:\install.exe
.
----- BITS: Possible infected sites -----
.
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
.
.
2011-07-03 07:06 . 2011-07-03 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-03 03:01 . 2011-07-03 03:01 -------- d-----w- c:\program files (x86)\ESET
2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live Writer
2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Roaming\Windows Live Writer
2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\users\Serion\AppData\Roaming\Malwarebytes
2011-07-02 03:16 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-02 03:16 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-02 03:06 . 2011-07-02 03:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-01 15:39 . 2011-07-01 15:39 -------- d-----w- c:\users\Serion\AppData\Roaming\Avira
2011-07-01 15:36 . 2011-07-02 03:11 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 15:36 . 2011-07-02 03:11 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\programdata\Avira
2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\program files (x86)\Avira
2011-06-29 23:01 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4CE40FE-7B23-4136-AB38-0CF9BB18435B}\mpengine.dll
2011-06-29 14:47 . 2011-06-29 14:47 -------- d-----w- c:\program files\Windows Live
2011-06-29 14:37 . 2011-06-29 14:37 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
2011-06-29 14:37 . 2011-06-29 14:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
2011-06-29 14:37 . 2011-06-29 14:37 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
2011-06-29 14:37 . 2011-06-29 14:37 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
2011-06-29 14:37 . 2011-06-29 14:37 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
2011-06-29 14:37 . 2011-06-29 14:37 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
2011-06-29 14:37 . 2011-06-29 14:37 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
2011-06-29 14:37 . 2011-06-29 14:37 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
2011-06-29 14:37 . 2011-06-29 14:37 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
2011-06-29 14:36 . 2011-07-02 05:07 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live
2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\SPReview
2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\EventProviders
2011-06-29 03:24 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 03:24 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 03:24 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 03:24 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 03:24 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-29 03:24 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-20 23:34 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-06-20 23:33 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-20 23:33 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-20 23:33 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-20 23:32 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-20 23:32 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-20 23:32 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-20 23:32 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Serion\AppData\Local\SCE
2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Public\Sony Online Entertainment
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 23:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-29 23:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-29 14:47 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-24 23:14 . 2009-10-02 15:48 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-22 22:15 . 2011-05-24 21:56 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 07:02 . 2011-05-11 16:32 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-19 05:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 16:32 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 16:32 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 05:04 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
2010-06-13 23:10 2734688 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Serion\Program Files (x86)\DNA\btdna.exe" [2009-11-12 323392]
"ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe" [2009-09-04 592384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"StormCodec_Helper"="c:\program files (x86)\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2008-02-28 33960]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\DRIVERS\tssflt.sys [x]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 DynamicEDController;Dynamic ED Controller;c:\windows\SysWOW64\drivers\TSSFSFD.SYS [2009-09-24 70168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2009-07-04 21200]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-06-10 232960]
S2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\SysWOW64\DRIVERS\TSSFSFD.SYS [2009-09-24 70168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001Core.job
- c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001UA.job
- c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: pcaplsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
FF - ProfilePath - c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0EF2D241-29F7-472B-875F-380D32EC35Bd} - c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll
BHO-{2A085034-B999-6840-66FD-B392A352D024} - c:\programdata\api-ms-win-core-errorhandling-l1-1-032.dll
Wow6432Node-HKLM-Run-TunePat - c:\program files (x86)\TunePat\TunePat.exe
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-03 03:08:14
ComboFix-quarantined-files.txt 2011-07-03 07:08
.
Pre-Run: 358,684,164,096 bytes free
Post-Run: 359,825,481,728 bytes free
.
- - End Of File - - 05DAD8A40FD5C935999F86B19B8FCF09

 

[Bobbye]

For Eset entries:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Users\Serion\AppData\Local\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js 
  C:\Users\Serion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Serion\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js 
  C:\Users\Serion\AppData\Local\Temp\plugtmp-16\plugin-yz_gzy.pdf 
  C:\Users\Serion\AppData\Local\Temp\plugtmp-35\plugin-50ccd9ce8ab.php 
  C:\Users\Serion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\35d60d30-78d4777e 
  C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest 
  C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar 
  C:\Users\Serion\Downloads\Mp4PlayerSetup4.0.exe 
  F:\Installers\PopularScreensaversSetup2.3.50.22.ZRfox000.exe 
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
====================================
Clear Java Cache:

1. . Click Start > Control Panel.
2. . Double-click the Java icon
   
   in the cControl Panel.
3. . Click Settings under Temporary Internet Files.
   http://www.java.com/en/img/download/5000020303.jpg[/b]
   There are three options on this window to clear the cache.(Version dependent)
   [o]. Delete Files
   [o]. View Applications
   [o]. View Applets
   [*]. Click OK on Delete Temporary Files window.
   Note: This deletes all the Downloaded Applications and Applets from the cache.
   [*]. Click OK on Temporary Files Settings window. [/list]
   ===================================
   [B]There are 2 deletions in Combofix that indicate you may be using an infected flash drive (Drive F) [/B].It will need to be disinfected as follows:
   [list]
   [*] Please download [url=http://www.pandasecurity.com/homeusers/downloads/usbvaccine/][b][color=blue]Panda USB Vaccine[/b][/color][/url](you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
   [*] Install and run it.
   [*] Plug in USB drive and click on Vaccinate USB and Vaccinate computer.[/list]
   ===================================
   Please handle the bove while I finish reviewing the Combofix log.

 

[Bobbye]

Please update Java to current v6u26. Java Updates Uninstall v6u19 and v6u22 in Add/Remove Programs as they are vulnerabilities for the system.

Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
==========================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [BitTorrent DNA] "C:\Users\Serion\Program Files (x86)\DNA\btdna.exe"
uRun: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
Extra::
File::
Firefox::
Firefox-: - Profile-  c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
Firefox-: - prefs.js- Browser.SearchURL
Firefox-: - prefs.js- keyword.URL - hxxp://www.google.com
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"=-
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{f999a48b-1950-4d81-9971-79018f807b4b}"=-
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
"ProxyCap"=-
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Advise remove all from Trusted zone:
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.co,
===================
If ProxyCap remains in Add/Remove Programs uninstall it. Use Windows Explorer to delete the program folder c:\progra~1\PROXYL~1\ProxyCap
===================
Check the Belkin router for firmware update.
==================
Open Firefox> Tools> Addons> Extensions: Remove the following Java entries:
v6u10, v6u14, v6u20, v6u22.
Note: You do not need to add a separate Java update to Firefox.

 

[rakshas]

Ok, a couple strange things happened when I ran combofix. The first: Combofix attempted to send a malware log to an online server, but failed as it was unavailable after the restart. The second: Some startup processes apparently were prevented when combofix finished up after the restart and I couldn't open any files due to a registry file missing (or something along those lines). Another restart repaired that issue. As I was able to get passed the second issue with a restart I was able to complete the rest of the steps, however I just wanted you to know.

======================================================================================

All processes killed
========== FILES ==========
C:\Users\Serion\AppData\Local\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js moved successfully.
C:\Users\Serion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Serion\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js moved successfully.
File/Folder C:\Users\Serion\AppData\Local\Temp\plugtmp-16\plugin-yz_gzy.pdf not found.
File/Folder C:\Users\Serion\AppData\Local\Temp\plugtmp-35\plugin-50ccd9ce8ab.php not found.
C:\Users\Serion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\35d60d30-78d4777e moved successfully.
File/Folder C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest not found.
File/Folder C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar not found.
C:\Users\Serion\Downloads\Mp4PlayerSetup4.0.exe moved successfully.
F:\Installers\PopularScreensaversSetup2.3.50.22.ZRfox000.exe moved successfully.
========== COMMANDS ==========

OTM

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Serion
->Temp folder emptied: 29436 bytes
->Temporary Internet Files folder emptied: 30300713 bytes
->Java cache emptied: 12465346 bytes
->FireFox cache emptied: 115803543 bytes
->Google Chrome cache emptied: 22582970 bytes
->Flash cache emptied: 289726 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9308 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 8215 bytes

Total Files Cleaned = 173.00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 07032011_210342

Files moved on Reboot...
C:\Users\Serion\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

==============================================================================

Java Cache cleared

==============================================================================

Panda USB Vaccine applied to computer and F drive

=============================================================================

Java updated to v6u26. I did not find v6u19 and v6u22 in programs, however I did remove the version 10.

===============================================================================

ComboFix 11-07-03.01 - Serion 07/03/2011 21:35:20.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4459 [GMT -4:00]
Running from: c:\users\Serion\Desktop\ComboFix.exe
Command switches used :: c:\users\Serion\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll"
"c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll"
"c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe"
"c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll"
"c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll"
"c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe"
"c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe"
"c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe"
"c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe
c:\program files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
c:\users\Serion\Program Files (x86)\DNA\btdna.exe
F:\AUTORUN.INF . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))
.
.
2011-07-04 01:41 . 2011-07-04 01:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-04 01:25 . 2011-07-04 01:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-04 01:20 . 2011-07-04 01:20 -------- d-----w- c:\programdata\Panda Security
2011-07-04 01:20 . 2011-07-04 01:20 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2011-07-04 01:03 . 2011-07-04 01:03 -------- d-----w- C:\_OTM
2011-07-03 03:01 . 2011-07-03 03:01 -------- d-----w- c:\program files (x86)\ESET
2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live Writer
2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Roaming\Windows Live Writer
2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\users\Serion\AppData\Roaming\Malwarebytes
2011-07-02 03:16 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\programdata\Malwarebytes
2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-02 03:16 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-02 03:06 . 2011-07-02 03:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-07-01 15:39 . 2011-07-01 15:39 -------- d-----w- c:\users\Serion\AppData\Roaming\Avira
2011-07-01 15:36 . 2011-07-02 03:11 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 15:36 . 2011-07-02 03:11 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\programdata\Avira
2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\program files (x86)\Avira
2011-06-29 23:01 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4CE40FE-7B23-4136-AB38-0CF9BB18435B}\mpengine.dll
2011-06-29 14:47 . 2011-06-29 14:47 -------- d-----w- c:\program files\Windows Live
2011-06-29 14:36 . 2011-07-04 01:19 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live
2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\SPReview
2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\EventProviders
2011-06-29 03:24 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 03:24 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 03:24 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 03:24 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 03:24 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-29 03:24 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-20 23:34 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2011-06-20 23:33 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-20 23:33 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-20 23:33 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-20 23:32 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-20 23:32 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-20 23:32 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-20 23:32 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Serion\AppData\Local\SCE
2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Public\Sony Online Entertainment
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 23:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-29 23:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-29 14:47 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-24 23:14 . 2009-10-02 15:48 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 08:52 . 2010-06-01 21:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-22 22:15 . 2011-05-24 21:56 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 07:02 . 2011-05-11 16:32 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-19 05:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 16:32 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 16:32 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 05:04 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-03_07.06.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-28 20:31 . 2011-07-04 01:45 19720 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-04 01:45 29226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-02-28 19:35 . 2011-07-02 05:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-28 19:35 . 2011-07-04 01:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-04 01:20 . 2011-07-04 01:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-28 19:35 . 2011-07-02 05:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-02 05:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-04 01:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-28 20:26 . 2011-07-02 04:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-28 20:26 . 2011-07-04 01:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-28 20:26 . 2011-07-02 04:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-28 20:26 . 2011-07-04 01:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-28 20:26 . 2011-07-02 04:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 20:26 . 2011-07-04 01:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-28 20:04 . 2011-07-03 07:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-28 20:04 . 2011-07-04 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-28 20:04 . 2011-07-03 07:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 20:04 . 2011-07-04 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 20:31 . 2011-07-04 01:45 7578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-172134962-541061724-3732962536-1001_UserData.bin
+ 2011-07-04 01:43 . 2011-07-04 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-02 04:17 . 2011-07-02 04:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-04 01:43 . 2011-07-04 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-02 04:17 . 2011-07-02 04:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-04 01:25 . 2011-05-04 08:52 157472 c:\windows\SysWOW64\javaws.exe
- 2010-10-16 03:41 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-07-04 01:25 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-07-04 01:25 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\java.exe
- 2010-10-16 03:41 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2011-07-02 04:22 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-04 01:10 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-04 01:10 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-02 04:22 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-07-04 01:41 293524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-07-02 04:15 293524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-04 01:04 . 2011-07-04 01:41 725776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-172134962-541061724-3732962536-1001-8192.dat
+ 2011-07-04 01:25 . 2011-07-04 01:25 207360 c:\windows\Installer\11e5d4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0EF2D241-29F7-472B-875F-380D32EC35Bd}]
c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2A085034-B999-6840-66FD-B392A352D024}]
c:\programdata\api-ms-win-core-errorhandling-l1-1-032.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
"StormCodec_Helper"="c:\program files (x86)\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2008-02-28 33960]
R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\DRIVERS\tssflt.sys [x]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 DynamicEDController;Dynamic ED Controller;c:\windows\SysWOW64\drivers\TSSFSFD.SYS [2009-09-24 70168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2009-07-04 21200]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-06-10 232960]
S2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\SysWOW64\DRIVERS\TSSFSFD.SYS [2009-09-24 70168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001Core.job
- c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
.
2011-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001UA.job
- c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: pcaplsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
FF - ProfilePath - c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BitTorrent DNA - c:\users\Serion\Program Files (x86)\DNA\btdna.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2011-07-03 21:48:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-04 01:48
ComboFix2.txt 2011-07-03 07:08
.
Pre-Run: 357,123,203,072 bytes free
Post-Run: 357,072,277,504 bytes free
.
- - End Of File - - 11E45B79C19BE36AF078177D9FDBB594

============================================================

Sites removed from Trusted zone.

==========================================================

ProxyCap had to be manually removed. After it was removed it prompted a restart. I could not find the program folder you directed me to (not by manually typing it in or looking in both program folders).

===========================================================

Hmmmm I'm not using a Belkin router right now, it's a cysco linksys. I think I may have used one in the past, however I don't think I am now....

===========================================================

Removed the java entries except v6u10 which was not present...I assume this is because i already removed it in the previous step with updating Java.

 

[Bobbye]

My mistake on checking for Belkin update. This entry in the Event Viewer was what I was mistakenly going by:
7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
The same error repeats for processor 0 through 7. Looks like this is one of the many unsolved mysteries as it was noted over a years ago and so far, no solution.

But here is the Belkin entry:
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]

When you stop using a program or app, don't just desert it- remove it. This one is still on Startup
==========================================
What is Drive F?

Please give me an update on how the system is doing.

 

[rakshas]

I admit I have a tendency to just let unused applications pile up . Drive F is an external hard drive, and the redirect issue seems to be resolved. I did some testing in IE and Firefox and no redirects occurred. As for the system itself, it's doing fine. I am beginning to think that, for malware, you are perhaps an angel of death :approve:.

 

[Bobbye]

You should be able to connect the Drive F and run the disinfection. This my be because it wasn't connected at the time you ran the program: F:\AUTORUN.INF . . . . Failed to delete

These 3 outdated Java versions are still on Firefox. So please follow the path I gave you an removed v6u14, v6u20, v6u22.
If you did this after you ran Combofix, that's why I still see them.
==================================
The system is clean. But if the external HD is connected and not run through Panda first, it could reinfect the system.
==================================
You can Remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
  [o] Click START> then RUN
  [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
• Download OTCleanIt by OldTimer and save it to your Desktop.
  [o] Double click OTCleanIt.exe.
  [o] Click the CleanUp! button.
  [o] If you are prompted to Reboot during the cleanup, select Yes.
  [o]The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  
• Set a new, clean Restore Point
  [o] Click on Start> right click on Computer> Properties
  [o] Select System Protection
  [o] Click on the Create button (near bottom)
  [o] Type a name for the Restore Point
  [o] Click on Create again to save the restore point.
  
• Deleting all but the most recent System Protection point in Windows 7
  [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
  [o] Click Disk Cleanup from there.
  
  
  
  [o] Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
  [o] Click the More Options tab
  
  
  
  [o] Click the Clean up under System Restore and Shadow Copies.
  [o] Click OK.
  [o] You will get a confirmation screen> Just click Delete.
  [o] Click OK on the Disk Cleanup Screen.
  [o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
========================================
Some tips to help keep you safe: All may not work on Win 7:
Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o] [o]Avast-Free Antivirus
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   [o] Temporary File Cleaner
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.

Peace

 

[rakshas]

I greatly appreciate the assistance . I did indeed remove those previous versions of java after I ran combofix. The computer has been running great and I haven't had any redirects. Cheers :grinthumb

 

[Bobbye]

You're welcome! Stay safe.